German and French IT business user associations’ position on the European certification scheme for cloud services

27 juin 2022 | ACTUALITÉS, Cigref in english, Communiqués

For an ambitious certification scheme that protects the sensitive data of European organisations in the cloud from non-European legislation with extraterritorial reach.

Ce communiqué existe aussi en français

Ce courrier est également téléchargeable en français

In a letter sent to Commissioner Breton on 23 June 2022, Cigref welcomes the draft European data regulation and expresses its ambitions for the future certification scheme, which is an essential instrument for making operational the mechanisms designed to promote the free movement in Europe of sensitive data of European public and private organisations.

As the debate intensifies between the advocates of a legalistic approach and a lesser scheme, and the advocates of an ambitious policy, VOICE and Cigref call on the European institutions and ENISA to adopt a certification scheme that will allow the establishment of a harmonised regulatory framework guaranteeing the protection and security of information systems and data within the European Union. This high level of certification is an opportunity to create the framework of trust in the cloud that European companies currently lack. It is a trajectory, a goal to be achieved collectively.

The free flow of data requires a trustworthy framework to ensure the security of sensitive corporate and public administration data in the cloud. Currently, many public and private organisations are obliged to maintain data hosting, and associated processing, on their premises because of the sensitivity of this data to unlawful international access by non-European administrative and judicial authorities through legislation with extraterritorial reach.

The European Union must face the consequences of the judgment of 16 July 2020 of the Court of Justice of the European Union in the so-called « Schrems II » case, which invalidated the Privacy Shield adequacy agreement, and equip itself with mechanisms commensurate with this judgment and enabling it to guarantee the free circulation of sensitive personal and non-personal data of European public and private organisations under conditions of verifiable and enforceable trust.

VOICE and Cigref welcome the draft Data Act which aims to implement horizontally applicable safeguards to strengthen the protection of non-personal data hosted in Europe from international access. In addition to these ambitious provisions, our associations call for a European certification scheme for cloud services (EUCS) to guarantee the highest level of immunity to non-European legislation with an extraterritorial scope for certain cloud service offerings on the European market. VOICE and Cigref believe that the implementation of an ambitious certification scheme stems from the spirit of the Cybersecurity Act, the objective of which is to establish a harmonised regulatory framework guaranteeing the protection and security of information systems and data within the European Union.

The letter addressed to Commissioner Thierry Breton, in French and its courtesy translation into English, is available as an attachment to the press release.


About us – Who we are 

We are the French and German CIO associations; communities of Chief Information Officers (CIOs) and other senior leaders who are responsible for digital technologies and digital transformations within private or public organisations. These are all business users of digital technologies. We do not represent ICT suppliers and consultants.

Cigref – France

VOICE – Germany

Press contact : Baptiste Chauveau, Communication & PR Officer – Cigref

Migration dans le cloud : point d’étape

Après deux années de travaux sur la migration vers le cloud, de 2020 à 2022, le Cigref avait marqué une pause sur ce sujet. L'objectif de cette interruption était de permettre aux organisations de poursuivre leur programme de migration et de recueillir, l'année...

Rapport d’orientation stratégique 2024 du Cigref : « 5 ambitions : que faire d’ici 2040 ? »

A l’occasion de sa 54ème Assemblée générale, le Cigref a dévoilé l’édition 2024 de son Rapport d’orientation stratégique, « 5 ambitions : que faire d’ici 2040 ? ». « Nous avons pris un angle radicalement différent des précédentes années : nous nous sommes attachés à...

Nomenclature des profils métiers du SI – version 2024

Le Cigref maintient, depuis 1991, une Nomenclature des profils métiers existants dans les Directions du Numérique des entreprises membres du Cigref. Cet outil ne présente pas ce que « doivent » être ou ce que « seront » les métiers des SI mais ce qu’ils sont...

Nomenclature des profils métiers du SI – version 2024

Le Cigref maintient, depuis 1991, une Nomenclature des profils métiers existants dans les Directions du Numérique des entreprises membres du Cigref. Cet outil ne présente pas ce que « doivent » être ou ce que « seront » les métiers des SI mais ce qu’ils sont...