The EUCS certification framework will enhance security and privacy across European cloud services, reinforcing GDPR compliance, mitigating cyber risk and increasing protection from extraterritorial laws. CISPE urges European nations to agree a final text when they meet on April 15th.

European cloud customers must be free to select cloud services from a broad range of vendors confident that they meet their specific data sovereignty requirements. CISPE has already established (since 2022) a principle-based approach to defining data sovereignty in cloud services. This document remains a relevant guide as EUCS is adopted across Europe.

There will be instances when very high levels of certification are required. In these cases, European providers should be encouraged and supported in developing bespoke solutions that meet specific customer requirements in alignment with data sovereignty principles.

Any final text must align with existing European regulation and voluntary initiatives including the Gaia-X labelling project. Working collaboratively these will bolster the security and sovereignty of cloud services and Europe’s competitive advantage in the global digital economy.

CISPE remains steadfast in its mission of ensuring that European cloud services operate within the most secure and compliant framework possible to guarantee a resilient, sovereign, and prosperous digital future for all of Europe. We applaud recent legislative victories such as the new SREN law in France and urge similar robust and aligned support for EUCS, ensuring that it continues to safeguard and empower Europe in the digital era.