EPIF is delighted to share with you the joint statement on EUCS co-signed by EPIF together with AFME, EBF, EPIF, ESBG and Insurance Europe regarding the cybersecurity certification scheme for cloud services (EUCS).

The ongoing process of developing a cybersecurity certification scheme for cloud services (EUCS) has been raising serious concerns amongst the EU financial services industry.

With this statement the co-signatories aim to draw attention to aspects of this process that have been raising such concerns. This includes the insertion of sovereignty requirements on the EUCS draft text and the lack of engagement with the industry during this process.

Therefore, the associations co-signing this statement consider that European Commission and ENISA should:

• Remove the sovereignty requirements from the EUCS candidate scheme and adopt an implementing act which focuses purely on technical requirements that will strengthen the European internal market, as existing EU policies set out in DORA, GDPR and NIS2 provide the best tools for tackling operational resilience and oversight of ICT critical third-party providers; and
• Actively engage with the industry during this process to ensure that the final scheme is adequate and fit for purpose.

Please find below the joint statement.