The Zhitong Finance App learned that Deutsche Telekom (Deutsche Telekom),$Orange SA (ORAN.US)$, Airbus and 15 other EU companies criticized a permit$Amazon (AMZN.US)$,$Alphabet-A (GOOGL.US)$Parent company Alphabet and$Microsoft (MSFT.US)$Participate in the bid for the EU's highly sensitive cloud computing contract.

The draft plan proposed by Belgium involves a certification scheme (EUCS), which aims to prove the cybersecurity of cloud services and help EU governments and companies select a secure and trustworthy business vendor. The proposal removes the so-called “sovereignty requirements” from the earlier draft. The original requirements stipulated that US tech giants must establish joint ventures or cooperate with local EU companies to store and process customer data in the EU in order to obtain the highest level of certification for the EU cybersecurity label.

Belgium seeks to break the EU cloud service certification impasse

According to information, in order to break the political impasse over this certification scheme, Belgium proposed separating sovereignty requirements from functional requirements. The purpose of this proposal is to resolve the dispute that France is trying to introduce sovereignty requirements into the certification text. The latter is intended to exclude non-EU cloud service companies from being eligible for the highest security option. The proposal was strongly opposed by several EU countries and industry, and viewed as protectionist action.

According to the Belgian proposal, only functional safety requirements will actually be certified, and the sovereignty statement will be indicated in the International Company Information Statement (ICPA), which applies only to the highest level of certification. This would achieve a degree of coordination at the EU level, while retaining the options of the 27 member states to implement their own national sovereignty requirements, particularly for the most sensitive use cases.

This proposed EUCS certification scheme will “fully allow non-EU cloud service providers to obtain certification at the highest level and fully enter the EU market, and still allow competition in all tenders where additional national sovereignty requirements may be required.”

Furthermore, the program “allows free markets and a tailored approach to different risk levels based on potential geopolitical threats.”

Belgium's plans will be discussed by cybersecurity experts from 27 EU countries on April 15, which may pave the way for the European Commission to pass a cybersecurity plan in the northern hemisphere fall.

EU companies jointly boycott proposals for non-sovereignty claims

In response, Deutsche Telekom, France Telecom, Airbus, and 15 other companies called on EU countries to reject the latest proposal, which has no sovereignty requirements, and send letters to governments and senior European Commission officials in a joint letter. They believe that including EU headquarters and European control requirements in the main plan is necessary to mitigate the risk of illegal data access based on foreign laws.

The companies warned that without these requirements, European data could be accessed by foreign governments based on foreign laws such as the US Cloud Act.

Meanwhile, the EU companies said that the EU's cybersecurity label should follow the example of Europe's Gaia-X cloud computing platform. Gaia-X aims to reduce the EU's dependence on Silicon Valley giants and has sovereignty requirements.

They also claim that the lack of a sovereignty clause may also hinder competition between EU startup cloud providers and larger US rivals.

“Removing such requirements from the program would seriously jeopardize the viability of European sovereign cloud solutions — many of which are either under development or already on the market.”

According to reports, the signatories of the joint letter include EDF, French cloud service provider OVHcloud, Italian counterpart Aruba, Dassault Systemes (Dassault Systemes), German Ionos, Telecom Italia (Telecom Italia), Austrian Exoscale, and French technology companies Capgemini and Eutelsat.