The EU on Wednesday revised its draft cybersecurity labeling rules, potentially making it easier for tech giants like Amazon, Google, and Microsoft to bid for EU cloud computing contracts.

This revision comes after the scrapping of a requirement that vendors must be independent of non-EU laws, as revealed by a document seen by Reuters.

The EU has been grappling with the establishment of a cybersecurity certification scheme (EUCS) aimed at ensuring the cybersecurity of cloud services.

The scheme is designed to aid EU governments and businesses in selecting secure and trusted vendors for their cloud computing needs.

This shift in the draft rules comes at a time when major tech companies are eyeing the government cloud market for growth opportunities.

However, concerns within the EU persist regarding illegal state surveillance, while some member states worry about the dominance of US cloud providers potentially hindering EU competitors.

Related News

Microsoft faces UK lawsuit over cloud computing licences

Israeli military using cloud services from tech giants in war on Gaza

Read more: EU probes Apple, Google, Meta under new digital law

Previously, a draft requirement mandated that US tech giants establish a joint venture with an EU-based company and store and process customer data within the EU to qualify for the cybersecurity label.

However, this sovereignty requirement faced criticism from various sectors, including European banks, insurance groups, and startups, who argued for a focus on technical provisions over political obligations.

The updated draft, dated March 22, notably removes these sovereignty requirements.

Instead, cloud vendors are now only obligated to provide information concerning the location of data storage and processing, as well as applicable laws.

Currently, EU member states are reviewing the revised draft. Once finalized, the European Commission will adopt the final scheme. 

Read more: EU to impose $538 million fine on Apple for music streaming violation