Newly-proposed cybersecurity rules could affect cloud banking services in the EU


According to new recommendations by the EU Union Agency for Cybersecurity (ENISA), collective cybersecurity across the 12 gold stars requires a regulatory overhaul. 

The body put forward a proposal for a new EU certification scheme (EUCS) that would widen the scope of cybersecurity regulatory oversight to better correlate to the push for cloud services by banks and big tech companies.

The draft predicts a total of four security levels for cloud operations, with the last two levels requiring all international corporations to set separate cloud service hubs within the EU if they want to continue operating on its territory. 

This would allow customer data to be stored and processed directly by Brussels in order to ensure that all cloud services remain compliant with EU regulations.

Still under review and pending approval by the European Commission, the draft was welcomed by the tech lobbying group CCIA as it could mean increased growth for the Union.

Alexandre Roure, Public Policy Director of CCIA Europe, commented: “Perhaps the most striking part of this new draft is that ENISA now suggests the requirements that discriminate against foreign cloud providers could also be extended to lower levels of assurance. That would include banks, but also airlines, utility companies, and heavily regulated sectors.”