Top European financial institutions has been formed a coalition to develop common security standards and best practices for the use of cloud technology in the EU.

The European Cloud User Coalition (ECUC) has been established by Allied Irish Banks, BAWAG Group., Belfius Bank, Commerzbank, Deutsche Börse, EFG Bank, Erste Group Bank, Euroclear, ING, KBC Bank, Swedbank and UniCredit.

Financial sector is the life blood of the global economy and as a part of their digitalisation efforts, they have resorted to adoption of private cloud. However, public cloud computing platform is increasingly gaining traction as it offers scalability, flexibility and high-quality security and resilience standards.

Many European banks have a sizeable presence in Asia and host their applications in data centers located here.

However, with GDPR norms as well as the reliance of EU banks on third party clouds provided by a limited number of US entitites has recently become a focus of regulatory attention at the European Central Bank, which has bemoaned the absence of an EU challenger capable of taking on the might of Big Tech cloud providers from the overseas.

For starters, ECUC will publish a paper with requirements for cloud services during 2021. The paper will consider all aspects of the basic European regulation and the data localisation provision, including General Data Protection Regulation (GDPR) requirements.

Besides winning new members ECUCs objective is to jointly agree on EU-grade security standards and best practices for the use of cloud technology and to use their collective muscle to enforce such standards on non-European cloud players.

“On that basis the high European regulatory and data protection standards will be better enforced with non-European cloud providers as well,” said the coalition. “As a result, financial institutions will in the long term be more independent in their technology selection, thus strengthening competition,” it added.

Even as this coalition takes shape, a problem with the cloud is that the servers with the data are physically located in different countries, not always under the control of the cloud user company. The authorities of a location country can based on domestic legislation get access to the data, copy, analyse and decide on action without the user company even knowing that this access has taken place.

Financial institutions using cloud should be obliged to disclose to end user customers that their data is managed is such a way. EU member states also start to demand that data and critical processes must reside within the member state and any cloud then must be “domestic only”.

Industry watchers opine that all this adds to the cost of doing business and end-users will eventually have to bear the brunt of extra costs.