EU regulations may impose stricter limitations on cloud service providers from outside the EU

It is likely that several cloud service providers (CSPs) from outside the European Union (EU), including Microsoft, Google, and Amazon, would face considerable difficulties in European nations. The EU is presently working on a new regulation that will make it necessary for these CSPs to work with EU companies if they want to handle sensitive data within the European continent. As a result, they will have to create business alliances and legal contracts with organizations established in the EU. The major goal of this regulation is to strengthen EU control and protection of sensitive data.

To obtain an EU cyber security label for handling sensitive data, cloud service providers (CSPs) must form a partnership where a European company holds a majority stake, in collaboration with a non-European cloud provider. This joint venture arrangement is a requirement for CSPs seeking to handle sensitive data and receive the EU cyber security label.

As reported by Reuters, other major limitations are also there in the draft document. Personnel with access to sensitive data should reside in the EU and be qualified for this position after passing a screening procedure. The cloud services holding this data should also be managed and administered from inside the EU, and any data processing should also take place within this region. In addition, serious penalties will be imposed on a CSP in the event that a data breach compromises intellectual property, human health, or public safety.

The intention, as stated in another passage from the text, is to reduce any possible impact of non-EU organizations on EU laws, conventions, and values. To do this, only organizations with legal presence in the European Union (EU) are permitted to run certified cloud services, preventing any person or group from exercising real influence over the cloud service provider (CSP).

Additionally, a CSP must not be directly, indirectly, solely, or jointly controlled by companies whose registered head office or headquarters are situated outside of an EU member state in order to be qualified for certification.

If the proposed rule becomes law, both non-European cloud service providers (CSPs) and their European clients will be significantly impacted. To comply with the new regulations, both parties must make sure that the cloud services they use bear the EU cyber security badge.

Considering that in order to continue functioning, firms will need to acquire the appropriate certification for cyber security, organizations that already use platforms like Azure from Microsoft, Amazon Web Services (AWS), and Google Cloud Platform, or GCP, for managing sensitive data may be particularly impacted by this need.


Read next: Google Takes Responsibility with AI, Panics at Competitors
Previous Post Next Post