In response to a Commission request concerning a cybersecurity certification scheme for Cloud services, the EU Agency for Cybersecurity established a suitable ad hoc working group.
Under the EU Cybersecurity Act, an ad hoc working group provides advice to the European Union Agency for Cybersecurity (ENISA) vis-à-vis a draft candidate cybersecurity certification scheme and it culminates open consultation with relevant stakeholders.
Over the past few years, cloud services have become the backbone of information and telecommunications services in the Digital Single Market as consumers as well as private and public services alike seek to reap the benefits of ubiquitous services in relation to increased productivity at a lower cost. In response, several Member States including but not limited to France, Germany, Spain and the Netherlands have set up assessment and/or certification frameworks concerning these services. These frameworks have complemented private certification schemes widely available throughout the market.
Acting on a prominent Commission initiative, dubbed CSP-CERT, representatives of both the private and the public sectors have already reached consensus and put forward a proposal for a certification scheme for the cloud; however, several aspects have yet to be sorted out.
The Commission request to ENISA concerning a cybersecurity certification scheme for Cloud services has been grounded on the Regulation for the free flow of non-personal data. Other relevant aspects concerning the cybersecurity of non-personal as well as personal data flows are likely to also come under the scope.
This ad hoc working group is composed of 20 selected members broadly representing stakeholders’ communities across providers and users, small and large companies, public sector etc. The work of this group has also attracted the interest of around 15 representatives from Member States public authorities as well as EU Institutions and bodies that have designated representatives; the output draft candidate cybersecurity certification is expected to be finalised in late 2020.
Further Information
ENISA's work on cloud servicies
ENISA's work on certification schemes
For questions and interviews: press@enisa.europa.eu