Industry groups called for a European Union (EU) cloud security certification scheme currently being thrashed out by politicians to not discriminate against services provided by large technology companies based outside of the region.

In an open letter, 26 EU-based business groups backed a draft of the European Cybersecurity Certification Scheme for Cloud Services (EUCS) outlined in March, which omitted certain data sovereignty requirements and drew the ire of several local players operating in the sector.  

The group of 26 also called for the swift adoption of the scheme, which has undergone a number of changes since the EU Agency for Cybersecurity (ENISA) published its initial draft in late 2020.

Organisations signing the letter include the American Chamber of Commerce to the EU; Dansk Industry; Dutch organisation NLDigital; the Association for Electronics, IT, Telecommunications and Digital Content in Spain; and the European Payment Institutions Federation.

Publishing the open letter, signatory the Confederation of Industry of the Czech Republic added the group wished to “further emphasise…that the EUCS should not discriminate against large technology companies such as Amazon, Google and Microsoft, but promote a competitive environment and innovation”.

In the document the group noted it considered the draft proposal “to be the most balanced version that has been discussed over the past three years. Therefore, we advocate for its adoption and urge European governments to conclude the debate over EUCS and finalise the scheme’s adoption process without further delay”.

“It is crucial that any future certifications developed under the European Cybersecurity Act, or similarly widely accepted specifications or standards, are non-discriminatory, technically feasible, and future-proof to sustain the growth and resilience of Europe’s digital economy”.

EUCS is a voluntary scheme designed to aid organisations in the economic area when selecting suppliers of cloud services.