![\"\"](\"\/\/www.iser-br.com\/Themes\/Release\/images\/responsive\/ettelecom-default.jpg\")
BRUSSELS: Amazon<\/a>, Alphabet's Google<\/a>, Microsoft<\/a> and other non-European Union cloud service providers looking to secure an EU cybersecurity<\/a> label to handle sensitive data can only do so via a joint venture with an EU-based company, according to an EU draft document seen by Reuters.
U.S. tech giants and others involved in the joint venture can only have a minority stake, and employees that have access to EU data would have to undergo specific screening and have to be located in the 27-country bloc, the document said.
The document adds the cloud service must be operated and maintained from the EU, and all cloud service customer data stored and processed in the EU and that EU laws take precedence over non-EU laws regarding the cloud service provider.
The latest draft proposal from EU cybersecurity agency ENISA concerns an EU certification scheme (EUCS) that would vouch for the cybersecurity of cloud services and determine how governments and companies in the bloc select a vendor for their business. While the new provisions underscore EU concerns of interference from non-EU states, they are likely to spark criticism from U.S. tech giants worried about being shut out from the European market.
Big Tech is looking to the government cloud market to drive growth in the coming years while a potential boom in AI after the viral success of OpenAI's ChatGPT could also boost demand for cloud services.
\"Certified cloud services are operated only by companies based in the EU, with no entity from outside the EU having effective control over the CSP (cloud service provider), to mitigate the risk of non-EU interfering powers undermining EU regulations, norms and values,\" the document said.
\"Undertakings whose registered head office or headquarters are not established in a ember State of the EU shall not, directly or indirectly, solely or jointly, hold positive or negative effective control of the CSP applying for the certification of a cloud service,\" it said.
The document said the tougher rules will apply to personal and non-personal data of particular sensitivity where a breach may have a negative impact on public order, public safety, human life or health, or the protection of intellectual property.
The latest draft could fragment the EU single market as each country has full discretion to impose the requirements whenever it sees fit, an industry source said.
The U.S. Chamber of Commerce has previously said that the plan puts U.S. companies on an unequal footing. The EU says the moves are necessary to protect the bloc's data rights and privacy.
EU countries will review the draft later this month after which the European Commission will adopt a final scheme.
<\/body>","next_sibling":[{"msid":100116340,"title":"EU lawmakers warn of Hungary, Poland spyware abuses","entity_type":"ARTICLE","link":"\/news\/internet\/eu-lawmakers-warn-of-hungary-poland-spyware-abuses\/100116340","category_name":null,"category_name_seo":"internet"}],"related_content":[],"msid":100116399,"entity_type":"ARTICLE","title":"EU draft rules propose tougher cybersecurity labelling rules for Amazon, Google, Microsoft","synopsis":"The latest draft proposal from EU cybersecurity agency ENISA concerns an EU certification scheme (EUCS) that would vouch for the cybersecurity of cloud services and determine how governments and companies in the bloc select a vendor for their business. While the new provisions underscore EU concerns of interference from non-EU states, they are likely to spark criticism from U.S. tech giants worried about being shut out from the European market.","titleseo":"internet\/eu-draft-rules-propose-tougher-cybersecurity-labelling-rules-for-amazon-google-microsoft","status":"ACTIVE","authors":[],"analytics":{"comments":0,"views":101,"shares":0,"engagementtimems":467000},"Alttitle":{"minfo":""},"artag":"Reuters","artdate":"2023-05-10 07:49:51","lastupd":"2023-05-10 07:51:48","breadcrumbTags":["Google","cybersecurity","Amazon","Microsoft","European Union","cybersecurity news","cybersecurity labelling","Alphabet Inc"],"secinfo":{"seolocation":"internet\/eu-draft-rules-propose-tougher-cybersecurity-labelling-rules-for-amazon-google-microsoft"}}" data-authors="[" "]" data-category-name="Internet" data-category_id="17" data-date="2023-05-10" data-index="article_1">
- 互联网
- 2分钟阅读
欧盟草案提出更严格的网络安全标签规则亚马逊、谷歌、微软
来自欧盟的最新草案网络安全机构ENISA担忧欧盟认证计划(euc),保证网络安全云服务和确定政府和企业集团选择一个供应商为他们的业务。而新规定强调欧盟干涉来自非欧盟国家的关切,它们可能会引发批评美国科技巨头从欧洲市场担心被拒之门外。
读到
布鲁塞尔:亚马逊字母的谷歌,微软云服务提供商和其他非欧盟寻求安全的欧盟网络安全标签处理敏感数据只能通过合资企业这么做的欧洲公司,根据欧盟草案被路透社记者。
美国科技巨头和其他参与合资企业只能有少数股权,和员工获得欧盟数据必须经过特定的筛查和位于在这个27国集团,文档表示。
文档添加了云服务必须从欧盟、运营和维护,所有云服务客户数据存储和处理在欧盟和欧盟法律优先于非欧盟法律对于云服务提供商。
来自欧盟的最新草案网络安全机构ENISA担忧欧盟认证计划(euc),保证网络安全云服务和确定政府和企业集团选择一个供应商为他们的业务。而新规定强调欧盟干涉来自非欧盟国家的关切,它们可能会引发批评美国科技巨头从欧洲市场担心被拒之门外。
大型科技希望政府云市场在未来几年推动增长,而潜在的繁荣在AI病毒OpenAI ChatGPT的成功也可以提高对云服务的需求。
“认证的云服务操作只能由公司总部位于欧盟,欧盟以外的任何单位有有效的控制CSP(云服务提供商),以减轻风险的非欧盟干涉权力破坏欧盟法规,规范和价值观,“文档表示。
“事业的注册总部或总部不是建立在灰烬的欧盟不得直接或间接地,单独或共同持有积极或消极的有效控制的CSP申请认证的云服务,”它说。
文档表示,更严格的规则将适用于个人和非个人数据的特殊敏感性,违反可能对公共秩序产生负面影响,公共安全、人类生命或者健康,保护知识产权。
最新的草案可能片段欧盟单一市场因为每个国家都拥有完全的自由裁量权实施的要求只要它认为合适的,一位业内人士说。
美国商会(U.S. Chamber of Commerce)此前曾表示,计划让美国公司在一个不平等的地位。欧盟说,行动是必要的,以保护欧盟的权利和隐私数据。
欧盟国家本月晚些时候将审查草案之后,欧盟委员会将采取最后的方案。
评论
现在评论 阅读评论(1)所有评论
找到这个评论进攻?
下面选择你的理由并单击submit按钮。这将提醒我们的版主采取行动