The
European Centre for International Political Economy (ECIPE)
report, which was commissioned by the Computer and
Communications Industry Association (CCIA), underscores growing
private concerns about the draft label plan among U.S. tech
giants, which have so far not made any public comment on it.
At issue is a provision in EU cybersecurity agency ENISA's
certification scheme (EUCS) that requires cloud services
providers to have their registered head office and global
headquarters in the EU and to operate cloud services and store
and process customer data in the 27-member bloc.
"I think the political intention is to squeeze out foreign
suppliers but it will of course have also ramifications for EU
businesses that are more or less relying on cloud computing
services," ECIPE Director Matthias Bauer told Reuters.
"Member states should now call on the cybersecurity agency and
also the European Commission to abandon politically motivated
EUCS immunity requirements," he added.
ENISA is waiting for an opinion from EU countries, a
spokesperson said and "will then finalise the scheme by taking
into utmost account this opinion and submit the final candidate
scheme to the European Commission".
The EU executive declined to comment on the ECIPE report.
"The scheme should be fully in line with EU law, as well as with
the EU's international commitments, including on trade," a
Commission spokesperson said.
ECIPE said the proposal could set a dangerous precedent for any
data-intensive sector, that could see the cybersecurity label
become mandatory for new technologies such as internet connected
devices in energy, healthcare and autonomous driving.
A ban could also trigger retaliatory measures by EU trading
partners, the think tank said.
(Reporting by Foo Yun Chee; Editing by Alexander Smith)
[© 2023 Thomson Reuters. All rights
reserved.]
This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content.
|
|