The European Union is proposing tougher cybersecurity labeling rules for non-European Union cloud service providers like Amazon, Google, and Microsoft. The rules would require these companies to obtain a cybersecurity label through a joint venture with an EU-based company while also requiring the companies to store and process all customer data in the EU and to comply with local laws.
The proposed rules (reported by Reuters) are part of the European Union’s efforts to protect its citizens’ data from foreign interference. The EU is concerned that non-EU cloud service providers could be used by foreign governments to spy on local citizens or to launch cyberattacks. These proposed rules are intended to make it more difficult for non-EU cloud service providers to access and process EU citizens’ data.
The proposed rules have been met with mixed reactions from the tech industry. Some companies have praised the rules, saying that they will help to improve cybersecurity and protect customer data. On the other hand, some have criticized the rules, saying that they are too burdensome and will make it more difficult for them to do business here.
The EU is expected to finalize the proposed rules later this year. Once the rules are finalized, they will be implemented over a period of several years.
These proposed rules could have a significant impact on the tech industry. In theory, they make it more difficult for non-EU cloud service providers to do business in the EU while also driving up the cost of cloud services. The rules could also lead to fragmentation of the cloud market, as each country in the bloc has “full discretion” to implement the rules differently.
The EU’s proposed cybersecurity labeling rules are a significant development for the tech industry. The rules could have a major impact on the way that cloud services are provided here, and it remains to be seen how the rules will be implemented and what their actual impact will be once countries decide how much of the rules they will implement themselves.