In an opinion published on Friday 19 July, the French Data Protection Authority (CNIL) calls on the EU to return to the old security provisions for the European Cybersecurity Certification Scheme (EUCS).
As the latest versions of the text have removed the legal security criteria (see EUROPE 13434/9), France still hopes to be able to safeguard its own national security system, ‘SecNumCloud’, in addition to the EUCS scheme.
In its press release, the CNIL considers that “the absence of a level including ‘immunity’ criteria poses a legal, economic, technological and industrial problem”. In particular, it cites the difficulties of outsourcing and the obstacle to the development of a solid European offering in cloud computing.
According to the CNIL, the inclusion of these criteria would make it possible “to ensure the highest level of protection for the most sensitive personal data processing for European industrial players”, and it points to the French ‘SecNumCloud’ system as an example to be followed.
At this stage, no date has been set for the next meeting of European experts on this subject. Discussions could only resume once the next college of commissioners has been constituted.
See the press release (in French): https://aeur.eu/f/d3g (Original version in French by Isalia Stieffatre)