EU’s Cybersecurity Draft Shifts Toward Hard Protectionism

Ayear ago, we cautioned that the EU Cybersecurity Certification Scheme for Cloud Services (EUCS) threatened to embed ill-conceived economic protectionism into the EU’s cybersecurity rules. And, indeed, the European Commission, which has made clear its commitment to pursue “digital sovereignty” for the European Union, can claim some preliminary successes on that front.

A recent draft of EUCS shows that the European Union Agency for Cybersecurity (ENISA) heeded the Commission’s call, contrary to ENISA’s own prior recommendations. Most notably, the draft would preclude entities outside the EU and those under foreign ownership or control from receiving  the highest level of cybersecurity certification.

Read the full piece here.