While the next meeting of the group of experts to decide on the future European cybersecurity certification scheme (known as EUCS) is due to take place on 11 July, adoption of the text is still far from a certainty.
Since the last meeting on 18 June, when the discussion on EUCS was taken off the agenda (see EUROPE 13434/9), the European Commission has still been in the process of drafting guidelines for the Member States on the implementation of the scheme at national level, particularly in the context of sovereignty requirements.
The Cybersecurity Act, to which theEUCS is linked, states that when the EUCS is adopted, national security schemes should normally disappear. Since the withdrawal of the highest legal security criteria from the text (see EUROPE 13394/9), France has been fighting to obtain the possibility of safeguarding its own security system, ‘SecNumCloud’, at national level.
At the same time, ASD, the association of Europe’s aerospace, security and defence industries, has published a note encouraging Member States to reintroduce the so-called ‘High+’ security criteria into the text.
“This would guarantee the protection and availability of the most sensitive European data against the risks that could arise from unregulated and unsupervised storage and management beyond the territory of the EU and its legislative control”, they argue.
See note: https://aeur.eu/f/cze (Original version in French by Isalia Stieffatre)