EU Proposes Strict Rules for Non-EU Cloud Providers

Non-EU cloud providers looking to gain the EU's cybersecurity label for sensitive data may be in for a tough go....
EU Proposes Strict Rules for Non-EU Cloud Providers
Written by WebProNews

Non-EU cloud providers looking to gain the EU’s cybersecurity label for sensitive data may be in for a tough go.

According to a draft of new legislation seen by Reuters, the EU is preparing strict rules that non-EU cloud providers must meet in order to receive the coveted cybersecurity label.

The cloud providers will be required to partner with an EU-based company in order to qualify, and would only be eligible for a minority stake in the joint venture. All data handled by the venture would need to be stored in the EU, and EU data laws would take precedent over all others.

“Certified cloud services are operated only by companies based in the EU, with no entity from outside the EU having effective control over the CSP (cloud service provider), to mitigate the risk of non-EU interfering powers undermining EU regulations, norms and values,” the document said.

“Undertakings whose registered head office or headquarters are not established in a ember State of the EU shall not, directly or indirectly, solely or jointly, hold positive or negative effective control of the CSP applying for the certification of a cloud service,” it added.

As Reuters points out, US cloud providers are likely to balk at the new legislation, and it will likely have a significant impact on the market.

Get the WebProNews newsletter delivered to your inbox

Get the free daily newsletter read by decision makers

Subscribe
Advertise with Us

Ready to get started?

Get our media kit

Advertise with Us