This article focuses on the implications of EUCS for European companies and how Uniserver positions itself within these regulations.

The digitalization of business processes and the dependence on cloud technologies across Europe have led to new cybersecurity challenges. In response, the European Union passed the Cybersecurity Act (CSA) in 2019. This legislation marks a turning point in how cybersecurity is approached within the EU, with a special focus on strengthening trust and security of cloud services.

As part of this legislation, ENISA (European Union Agency for Cybersecurity) has been given a central role. This agency, which is tasked with improving network and information security within the EU, was mandated to develop a European certification framework for cloud services. This led to the creation of the European Cybersecurity Certification Scheme for Cloud Services, or EUCS for short.

The goal of EUCS is to provide a uniform certification program that harmonizes security standards for cloud services across the EU. This makes it easier for companies to demonstrate that their services meet high cybersecurity standards, which in turn helps increase consumer and business confidence in cloud-based solutions.

EUCS defines four certification levels:

This level is intended for services that require basic security measures and where the consequences of a security breach are limited.

This level is suitable for cloud services where there is a higher risk and where more advanced security measures are necessary to protect data and systems.

Aimed at services that process critical data and where a breach could have serious consequences. This level requires strict security protocols and mechanisms.

This is the most advanced level, specifically for services that are essential for national security, public order or other critical societal functions. It includes requirements for data localization and protection against influences from outside the EU.

The last two levels in particular apply to cloud service providers (CSPs). This involves a total of 575 controls, a multiple of, for example, the ISAE 3000 or ISO 27.001.

Recently leaked documents show that the High and High+ certifications will have a significant impact on all non-European CSPs (read: hyperscalers). These requirements emphasize the protection of customer data against non-EU laws and mandate that only European employees, who are under European ownership, have access to this data and systems. This could mean that initiatives from non-EU CSPs may not meet the High+ standards.

Last April 2024, a new concept emerged and, remarkably, the geopolitical component was toned down. Because it is a draft, it is too early to draw conclusions and we are now waiting for the final text.

Uniserver recognized the direction of EUCS certification early on and has made significant investments to meet the High+ certification requirements. Not only do we provide hybrid solutions for cloud-native platforms, but we also strive to be a safe haven for European partners that require solutions that meet the highest standards of EUCS.

For our (potential) partners, this means that they can safely accommodate their workloads and data with Uniserver, surrounded by strict compliance. This ensures that they are proactive in complying with new regulations. Although you must also take steps to become certified, Uniserver takes responsibility for the underlying virtualization and hardware platforms, as well as any additional services.

Uniserver is prepared for the future of cybersecurity in the cloud. We invite IT managers to contact us if they would like to know more about our services or are interested in becoming a partner. We are ready to enter the future of secure cloud solutions together. Are you ready to take the next step with us?

Contact us and become a partner in innovation and safety.