EUCS and the Future of Cloud Certification: Bridging Technical and Legal Gaps in the CSA

EUCS and the Future of Cloud Certification: Bridging Technical and Legal Gaps in the CSA

The European Union Cybersecurity Certification Scheme for Cloud Services (EUCS) represents a critical step toward establishing digital sovereignty, trust, and resilience across Europe. However, the current version of the Cybersecurity Act (CSA) lacks several essential provisions needed to enable a robust EUCS scheme—particularly the inclusion of the so-called “High+” assurance level.
The ongoing revision of the CSA offers a timely opportunity to broaden the scope of the European Cybersecurity Certification Framework by integrating elements necessary to address an evolving and complex cybersecurity risk landscape. In particular, the CSA must allow certification schemes to incorporate non-technical requirements that are essential to a comprehensive cybersecurity approach.
Eurosmart therefore proposes targeted revisions to Article 54 of the CSA to ensure that the EUCS scheme is fit for purpose and fully aligned with European regulatory, strategic, and security priorities.

2025_06_19_Enhancing-the-Cybersecurity-Act-to-Finalise-a-Robust-EUCS-Scheme_Final