Authorities in the European Union (EU) are considering a proposal that would require cloud service providers to store all their data within the block, reported Bloomberg.
The European Union Agency for Cybersecurity (ENISA) is drafting a new, more stringent measure to prevent foreign governments from meddling with EU data, the publication said, citing a draft proposal.
The new cybersecurity rules could require US cloud providers such as Amazon, Microsoft, and Alphabet to prevent the US government from accessing European cloud data.
Foreign companies would either have to operate an EU legal entity separate from the parent company, or partner with a European cloud company to comply with the norms and achieve the highest cybersecurity certification.
ENISA’s spokesperson declined to comment on a confidential document, the report said, adding that any proposal would need approval from representatives of EU countries.
The spokesperson added that the highest certification level aims to be restricted to a limited number of cases that demand increased security, such as applications for highly critical infrastructure.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below formBy GlobalData
A two-tiered “high” level cybersecurity rating is what ENISA is recommending.
Most US cloud service providers already fulfil the proposed “EL3” standard, which calls for a certain amount of data transparency.
With “EL4” accreditation, the data must be kept in the EU and cannot be accessed by foreign governments.
An Amazon Web Services (AWS) representative declined to comment on the development.
The request for comment from the representatives from Microsoft and Alphabet did not elicit a response.
The stricter standard may be used to choose firms to bid for government data storage contracts that involve sensitive information.