EU cybersecurity label vote postponed

Disagreements over imposing strict requirements on big tech companies have caused the delay.
Flag by EU.

National cybersecurity experts have postponed a vote on a proposed EU cybersecurity label until May, according to sources familiar with the matter. The EU aims to implement a cybersecurity certification scheme (EUCS) to ensure the security of cloud services, aiding governments and businesses in selecting trustworthy vendors. This delay allows tech giants like Amazon, Google, and Microsoft to continue bidding for sensitive EU cloud computing contracts.

Disagreements have arisen over whether strict requirements should be imposed on major tech companies to qualify for the highest level of the EU cybersecurity label. These disagreements have stalled progress despite recent discussions among experts in Brussels. Holding the rotating EU presidency, Belgium has made adjustments to the draft, reflecting ongoing deliberations.

The most recent version of the draft has eliminated sovereignty requirements that previously mandated US tech giants to collaborate with EU-based companies to handle customer data in the bloc. While major tech firms have welcomed this change, it has drawn criticism from EU-based cloud vendors and businesses like Deutsche Telekom, Orange, and Airbus. They argue that removing these requirements poses a risk of unauthorised data access by non-EU governments under their respective laws.

Following the experts’ postponed vote, the next phase involves the EU countries providing input, with the European Commission making the final decision. The outcome of these discussions will significantly impact the landscape of cybersecurity regulations and the involvement of major tech players in the EU’s cloud computing sector.