BRUSSELS – Global tech trade association ITI – the Information Technology Industry Council and three other industry groups issued a joint statement calling for the exclusion of digital sovereignty requirements in the EU Cybersecurity Certification Scheme for Cloud Services (EUCS).

“As ENISA prepares to finalize the EUCS, we would like to express our concerns about several of its procedural and substantial elements,” they wrote in the statement. “In particular, the potential inclusion of unhelpful ‘digital sovereignty’ requirements risks negatively impacting both European organisations that provide cloud computing solutions and those that use them and require a high-level of cybersecurity assurance.”

The statement is signed by AmCham EU, CCIA Europe, BSA – The Software Alliance, and ITI and draws out six recommendations for EU policymakers and Member States representatives:

  • Provide more transparency in the decision-making process and promote reliance on consensus-based international standards
  • Remove politically motivated requirements
  • Exclude data localization requirements from the EUCS
  • Remove foreign corporate ownership structure limitations
  • Encourage customers to use the best solutions that reflect their operational needs by allowing different cloud service providers to get certified under the EUCS
  • Ensure alignment between Member States on the EUCS requirements

Read the full joint statement here.

Related [Cybersecurity]