A group of major European companies including Orange, Telecom Italia, Capgemini, Airbus, EDF and Deutsche Telekom denounced a proposal by authorities to omit data sovereignty requirements from an upcoming cloud security certification scheme, Reuters reported.

The news website printed the contents of a letter signed by 18 companies slamming a move by European Union (EU) politicians to cull requirements around data storage and processing in the most recent draft of a cybersecurity rating scheme for cloud services.

It calls on politicians from member states to reject the latest proposal, which is set to be discussed during a meeting next week.

The certification scheme is set to be voluntary, but is intended to guide authorities in member states when making supplier decisions. It has already been going through the regulatory process at the EU for several years.

In the letter, the companies argue a requirement around data sovereignty contained in an early version of the plan was needed to mitigate the risk of unlawful data access, citing fears information on European citizens could be accessed by overseas governments.  

The divisive measure scrapped in the most recent proposal would have required companies based outside the EU to either set-up a local joint venture or use a third party based in a member state to store and process data to achieve a top rating.

In the letter, the group also argued omitting sovereignty requirements would undermine the viability of commercial products or those being developed by European players to address the issue.