For some time the EU has been trying to figure out a label to award cloud service providers with strong cybersecurity to be used by governments and organizations within its borders.
However, establishing the exact requirements for cloud companies to qualify for this label has been a battle between robust regulations and ease of access.
Penetrating the bureaucracy
The label was first proposed back in 2020 by cybersecurity agency ENISA as a way to safeguard sensitive data once it is transferred beyond the borders of the EU. However, recent amendments may revoke legal protections for EU data leaving the bloc.
Originally the proposed label would require cloud service providers such as Google, Amazon and Microsoft to embark on a joint venture with an EU based company or build their own data center within the bloc’s borders, so that EU data could be handled within the borders of the EU. But the latest version of the draft has since scrapped this requirement.
Critics of the move have said that by not requiring cloud service providers to store and process the data within the EU, non-EU companies could use their own laws to access the data, therefore violating EU data protection.
The vote that has been pushed back to May involves deliberation by cybersecurity, cloud and data experts, before the draft label moves on to deliberation by EU members and a final stamp of approval from the European Commission.
Last year, the EU and US agreed on a data privacy pipeline that would allow businesses to transfer data between Europe and the US rather than the costly bureaucratic alternative of establishing data centers in the EU. The UK later piggy-backed off this pipeline for its own data privacy transfers following its departure from the European Union.
Via Reuters
More from TechRadar Pro
- These are the best cloud storage services and best cloud backups
- Security breaches are causing more damage than ever before
- Take a look at our guide to the best cloud hosting providers
