SecNumCloud must be up to date: Qualified repository for French cloud hosts passed in September In version 3.2.a, Three years after the 3.1 update that made the repository compatible with GDPR.
The update of the document aims to strengthen the repository’s legal guarantees at this time, which will be based on the SecNumCloud repository in order to prepare for the arrival of the “Cloud of Confidence” label.
This is the new version The subject of the call for comments until November 15, 2021, So that Ansi can gather the views of key stakeholders.
Judicial security
In the changes made to the repository, several sections clarify the legal protections that companies seeking to benefit from SecNumCloud eligibility must guarantee.
A new section called “Immunity to Non-Community Law” specifies that the head office of the service provider should be established within the EU member state. Similarly, the text states that the company’s shareholders must respect certain rules, ensuring that companies outside the EU do not have too many votes on the board of directors.
Applies to text providers as well. For example, this means that service providers that are not in the EU do not have the right to access data driven by the service. In addition to these terms, the new version of the text SecNumCloud Qualification provides for lifetime navigation testing.
Additional social law in scenes
There is nothing detailed about updating the repository. SecNumCloud will actually be the workplace for the labeling of the “Cloud of Confidence” label, which aims to provide French operators with the services of US players such as EU-run infrastructure and companies under European law, such as Google or Microsoft. .
There have been several announcements about the partnership since the label was issued: Orange, Capgemini and Microsoft, to mention their “Blue” offer or Thales and Google Cloud.
The issue of anti-community law is not a new concern for officials, but the issue has come to the fore again with the advent of the “Cloud of Trust” label and the emergence of European cloud certification programs. Behind this period, we see legislative arrangements such as the Cloud Act, which allow US administration to access data provided by American actors or on American soil. “We obviously think of the cloud law, but they are not alone. China is in the process of accepting similar arrangements during the Security Conference,” Guilford recalled.
A European certification program
SecNumCloud is expanding its rules to take this new scenario into account and to avoid endangering user data, in order to allow French companies to offer “trusted cloud” offers that connect US players such as Google or Microsoft.
If the evolution of the French front is going smoothly, this material has not yet been fully verified at the European level. Within the EU, the adoption of the Cyber Security Act paved the way for the establishment of a European certification program requested by many stakeholders. But member states have not yet complied with the rules in the European equivalent of SecNumCloud, especially on these questions related to extraterrestrial law.
As far as Guilloom is concerned, this is not a sign qua. “For important services and data, only European law applies, not European cloud law or the like. If we can not do that, it would be utterly useless to talk about European sovereignty,” the ANCI chief said.