Vote on EU cybersecurity label delayed to May, sources say

FILE PHOTO: European Union flags fly outside the European Commission headquarters in Brussels

By Foo Yun Chee

BRUSSELS (Reuters) - National cybersecurity experts have shelved a vote on a draft EU cybersecurity label allowing Amazon, Alphabet's Google and Microsoft to bid for highly sensitive EU cloud computing contracts to May, people familiar with the matter said on Tuesday.

The European Union wants to introduce a cybersecurity certification scheme (EUCS) to vouch for the cybersecurity of cloud services and help governments and companies pick a secure and trusted vendor for their cloud computing business.

However, disagreements on whether strict requirements should be imposed on Big Tech to qualify for the highest level of the EU cybersecurity label has hampered efforts.

The experts which met on Monday and Tuesday in Brussels, did not vote on the latest draft of the scheme proposed by EU cybersecurity agency ENISA in 2020 and tweaked by Belgium which currently holds the rotating EU presidency, the people said.

After the experts' vote, the next step is an opinion from EU countries and the final decision by the European Commission.

The latest version scrapped so-called sovereignty requirements from a previous proposal, which obliged U.S. tech giants to set up a joint venture or cooperate with an EU-based company to store and process customer data in the bloc in order to qualify for the highest level of the EU cybersecurity label.

While Big Tech welcomed dropping the requirements, EU cloud vendors and businesses such as Deutsche Telekom, Orange and Airbus criticised the move, and warned of the risk of unlawful data access by non-EU governments on the basis of their laws.

(Reporting by Foo Yun Chee; Editing by Angus MacSwan)