A report by Sarah Knafo, a Member of the European Parliament (MEP) from the far-right Europe of Sovereign Nations (ESN) group, has called for the European Union to model its new cloud certification system after France’s SecNumCloud framework. Knafo’s recommendations, focused on strengthening the EU’s technological sovereignty, argue that the current European Cybersecurity Certification Scheme for Cloud Services (EUCS) fails to sufficiently protect sensitive data stored within the EU.
The proposed changes aim to ensure that cloud providers hosting data within the EU are not subject to foreign laws, particularly those outside the EU’s jurisdiction. Knafo emphasizes that the certification process should align with France’s SecNumCloud, which guarantees immunity from non-EU legislation and ensures that data remains secure from external influence.
According to Knafo, the existing EUCS does not provide enough safeguards to guarantee that sensitive European data remains protected from extraterritorial legal requirements. She advocates for a stronger cybersecurity framework, which would mirror France’s strict standards in terms of “immunity” from foreign legal interference.
Tensions Over EU Cloud Certification
EU discussions on cloud certification have sparked significant internal debate, particularly between France and other EU member states. France has expressed concerns that the EU’s proposed cybersecurity certification could undermine its ability to maintain the SecNumCloud certification. SecNumCloud is an essential certification for French cloud providers, offering stringent safeguards that protect sensitive data, particularly within government and defense sectors.
The European Commission has been working on the EUCS since 2019, but progress has been slow due to disagreements over how to balance the EU’s collective interest in data protection with the desire for greater digital integration across member states.
Challenges in Securing Technological Sovereignty
Knafo’s report extends beyond cloud certification and addresses broader issues surrounding the EU’s technological independence. She calls for reforms that would enable the EU to reduce its reliance on non-European technology providers, particularly in critical infrastructure sectors. The report advocates for increased private investment in European tech companies and urges the EU to simplify regulatory processes that currently stifle innovation and competitiveness.
To further safeguard its technological sovereignty, the report recommends that for every new regulation introduced in strategic sectors, the EU should remove two existing regulations. This move aims to ease regulatory burdens on European companies, encourage innovation, and boost the competitiveness of European firms on the global stage.
Pending Decisions and Uncertain Timelines
The EU Cybersecurity Act (CSA), which provides the legal framework for the EUCS, was last reviewed in 2019, but the Commission has yet to begin the process of its formal review. As a result, discussions around the future of EU cloud certification and cybersecurity remain stalled, with no clear timeline for progress.
Knafo’s report will now be reviewed by the Parliament’s Industry, Research, and Energy (ITRE) Committee, where it is expected to undergo further scrutiny before a full vote in Parliament later this year. The report’s future is uncertain, as Knafo’s far-right ESN group faces resistance from mainstream political parties within the EU.
Impact on EU Cloud Certification and Data Security
The debate surrounding EU cloud certification is a critical issue for European data security and sovereignty. By advocating for a stronger, France-inspired certification process, Knafo aims to ensure that the EU retains control over its digital infrastructure and is not overly dependent on foreign tech companies.
As the EU continues to negotiate its cybersecurity policies and certification frameworks, Knafo’s report serves as a reminder of the importance of establishing clear, robust, and sovereign digital standards that prioritize the security of European citizens’ data.