Adrian Johnson
TLDR:
France has requested a legal opinion on the pending cybersecurity certification for cloud services, delaying the deal among member states. The country is concerned about the impact on national security schemes, specifically its own SecNumCloud. The EU cybersecurity certification was set to be approved in April but may now be delayed until May or June.
Article Summary:
France has put a hold on the pending cybersecurity certification for cloud services in the EU, requesting a legal opinion on the impact it would have on national security schemes. The country has its own domestic security qualification, SecNumCloud, which is designed to ensure the robustness of cloud solutions. The EU scheme, known as EUCS, was set to be approved in April but may now be delayed until May or June as France seeks more information about the implications of adoption.
The European Cybersecurity Certification Group (ECCG) has been working on a voluntary certification scheme for cloud services for the past three years. This scheme would allow companies to demonstrate that certified ICT solutions offer the necessary level of cybersecurity protection for the EU market. However, France’s attempts to introduce sovereignty requirements in the text have faced resistance from other EU countries and industry players who see it as a protectionist move.
ENISA, the EU cybersecurity agency, published a new draft text to address the deadlock in negotiations, but France’s request for a legal opinion has put a temporary halt on the process. The decision on the EUCS certification could now be delayed until expert group meetings in May or June.
