AFEP welcomes the work conducted by the ENISA to construct a harmonized cybersecurity certification scheme across the EU.
However, large French companies are concerned by the recent removal of the extraterritorial access protection requirements in the last draft issued by the ENISA. Such removal comes in a context in which non-European countries have adopted measures in their legislation that could reinforce their unrestricted access to data and processing hosted by their companies.
The challenge of protecting their sensitive data is indeed strategic for the management of large French companies regardless of their sector of activity.
AFEP member companies need to be able to ensure full protection of their most sensitive data against non-European legislation with extraterritorial application.
Therefore, AFEP insists that the inclusion of extraterritorial access protection requirements is necessary to ensure the highest protection of European organizations’ most sensitive data, avoid the fragmentation of the internal market, and encourage the development of autonomous cloud solutions across Europe.