The cloud computing sector in Europe is under considerable regulatory review at the moment, particularly around the proposed cybersecurity certification scheme (EUCS) for cloud services, which is a major topic of industry conversations.
Reuters has reported that this initiative has triggered discussions among stakeholders about how it might affect leading cloud service providers, as well as broader issues like data sovereignty and competitive dynamics in the market.
Recently, 26 industry associations throughout Europe expressed worries that the EUCS could unintentionally bias against leading companies like Amazon.com, Alphabet’s Google, and Microsoft. These organisations are pushing for an equitable approach to the certification scheme, highlighting the necessity of preserving fairness in the cloud services market.
The European Commission, alongside the EU cybersecurity agency ENISA and member states, are scheduled to meet soon to deliberate on the EUCS, which has been revised several times since its initial proposal by ENISA in 2020. The scheme aims to guide governments and corporations in choosing cloud vendors that are both secure and trustworthy, which is vital given the industry’s substantial income generation and anticipated continued rapid growth.
Current trends in cloud computing
Providing a snapshot of the current cloud computing landscape, the Flexera 2024 State of the Cloud Report reveals that 89% of organisations are now using a multicloud strategy, a slight uptick from 87% in 2023.
Furthermore, cloud spending continues to rise significantly, with nearly 29% of respondents allocating over $12 million annually to public cloud services, up from 24% in the previous year.
The cloud platform landscape is still dominated by AWS and Microsoft Azure, with 49% of those surveyed using AWS and 45% using Azure for substantial workloads. Google Cloud Platform trails with a 21% usage rate.
Among SMBs, there has been a remarkable year-over-year increase in the utilisation of public cloud services, with AWS increasing from 71% to 83%, Azure from 51% to 67%, and Google Cloud Platform from 28% to 45%.
Revisions to sovereignty requirements
The development of the EUCS has included major alterations, such as a March revision that did away with some sovereignty conditions found in earlier proposals. Originally, these conditions would have required American tech giants to engage in joint ventures or partnerships with European companies for data storage and processing within the EU to be eligible for the highest EU cybersecurity label.
Industry associations are pushing for a fair and inclusive EUCS that promotes the free flow of cloud services across Europe. In a collective letter to EU nations, they stated that such a framework would bolster their members’ expansion, align with Europe’s digital goals, and improve its resilience and security. The letter highlighted the need for access to a variety of resilient cloud technologies, customised to meet specific requirements, which would empower European companies to succeed in a competitive global environment.
The signatories to this position include prominent organisations such as the American Chamber of Commerce to the EU in various European countries, the European Payment Institutions Federation, and several national industry associations. These include the Czech Confederation of Industry, Denmark’s Dansk Industry, Germany’s Bundesverband deutscher Banken, the Digital Poland Association, Irish business lobby group IBEC, the Netherlands’ NL Digital, and the Spanish Start-up Association.
On the other hand, EU-based cloud providers such as Deutsche Telekom, Orange, and Airbus are pushing for stronger sovereignty provisions in the EUCS. They are primarily worried about the risk of non-EU governments accessing European data under their own legal systems. This stance underscores the ongoing conflict between safeguarding data privacy and fostering a competitive, open market for cloud services.
The ongoing discourse on the EUCS highlights the complex dynamics of cybersecurity, data sovereignty, and market competition within the rapidly developing cloud computing environment. With cloud computing becoming a cornerstone of modern business operations, the decisions regarding this certification are poised to influence businesses and data security extensively throughout Europe and beyond.
Moreover, the discussion around the EUCS reflects broader global trends in data governance and digital sovereignty. As countries and regions seek to protect their citizens’ data and maintain control over critical digital infrastructure, they must balance these concerns with the benefits of open markets and technological innovation.
As the European Commission, ENISA, and EU countries continue their deliberations on the EUCS, stakeholders across the industry will be closely monitoring developments. The final form of the certification scheme could significantly influence the competitive landscape of the European cloud market, as well as set precedents for similar regulations in other regions.
To sum up, the proposed EUCS and the debates it has sparked underscore the importance of careful and equitable regulation in the dynamic digital economy. As cloud computing continues to advance and revolutionise global business operations, finding the right balance between security, sovereignty, and open markets is key to promoting innovation and economic growth, as well as protecting the rights of European citizens and businesses.
Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with Cyber Security & Cloud Expo and Digital Transformation Week.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.
Tags: AWS, cloud, Cloud Security, cybersecurity, google cloud, Security