A recent draft of the EU Agency for Cybersecurity’s (ENISA’s) European Union Cybersecurity Certification Scheme on Cloud Services (EUCS) reveals updates in what requirements are currently being considered for non-EU cloud service providers (CSPs). This information is derived from an unofficially released report, providing insights into the evolving regulatory landscape faced by global cloud computing companies.
Cloud services are a cornerstone of the modern digital economy, with global enterprises depending largely on these platforms to facilitate their operation. The changes in EUCS certification scheme illuminate the shifting priorities of the regulatory landscape: a vital information for legal professionals working within and in association with world’s biggest corporations and law firms who need to keep track of these requirements for compliance.
The report suggests that some previous requirements have been lifted. However, it does not provide specifics as to which were relaxed, signifying that legal entities must still ensure strict compliance until further clarification is offered. This ambiguous scenario thus serves as a reminder of the complex nature of international legal regulations in the digital sphere and the necessity for close monitoring of policy updates.
A closer reading into the regulatory changes ensures that corporations stay one step ahead during this transitionary phase. Companies and their legal representatives are advised to familiarize themselves with the expectations set by ENISA and the EU to better prepare and align their practices with the new certification scheme.
For the primary source of this information, see the full article on JDSupra, written by members of Skadden, Arps, Slate, Meagher & Flom LLP.