Study funded by tech industry raises concerns over exclusion of non-EU cloud vendors

According to a study commissioned by the Computer and Communications Industry Association (CCIA), a proposed European Union cloud security label that could exclude non-EU cloud services providers such as Amazon, Google, and Microsoft is discriminatory and could lead to retaliatory measures. The study was conducted by the European Centre for International Political Economy (ECIPE) and highlights growing private concerns about the draft label plan among U.S. tech giants.

The certification scheme, known as EUCS, requires cloud services providers to have their registered head office and global headquarters in the EU and to operate cloud services and store and process customer data in the 27-member bloc. ECIPE Director Matthias Bauer believes the political intention is to squeeze out foreign suppliers, but he also warns that it could impact EU businesses that rely on cloud computing services. The proposal could set a dangerous precedent for any data-intensive sector and trigger retaliatory measures by EU trading partners. ENISA is waiting for an opinion from EU countries before finalizing the scheme and submitting it to the European Commission.

The Commission declined to comment on the ECIPE report but stated that the scheme should be fully in line with EU law and the EU’s international commitments, including on trade.