EU Cybersecurity Labelling Scheme May Hit Japanese Exports: Tech Lobby

Japan’s leading tech lobby group has joined U.S. Big Tech to warn against proposed E.U. cybersecurity labeling rules that they said could hamper their access to the bloc’s markets. The European Union wants to set up an E.U. certification scheme (EUCS) to vouch for the cybersecurity of cloud services and help governments and companies in the bloc select a secure vendor for their business. It would require companies like Amazon, Alphabet unit, Google, Microsoft, and others to set up joint ventures with EU-based companies to qualify for the label.

The E.U.’s planned labeling system has riled many large technology companies and led the U.S. Chamber of Commerce and other groups to oppose it. On Thursday, 12 tech industry bodies, including the Japanese Association of New Economy and Tech U.K., warned that the requirements would put EU-based and foreign companies on unequal footing and could prompt retaliatory measures by trading partners such as the United States.

A draft law sets out the criteria for companies to get the label. It aims to protect data stored in E.U. clouds from unlawful access and ensure their systems are safe against cyber threats such as hacking and unauthorized access. Under the proposal, products that pose the highest risk must be certified. These include software operating systems, public infrastructure and digital certificate issuers, industrial Internet of Things devices, and robot sensing equipment. Those that present lesser risks can be certified at lower levels. Companies must also regularly report any known vulnerability risks and be willing to change their software, hardware, or security procedures if necessary.

“This requirement could create a de facto market access barrier, hurting both E.U. and Japanese companies,” the Japanese association’s director, Hiroshi Mikitani, wrote in a Nov. 28 letter to E.U. industry chief Thierry Breton seen by Reuters. Mikitani heads the e-commerce and fintech firm Rakuten, which counts several high-profile business executives among its ranks.

The letter, which was co-signed by the CEOs of Nokia, Robert Bosch GmbH, and Slovakian software company ESET, urged the European Commission to scale back the list of products that face stricter requirements and give manufacturers more flexibility to self-assess vulnerabilities. The group also urged the E.U. to prioritize technical solutions rather than requiring companies to redevelop their entire product line. The E.U. has no immediate comment on the letter.

Among the other criteria for the label is that non-EU firms that want to offer services at the highest level of assurance — CS-EL4 or “high+” — must be part of a joint venture with an EU-based company. The document says the companies must also be subject to the same legal and regulatory regime as EU-based companies.

The proposed law would apply only to large platforms, with revenues of over €10 billion or more per year, and not to smaller Internet of Things (IoT) vendors that may offer less sophisticated devices. However, the E.U. has previously desired to extend the labeling requirements to these IoT devices.

Anthony Jones

Meet Anthony Jones, an accomplished writer with a passion for creating compelling content that engages, educates, and inspires readers. With years of experience in the industry, Anthony Jones has honed their skills in crafting content across various formats, including blog posts, articles, eBooks, and more.

Leave a Reply

Your email address will not be published.

Latest from Featured Posts