European Cybersecurity Certification Scheme for Cloud Services (EUCS)

The European Union Agency for Cybersecurity (ENISA) is currently drafting a Cybersecurity Certification Scheme for Cloud Services (EUCS).   

The EUCS would outline three levels of assurance, with these levels being ‘basic’, ‘substantial’ and ‘high’. In accordance with these levels, the security requirements on cloud services and their assessment would increase. Furthermore, as the 2019 EU Cybersecurity Act outlines, the assurance level will be commensurate with the intended use of an ICT product, service or process, in relation to the probability and impact of an incident.  

ENISA is considering the inclusion of digital sovereignty provisions under the highest assurance level of the scheme which would affect cloud service providers operating in the European market. This could also impact businesses by limiting their choice to buy cloud services, increasing costs and reducing the quality of the offer.  

The EUCS candidate scheme is expected to be delivered to the European Commission this summer. In order for a candidate scheme, drafted by ENISA to become effective, it must be integrated into an EU Implementing Act, published by the European Commission, and adopted by all EU Member States. 

AmCham Ireland will be joining a briefing call with AmCham’s across Europe next week to discuss the topic and to consider a coordinated advocacy approach.   

If you would like to engage with AmCham on this topic, please reach out to Colm O’Callaghan, AmCham Manager of Public Affairs and Advocacy at c.ocallaghan@amcham.ie.