ENISA working on cybersecurity certification scheme for cloud services

The EU's cybersecurity agency Enisa will be launching soon a call for expressions of interest for an Ad-Hoc Working Group for Cloud Cybersecurity Certification.

As clearly stated in the EU Cybersecurity Act, the European Commission assigned to ENISA the preparation of candidate cybersecurity certification for cloud services, taking into account existing and relevant schemes and standards.

The Commission has facilitated the work of the Cloud Service Provider Certification (CSPCERT) Working Group in this area. CSPCERT is a private and public stakeholder group, which has worked to provide a recommendation in relation to the security certification of cloud services to ENISA, the European Commission and the Member States, available here: CSPCERT WG - Recommendations for the implementation of the CSP Certification scheme.

According to ENISA "A single European cloud certification is critical for enabling the free flow of non-personal data, which allows for the unrestricted movement of data across borders and information systems within the EU.The cybersecurity certification of cloud services will bring enhanced trust and legal certainty in the security of cross-border data processing, as acknowledged by the Free Flow of Data Regulation. Certified cloud services will reinforce the impact of this regulation helping the EU data economy to further contribute to GDP growth."