Belgium Attempts To Break The Impasse In Cybersecurity Certificates.
Only One Of The Three Certificates That Have Been Proposed Since 2019 Has Been Authorized; The Other Two Are Still Being Worked On.
According to a document prepared by the National center of cybersecurity and seen by Euronews, Belgium is attempting to resolve the political Impasse surrounding an EU cybersecurity certification program for cloud services by suggesting separating sovereignty from functional requirements. Foe the past three years, the European commission and the National EU Governments have been discussing the issue. In order for business to prove that the appropriate degree of cybersecurity protection for the EU market,the commission requested in December 2019 that the Bloc's cybersecurity agency ENISA create a voluntary cybersecurity certification scheme for cloud services ( EUCS ).
When France tried to include sovereignty requirements in the text to prevent non EU - Cloud providers from being eligible for the best security options, EUCS became the focus of a political discussion. No agreement has been reached as this proposal was fiercely opposed by a number of EU Nations and business, which saw it as a protectionist step. In March, the Next meeting of the EUCS expert group is anticipated.
In the first half of 2024, Belgium, which leads EU ministerial meetings, is now suggesting separating sovereignty assertions from functional requirements. Although their methods and status would differ, each would still be part of the plan. Only functional security criterial would be certified, according to the Nation, and sovereignty statements would only be expressed in international company profile attestation ( ICPA ), which is the highest certification level. This would permit a certain amount of EU - wide harmonization while preserving the 27 member states' freedom to apply their National Sovereignty requirements solely in the most delicate situations.
The Paper asserts that the proposed EUCS certificate system would "fully allow non - EU cloud providers to be certified on the highest level and have full access to the EU market, allowing competition in all tenders for which certification ' High ' could be made obligatory, without prejudice of potential additional National Sovereignty requirements for some entities." This strategy also " allow for a free market and tailored approach to a varying level of risk, depending on the potential geopolitical threat."