A group of major European companies, including Orange, Telecom Italia, Capgemini, Airbus, EDF, and Deutsche Telekom, have reportedly denounced authorities' proposal to remove data sovereignty requirements from an upcoming cloud security certification scheme.
Published contents of a letter, signed by 18 companies, have criticized European Union (EU) politicians for proposing the removal of data storage and processing requirements from the most recent draft of a cybersecurity rating scheme for cloud services.
The letter called upon member-state politicians to reject the latest proposal, which will be discussed at a meeting next week.
The certification scheme will be voluntary, but it is intended to help authorities in member states make supplier decisions. It has been undergoing regulatory processes in the EU for several years.
In the letter, the companies argue that a requirement for data sovereignty included in an early version of the plan was necessary to mitigate the risk of unauthorized data access, citing concerns that information on European citizens could be accessed by foreign governments.
The latest proposal eliminated a contentious provision that would have compelled non-EU companies to establish a local partnership or engage a third party within an EU member state for data storage and processing in order to attain the highest certification level.
Additionally, the group contended in their letter that excluding sovereignty requirements would weaken the competitiveness of commercial offerings, including those developed by European entities, aimed at tackling this issue.
