Mondo Visione Worldwide Financial Markets Intelligence

FTSE Mondo Visione Exchanges Index:

CCData-468x60x2.jpg BT_Radianz_468x60_Jul23

EACH Publishes Letter On The Restrictions Brought By The EU Cybersecurity Certification Scheme For Cloud Services (EUCS)

Date 22/08/2022

The European Association of CCP Clearing Houses (EACH) has provided its view on the EUCS in the form of a letter to the EU authorities. Created under the EU Cybersecurity Act, the EU Cybersecurity Certification Scheme for Cloud Services details aims to harmonised EU-wide standards and improve cybersecurity as well as enhanced oversight and auditing tools on cloud services. This letter puts forward concerns and recommendations on some of the restrictions considered by the EUCS.

 

  • EACH welcomes the introduction of an EUCS and the benefits it brings, as well as the increased focus in the EU on harmonized emerging requirements on firms’ cyber and operational resilience overall.
  • EUCS’s focus on localisation provisions could affect the quality and security in the European cloud market, and make it more difficult for European companies to operate and compete globally.
    • CSP location based restrictions  Restrictions under considerations within the EUCS would force CCPs to exit longstanding contracts with existing non-EU based CSPs without a suitable alternative. We believe this would undermine EU CCPs’ ability to manage their operational and cyber risk effectively hence affecting our ability to provide clearing services underpinned by best-in-class operational resilience.
    • Weakens cyber security  EACH is concerned that these measures would not add improvements to Cyber Security, moreover, that they could weaken Cyber security by hindering the exchange of information.
  • EACH recommends the following be considered in the finalising of EUCS:
    • High level of resilience can be achieved through enhanced contractual arrangements with CSPs, increased supervision of critical CSPs, and rights of access, (financial industry pool) audit and oversight , as introduced in DORA.
    • Envisaged requirements in the EUCS draft for sectors using critical/level-high certified CSPs should be accompanied by a stakeholder engagement, an impact assessment, and consultations with the market participants before becoming a matter of discussion.
    • Concerns relating to non-EU cloud providers should be addressed in international and cross-jurisdictional forums, such as the EU-US Trade and Technology Council meetings. We need to have a constructive dialogue on creating efficient and workable solutions.

 

For more information, please see the EACH responses here or visit the EACH website at www.eachccp.eu

Confinity_sky1-min.gif MV 120 X 600 Hard to Reach BT_Radianz_120x600_Jul23.jpg