Industry concerned over the EU Cybersecurity Certification Scheme for Cloud Services

May 24

AmCham EU along with twelve other industry associations representing both cloud customers and cloud vendors operating across the European Digital Single Market call on Member States, EU institutions, and the European Union Agency for Cybersecurity (ENISA) to firmly reject the proposed sovereignty requirements in the EU Cloud Services Certification (EUCS) and, rather, swiftly adopt of a workable and non-discriminatory EUCS, as sovereignty restrictions are politically motivated and do not add value to cybersecurity of cloud services in the EU. 
For well over a year, many European and international associations, industry actors and Member States have publicly expressed their concerns about the lack of progress with the examination of restrictive sovereignty requirements in the EUCS. Additionally, several Member States have also proposed alternative options to end the stalemate, such as a European evaluation mechanism based on trustworthiness for non-EU cloud providers. As a basis for discussion, our associations have outlined several concerns about the EUCS, including: 

  • Limited transparency and lack of stakeholder engagement;
  • Inclusion of ‘digital sovereignty’ requirements;
  • Conflicting Member States’ views;
  • Legal confusion and uncertainty caused by the interplay with other EU legislation; and
  • Compliance with a World Trade Organisation (WTO) rules

The joint industry statement is available HERE

< Back to News


Eversheds Sutherland Bitans


Membership is an attestation that we belong to the modern Latvian business community.

Dace Silava-Tomsone, Managing Partner, COBALT

We re-affirm our commitment to the values that AmCham stands for and that we share.

Kārlis Danēvičs, Board member, Head of Credits and Risk at SEB Banka