Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Craig Hale

EU says foreign cloud providers will no longer need a local joint venture to qualify for its cybersecurity label

A person tapping a smartphone with a cloud on the screen.

The EU has dropped its sovereignty requirements for the cybersecurity certification scheme.

The changes would make it easier for non-EU companies, including tech giants like Amazon, Google, and Microsoft, to bid for EU cloud computing contracts, despite them each being subjected to antitrust investigations over various matters across Europe, the UK and the US in recent months.

Now, draft cybersecurity labelling rules look to have dropped the requirement that vendors are independent from non-EU laws, Reuters reports.

EU cloud computing change

The scheme aimed at assisting governments and companies within the Union in selecting secure and trustworthy vendors for their operations. Companies headquartered outside the EU had already started initiating joint ventures within the EU to circumvent the restriction.

The move comes as tech giants shift their interest toward lucrative government deals, however the EU remains concerned about potentially illegal surveillance and many countries continue to worry that the dominance of US cloud companies could hinder emerging EU competitors. In fact, that’s been the subject of a major antitrust case on the continent in recent months, particularly involving Microsoft.

Previously, the draft required US tech giants to establish a joint venture with an EU-based entity and process customer data within the EU to qualify for the all-important cybersecurity label. It’s unclear precisely why this has been ditched, however financial institutions, insurance groups and startups reportedly argued for technical provisions over political obligations, indicating that the draft had been a limiting factor in their cloud computing abilities.

With the most recent change, dated March 22, cloud vendors are now only required to disclose information about the location of data storage and processing.

TechRadar Pro has asked the European Commission to confirm the report, but we did not receive an immediate response. Any update will be posted here.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.