Source: European Parliament
The importance of safeguarding the most sensitive European data is widely recognised. President-elect’s political guidelines[1] and mission letters to the new College echo the Commission’s intention to pave the way towards a more resilient, competitive and harmonised European digital market , including through the development of a single EU-wide cloud policy for public administrations.
The recent report titled ‘The future of European competitiveness’ further emphasises the need to continue these efforts[2].
The draft European Cybersecurity Certification Scheme for Cloud Services (EUCS) is being developed by the EU Agency for Cybersecurity (ENISA).
The EUCS aims to provide a coherent set of security requirements and conformity assessment methodologies thus addressing the current market fragmentation and lowering the financial barriers for cloud providers to offer secure cloud solutions across the EU.
This change will be particularly beneficial for small and medium-sized providers, the drivers of innovation.
The draft EUCS candidate scheme will be further discussed among the Member States’ experts in the European Cybersecurity Certification Group.
In accordance with Regulation (EU) 2019/881[3], once the draft scheme’s text has been stabilised, ENISA will transfer the candidate scheme to the Commission.
The Commission will then be responsible for preparing an implementing act based on the scheme. The adoption of this act will be controlled by the Member States through the comitology procedure defined in Regulation (EU) No 182/2011[4].
- [1] European Commission: von der Leyen, U., Political guidelines for the next European Commission 2024-2029 — Europe’s choice, 2024, https://commission.europa.eu/document/download/e6cd4328-673c-4e7a-8683-f63ffb2cf648_en?filename=Political%20Guidelines%202024-2029_EN.pdf
- [2] https://commission.europa.eu/topics/strengthening-european-competitiveness/eu-competitiveness-looking-ahead_en
- [3] OJ L 151, 7.6.2019, p. 15.
- [4] OJ L 55, 28.2.2011, p. 13-18.