The report by a Europe of Sovereign Nations lawmaker recommends different ways to improve the EU’s technology sovereignty.
A pending cloud certification scheme – which European companies will use to demonstrate that their digital systems are adequately cybersecurity protected for the EU market – should reflect France’s own similar scheme, according to a Parliament report on technology sovereignty drafted by a far-right French lawmaker.
“When it comes to sensitive data, a European cybersecurity criterion should be introduced that takes sovereignty into account,” according to the report, seen by Euronews, which was submitted at the initiative of MEP Sarah Knafo, who belongs to the Europe of Sovereign Nations (ESN) group.
The current European Cybersecurity Certification Scheme for Cloud Services (EUCS) does not provide sufficient guarantees regarding the hosting of European sensitive data, according to Knafo.
“In order to ensure that the hosting provider is not subject to non-European legislation, the EUCS certification would have to align with the guarantees required by the French SecNumCloud certification regarding the criteria of ‘immunity’ of data from extraterritorial laws and company control,” the report says.
EU-level discussions around the voluntary cybersecurity certification scheme descended into a political scrap over sovereignty requirements after the Commission asked the EU’s cybersecurity agency Enisa to start working on EUCS in 2019.
France has led resistance to the proposal and wants to be sure that it can continue to use SecNum Cloud after the adoption of EUCS.
A decision on EUCS has been pending with no clear timeframe of when it could make further progress. Some believe that the Commission wants hold revising the EUCS process until the Cyber Security Act (CSA), the related piece of regulation under which the EUCS will fall, has been reviewed.
The CSA, which entered into force in 2019, was up for a review last year, but this hasn’t yet happened.
Cordon sanitaire
The report is now awaiting a committee decision, in the Parliament’s Industry, Research and Energy (ITRE) committee, before it will be voted on in plenary, after the summer. It remains to be seen how the report will be received. Knafo’s ESN group faces a ‘cordon sanitaire’ from the more mainstream political groups.
Knafo cites six recommendations to tackle the issue of technological sovereignty, and to aim for a guarantee of the bloc’s independence and security by protecting its strategic infrastructure and reducing dependence on non-European technology providers.
These include a call to encourage more private investment in high-potential European technology companies by simplifying the regulatory framework and scrapping two regulations for every new set of rules created in strategic sectors.
