It is in line with:
the national cloud strategy announced in mid-May 2021 by the Ministry of the Economy, Finance and Recovery, the Ministry of Transformation and the Public Service and the State Secretariat for the Digital Transition and Electronic Communications; the development of the European certification scheme relating to cloud providers, and more particularly for the "high" level of certification for which France is pleading for equivalence with SecNumCloud.
The main contributions are:
clarification of the criteria for immunity from extra-Community laws, beyond the existing localization requirements, through technical requirements intended to limit access to the technical infrastructure of the service by third parties and uncontrolled transfers and specific legal requirements relating to the service provider and its links with third parties. These legal criteria were drafted in close collaboration with the General Directorate for Enterprise (DGE); the implementation of intrusion tests throughout the SecNumCloud qualification lifecycle.
This revision also takes into account CaaS type activities (Container as a Service) as well as feedback from the first evaluations.
observations,
