Amazon, Google and Microsoft may find it easier to bid for EU cloud computing contracts after draft cyber security labelling rules scrapped a requirement that vendors should be independent from non-EU laws, according to the document seen by Reuters.
The European Union has struggled to agree to a cyber security certification scheme (EUCS) to vouch for the cyber security of cloud services and help governments and companies in the bloc to select a secure and trusted vendor for their business.
The move comes as Big Tech looks to the lucrative government cloud market to spur growth.
The EU on the other hand fears illegal state surveillance while some governments worry that the dominance of US cloud providers may inhibit nascent EU rivals.
One draft circulated to EU governments last year required US tech giants to set up a joint venture with an EU-based company and store and process customer data in the bloc to qualify for the EU cyber security label.
Such so-called sovereignty requirements sparked criticism from European banks, clearing houses, insurance groups and some startups which said technical provisions rather than political and sovereignty obligations should prevail.
The latest draft dated March 22 removed such requirements, with cloud vendors only obliged to provide information about the location of the storage and processing of their customers’ data and about applicable laws.
EU countries are now reviewing the tweaked draft after which the European Commission will adopt a final scheme. The EU executive did not respond to a request for comment.