The Economic Impacts of the Proposed EUCS Exclusionary Requirements


#EU #digitalpolicy #economy

The EU Agency for Network and Information Security (ENISA) is proposing a far-reaching “European Cybersecurity Certification Scheme for Cloud Services“ (EUCS) to be established in the European Union (EU). According to the latest draft of August 2023, leaked by Politico in September 2023, the proposed EUCS would by design prevent non-European vendors from providing “high assurance level” cloud services in the EU. In this study, we show that the proposed “immunity” requirements, i.e., foreign ownership and headquarter restrictions, local staff requirements, and data localisation would lead to significant losses in Member States’ aggregate economic activity and drive a big wedge between economic growth in the EU and the growth of non-EU economies. The projected losses in annual EU GDP will vary from EUR 610 billion to EUR 29 billion within approx. two years of implementation, contingent upon the specific sectoral coverage of high-assurance use cases under the cloud service evaluation level CS-EL4. The results fit into the overall picture of EU digital policy, which has weakened rather than strengthened the competitiveness of EU industries in the past. Our findings align with the broader impacts of EU digital policy, which runs the risk of exacerbating the growth gap and technology disparity between the EU and other advanced economies.

Tipo de Publicação
cyber security
Publicado por
ECIPE - European Centre for International Political Economy
Data de Publicação
Matthias Bauer; Philipp Lamprecht