Latest news with #EUCS
Euronews
11-04-2025
- Business
- Euronews
EU Commission starts consultation on revision of cybersecurity rules
ADVERTISEMENT The European Commission on Friday started gathering input to help revise the bloc's cyber rules, which date back to 2019, in line with efforts to simplify existing rules. The review of the Cybersecurity Act (CSA) will focus on the mandate of the EU's cyber agency ENISA, as well as the European Cybersecurity Certification Framework, and addressing ICT supply chain security challenges, the Commission's statement said. Euronews reported last year that the Commission already began seeking feedback from industry and national governments on the functioning and scope of work of ENISA, in a bid to potentially modify the agency's mandate and financial support. The CSA gave ENISA – which has some 100 staff members – a mandate to oversee the implementation of EU-wide cybersecurity rules. But one of its tasks, drafting a voluntary cybersecurity certification for cloud services (EUCS), has not advanced significantly since 2019. Related EU cloud scheme needs more privacy safeguards, French watchdog says Cyber certification to remain on hold despite Polish effort The EUCS is intended to be used by companies to demonstrate that certified ICT solutions have the right level of cybersecurity protection for the EU market, but it turned into a political battle over sovereignty requirements. There have been calls to make the system mandatory under the new CSA. Henna Virkkunen, the EU Commissioner for technology, said that she will carry out a so-called Digital Fitness Check this year which will assess whether all existing tech rules are burdensome to companies, and identify areas for simplification. The consultation comes weeks after Virkkunen said that she wants member states to adopt 5G security rules to protect networks from cyber threats and risks. In 2020, member states agreed to apply restrictions for suppliers considered to be high risk – such as China's Huawei and ZTE – including necessary exclusions, following security concerns, but only a limited number of countries have taken concrete steps to ban the companies. Interested parties, including member state competent authorities, cybersecurity authorities, industry and trade associations can give feedback to the consultation until 20 June.
Reuters
28-02-2025
- Business
- Reuters
Industry groups urge quick adoption of EU cybersecurity label that favours Big Tech
BRUSSELS, Feb 28 (Reuters) - Twenty-three industry groups across Europe have urged EU tech chief Henna Virkkunnen to adopt a draft cybersecurity certification scheme (EUCS) for cloud services that was tweaked last year in favour of Amazon (AMZN.O), opens new tab, Alphabet's (GOOGL.O), opens new tab Google and Microsoft (MSFT.O), opens new tab. The call came amid signs that the European Commission may delay adopting or even scrap the proposal, which has gone through several changes since it was unveiled by EU cybersecurity agency ENISA in 2020. The labelling scheme aims to help governments and companies pick a secure and trusted vendor for their cloud computing needs. The global cloud computing industry generates billions of euros in yearly revenue. "We would like to respectfully urge your support for the swift adoption of the European Cybersecurity Certification Scheme for Cloud Services," the groups said in a joint letter dated February 11 to Virkkunnen seen by Reuters. They said the March 2024 draft"made good progress in balancing between robust security standards and the inclusive, open-market principles that are critical for the growth and resilience of Europe's digital economy". The groups said the 2024 changes - which included scrapping provisions requiring U.S. tech giants to set up a joint venture or cooperate with an EU-based company to store customer data in the bloc in exchange for the highest level of the cybersecurity label - allow the scheme to focus on technical criteria rather than political ones. Signatories to the letter include Allied for StartUps, the American Chamber of Commerce in Estonia, Finland, Italy, Romania and Spain, the Association of German Banks, Germany's Association of the Internet Industry and Italian startup group InnovUp. The Irish Business and Employers Confederation, Dutch group Nederland Digitaal and Portugal's Association for the Promotion and Development of the Information Society also signed the letter. The Commission confirmed receipt of the letter and said it would reply in due course.
Euronews
27-02-2025
- Business
- Euronews
EU cloud certification should mimic French scheme, says nationalist lawmaker
A pending cloud certification scheme - which European companies will use to demonstrate that their digital systems are adequately cybersecurity protected for the EU market - should reflect France's own similar scheme, according to a Parliament report on technology sovereignty drafted by a far-right French lawmaker. 'When it comes to sensitive data, a European cybersecurity criterion should be introduced that takes sovereignty into account,' according to the report, seen by Euronews, which was submitted at the initiative of MEP Sarah Knafo, who belongs to the Europe of Sovereign Nations (ESN) group. The current European Cybersecurity Certification Scheme for Cloud Services (EUCS) does not provide sufficient guarantees regarding the hosting of European sensitive data, according to Knafo. 'In order to ensure that the hosting provider is not subject to non-European legislation, the EUCS certification would have to align with the guarantees required by the French SecNumCloud certification regarding the criteria of 'immunity' of data from extraterritorial laws and company control,' the report says. EU-level discussions around the voluntary cybersecurity certification scheme descended into a political scrap over sovereignty requirements after the Commission asked the EU's cybersecurity agency Enisa to start working on EUCS in 2019. France has led resistance to the proposal and wants to be sure that it can continue to use SecNum Cloud after the adoption of EUCS. A decision on EUCS has been pending with no clear timeframe of when it could make further progress. Some believe that the Commission wants hold revising the EUCS process until the Cyber Security Act (CSA), the related piece of regulation under which the EUCS will fall, has been reviewed. The CSA, which entered into force in 2019, was up for a review last year, but this hasn't yet happened. Cordon sanitaire The report is now awaiting a committee decision, in the Parliament's Industry, Research and Energy (ITRE) committee, before it will be voted on in plenary, after the summer. It remains to be seen how the report will be received. Knafo's ESN group faces a 'cordon sanitaire' from the more mainstream political groups. Knafo cites six recommendations to tackle the issue of technological sovereignty, and to aim for a guarantee of the bloc's independence and security by protecting its strategic infrastructure and reducing dependence on non-European technology providers.
