Strengthening Cloud Security and Safeguarding Digital Autonomy: Eurosmart's Perspective on the European Union Cybersecurity Scheme for Cloud Services (EUCS)

Introduction

Eurosmart, the leading association representing the digital security sector in Europe, warmly welcomes the ongoing efforts to define the European Union Cybersecurity Scheme for Cloud Services (EUCS). This scheme is a crucial step towards bolstering Europe’s defenses against evolving cyber threats and enhancing the trust and security in digital technologies.

Key highlights

1. Milestone for Resilience and Trust:

• The EUCS scheme is a significant milestone in strengthening Europe’s resilience against cyber threats.
• It enhances trust and security in digital technologies, ensuring a safer digital environment.

2. Protection Against Extraterritorial Laws:

• Beyond technical requirements, Eurosmart emphasizes the importance of shielding sensitive services from the extraterritorial laws of non-EU countries.
• A European cybersecurity certification should safeguard the integrity of sensitive and strategic data for European businesses.
• Ensuring personal data processing aligns with European values and fundamental rights is paramount for maintaining digital strategic autonomy.

3. Concerns Over the Latest EUCS Version:

• Eurosmart expresses regret that the latest version of the EUCS under consideration no longer guarantees a high level of security and protection against non-European extraterritorial legislations simultaneously.
• The industry calls on the European Commission and Member States to take decisive actions to ensure the protection of cloud services by reinstating the original proposal for "High+" requirements.

Call to Action

1. Reinstating "High+" Requirements:

• Eurosmart urges the reinstatement of transparent and harmonized criteria at the highest assurance level of the EUCS scheme, previously introduced as "High+" requirements.
• Establishing "immunity requirements" at the EU level is essential to protect the most sensitive European data from risks associated with cloud storage and computing beyond the EU’s legislative control.

2. Benefits for Cloud Service Providers and Users:

• The “High+” level would significantly limit critical risks such as disruptions (e.g., interruptions of international data links) and unlawful access through extraterritorial regulations or ambiguous cryptography rules for data in transit and at rest. 

Conclusion

The EUCS scheme, with robust "High+" requirements, is vital for securing Europe’s digital future. Eurosmart's call to action aims to ensure that cloud services in Europe are protected at the highest levels, aligning with European values and securing the digital autonomy of the region.