#cybersecurity

EUCS, the new official EU cybersecurity stamp for the Cloud

National standards will have to comply with the new regulation, which is uniform across EU states. Services will have to be certified according to a set of agreed technical requirements and procedures.

  • 3 min

On privacy issues and problems, one of the priorities is the strengthening of cybersecurity policies by cloud service providers. For this reason, the European Cybersecurity Certification Scheme for Cloud Services (EUCS), one of the first IT security schemes in Europe, is being set up to obtain an official stamp of approval from European authorities. It includes rules, technical requirements, standards and procedures that strengthen the cybersecurity of ICT services and products offered to European citizens, initiated by the European Union Agency for Cybersecurity (ENISA).

The challenge is to harmonise a diverse set of market players, complex structures, and different systems in the member states to agree on single standards and an official stamp of approval by European authorities. The new standards will be applied to every cloud service, from infrastructure to applications, defining a very precise set of security requirements to comply to. ENISA's goal is to define a single, up-to-date framework, harmonising European regulations, international standards, industry best practices and certifications already in place in the Member States.

However, in order to ensure the transition from current national systems to a single framework, it is necessary to involve all actors, structures and the whole landscape of cloud services, establishing the guaranteed level of cybersecurity between 'Basic', 'Substantial' and 'High'.

The new standards will apply to every cloud service, from infrastructure to applications, defining a very precise set of security requirements. The doubts of the Americans: too complex procedures.

This is not an overhaul of the fundamentals of the previous SOG-IS MRA scheme in force, but the optimisation of certain IT security protocols to obtain the new certification.

The main benefits relate to the monitoring and compliance management of infrastructures, detailed information on vulnerabilities made publicly available, and increased consumer support, such as patch management for certified products.

However, there are still some open points, on which reflections are ongoing: for instance, the slow transition period needed for compliance and the sharing of additional requirements with developers, requirements that need to be better specified.

A very important country like the United States of America has objected, considering that the proposal will create overly complex legal compliance procedures without substantially increasing current levels of cyber security. The control procedures would be excessively restrictive. In addition, according to representatives of major technology industries such as Amazon, Microsoft, or Google, the new regulatory framework is likely to have serious repercussions on cloud service providers, and on the competitiveness of the European economy in general.​
Via Stalingrado 37 - 40128 Bologna 
Phone 051 5077111 - Fax 051 375349 
unipoltech@pec.unipol.it 
Tax ID 03506831209 and VAT number 03740811207 
Company register iscription number REA 524585 
Share capital 5.000.000,00 euro
Single-member company subject to the management and coordination of Unipol Group S.p.A. and part of the Unipol Insurance Group​

Icona Linkedin


REGISTERED OFFICE: VIA STALINGRADO 45, 40128 BOLOGNA – 
PHONE +39 051 5076111 – FAX +39 051 5076666 – 
FULLY PAID-IN SHARE CAPITAL € 3,365,292,408.03
COMPANY REGISTER OF BOLOGNA – 
TAX ID. NO. 00284160371 –​ V.A.T. NO. 03740811207 – 
R.E.A. 160304


© Copyright 2024 UnipolTech S.p.A