The European cyber security authorities are currently developing rules for cloud service providers such as Amazon, Microsoft, Google and others, which would impose stricter cyber security requirements under a new certification scheme, including on data management.
Meanwhile, 2 weeks prior the first meeting of the newly formed Pittsburgh Trade and Technology Council on September 29, 2021, at which US and EU representatives should discuss cyber security, data confidentiality and other issues, in an interview with Politico, the general director of the French Agency for the Security of Information Systems (ANNSSI), is urging Europe to take tougher measures and stop US law enforcement from accessing important data stored in Europe by US cloud companies.
Under the U.S. law, known as the CLOUD Act, U.S. companies are required to provide foreign data to U.S. authorities, if requested. However, according to the general director of ANNSSI, for financial and health services, Europe needs a “rule that only European legislation is applicable to cloud products certified in Europe”.
More information on the topic and parts of the interview for “Politico” can be read here: https://www.politico.eu/article/france-wants-cyber-rules-to-stop-us-data-access-in-europe/?mkt_tok=MTM4LUVaTS0wNDIAAAF_kPDiKRqNZMylC0RRcWFVhRylrIc9WtM1FKFd_ps-lnO-hecfhh-HcZXcSdtV0obe883kYg1sMDALeLXyjSb4_j29c1JHrHNcXjrkdDxRhUsJ.