France has requested an opinion by the Council’s legal service on the pending cybersecurity certification for cloud services (EUCS), blocking a deal among the member states, a close source has told Euronews.
The country wants to know more about how adoption of the EUCS would impact the future of national schemes, according to the outcome of the European Cybersecurity Certification Group (ECCG).
France has its own domestic security qualification – SecNumCloud – developed by the French National Cybersecurity Agency (ANSSI), designed to ensure the robustness of cloud solutions with rising cyberattacks.
The EU scheme was set to be approved by April 15, after EU cybersecurity agency ENISA published a new draft text aiming to overcome a deadlock in negotiations. It could now be greenlighted at the earliest during expert group meetings in May or June.
Discussions have been ongoing for the past three years on a voluntary certification scheme for cloud services after the European Commission asked ENISA in 2019 to prepare such a scheme. This would allow companies to demonstrate that certified ICT solutions offer the right level of cybersecurity protection for the EU market.
The latest text proposed by ENISA had left out so-called sovereignty requirements. France previously attempted to introduce such requirements within the text designed to exclude non-EU cloud companies from qualifying for the highest security options. This proposal was strongly resisted by several EU countries and industry, who perceived it as a protectionist move.
Earlier this month (10 April), EU companies including aircraft manufacturer Airbus and telecom companies Orange and Deutsche Telekom called upon the 27 EU member states in an open letter to include sovereignty requirements in the proposal.
