Europe Upgrades its Cybersecurity Arsenal — Frightening the US

This article discuses how the European Union’s current cyber strategies differ from the
United States’ and may pose challenges to US-based cloud companies. While the United States
strongly intertwines national security within it cybersecurity policies and strategies, the European
Union is more focused on privacy and economic protection. The article explores how the EU’s
focus on data protection and desire for “digital sovereignty” poses problems, as the desire may
focus too much on data localization (instead of data distribution) and decrease cloud service
competition. In particular, the NIS directives 1 and 2 threaten labelling too many sectors as
“critical,” thus clouding the classification of security threats. The 2022 Cyber Resilience Act,
which aimed to extend cybersecurity standards, may hinder the current speed of innovation and
even increase security risks by introducing a third party to enforce and approve standards
execution. Furthermore, the article presents worries that Europe’s desire for “digital
sovereignty” and proposals to limit foreign cloud services, could increase data localization,
decrease competition and, in turn, increase cybersecurity risks. The authors suggest
strengthening public-private and transatlantic partnerships for the United States to maintain a
presence in the EU cyber domain and decrease EU cybersecurity risks through data distribution.