The first meeting of the new Digital Single Market cloud stakeholder working groups took place in Brussels on 17 April. The creation of the working groups was spurred by the Commission's legislative proposals of 13 September 2017 on the free flow of non-personal data and cyber security. These working groups will conduct self-regulatory work in the areas of cloud security and porting data/switching cloud service providers.

Photo of a working group listening to speaker

To assure a balanced approach to this work, it will be co-chaired by representatives from the cloud service industry and from business users of cloud services. The working group should comprise stakeholders with relevant legal, technical and economical expertise and professional experience in the field of cloud computing. This self-regulatory work will constitute an open and inclusive process, so any experts meeting the aforementioned requirements will be able to join the work. Experts can make their interest to join the work known by sending an email to: cnect-e2-communications@ec.europa.eu

The working group on cloud switching/ porting data (SWIPO)

The SWIPO working group will work on developing self-regulatory codes of conduct at Union level, as defined in the Commission's proposal on the free flow of non-personal data (article 6). Such codes of conduct should define best practices and information requirements to facilitate the switching of cloud service providers and to ensure that these providers supply professional users with sufficiently detailed, clear and transparent information before a contract for data storage and processing is concluded. The objective of SWIPO is to reduce the risk of 'vendor lock-in', as it will be easier to switch providers when it is clear which processes, technical requirements, timeframes and charges apply in case a professional user wants to switch to another provider or port data back to its own IT systems.

This working group has initially two sub-groups, to address different types of services of the cloud stack. These groups will develop two different codes of conduct: one for Infrastructure-as-a-Service (IaaS) cloud services and another for Software-as-a-Service (SaaS) cloud services. Platform-as-a-Service (PaaS) may be considered at a later stage.

The co-chairs of these working groups are:

SWIPO WG on IaaS services

  • Mr. Freddy van den Wyngaert, representing EuroCIO (a platform for business users of cloud services)
  • Mr. Alban Schmutz, representing CISPE (a platform for cloud service providers)

SWIPO WG on SaaS services

  • Mr. Aniello Gentile, representing Confindustria (an association of business users of cloud services)
  • Mr. Maurice van der Woude, representing BP Delivery (representing SME-users of cloud services)
  • Mr. Chris Francis, representing SAP (a large EU cloud service provider)
  • Mr. Jörn Wittmann, Scope Europe, representing a private Monitoring Body for Codes of Conduct

     

The working group on cloud security certification

The working on group on cloud security certification will explore options for the development of a possible candidate scheme in the field of Cloud Security under the Framework proposed by the Cyber Security Act adopted on 13 September 2017, in order to enhance legal certainty and trust in the cloud market. The fast development of such a certification scheme is crucial for cloud uptake and the free movement of data in Europe. It will allow to demonstrate equivalence of security requirements throughout Europe and facilitate the cross-border storing and processing of data while also making it easier to compare cloud service providers with respect to security when considering switching provider. This will be of central significance for the European data economy and the digitisation of the industry.

Such effort shall be driven by relevant stakeholders together with the expert assistance of representatives of national cybersecurity certification authorities. Such a scheme will help to overcome the current patchwork of cloud security certification schemes.

The co-chairs of this working group are:

  • Mr. Borja Larrumbide, representing BBVA and the European Banking Federation (large business users of cloud services)
  • Mr. Helmut Fallmann, representing Fabasoft  (an Austrian SME cloud service provider and member to the General Assembly of the EU Code of Conduct on Data Protection)