Close panel

Close panel

Close panel

Close panel

Cybersecurity 18 Feb 2019

BBVA to host the next EC meeting to stimulate pan-European cloud-computing

On February 26, BBVA will host the sixth plenary meeting of the working group that promotes the use of cloud technologies in Europe's Digital Single Market (DSM Cloud Stakeholders). The stakeholder group includes business and regulatory representatives specializing in the fields of cybersecurity and the free flow of data.


BBVA will host the next plenary meeting of the working group, which is tasked with proposing cloud regulation for the Digital Single Market (DSM Cloud Stakeholders), an initiative created by the European Commission (EC) to promote the use of cloud services in Europe.

During the event, the latest progress made by the working group’s two streams will be presented: a proposal for the European Cloud Security Certification framework for cloud service providers (CSP CERT); and the creation of a code of conduct to facilitate cloud switching (changing cloud providers) and the portability of data between providers (SWIPO).

BBVA is an active member of the working group, and will host the plenary meeting at its headquarters in Madrid on February 26-27. The full agenda and registration to the event are available here.

Key cybersecurity representatives from Europe's public and private sectors will attend the event, as will notable industry players who will discuss the challenges and opportunities raised by cloud technology. The underlying aim is to make further inroads in establishing a Digital Single Market. Participating subject matter experts include Pierre Chastanet, Head of the Cloud & Software Unit of the EC's Directorate General for Communications Networks, Content and Technology (DG-CONNECT); in addition to Andreas Mitrakas, Head of the Data Security & Standardisation Unit at the European Union Agency for Network and Information Security (ENISA).

Professionals from BBVA who will also outline their perspectives on the topic include Ricardo Forcano, Global Head of Engineering & Organization; Victor Espinosa, the bank’s Chief Cloud Officer; and Eduardo Arbizu, Global Head of Supervisors, Regulation & Compliance.

Two working groups

The EC, under the auspices of its Digital Single Market Strategy has undertaken numerous regulatory initiatives to advance its two priorities: the standardization of norms related to cloud services and encouraging the free flow of data (data portability).

One of these initiatives was the 2017 creation of the DSM Cloud Stakeholders working group comprised of representatives from the cloud services industry operating in Europe. Members include Amazon, Cisco, and IBM; national security agencies, service providers, and European customers, of whom BBVA is one.

The objective of the working group’s meetings is to “establish an open, transparent, and inclusive regulatory process” with participation from industry experts from both the private and public sectors, ultimately developing a joint proposal to improve cloud-based services in the EU. The initiative has defined two working sub-groups that focus on advancing regulation in the two key areas that impact the development of cloud based strategies in Europe.

  • Working group on cloud security certification (CSP CERT): this group is tasked with creating a recommendation for ENISA, the EC, and European member states based on the Cyber Security Act, that will provide a framework for defining a European security certification process for cloud services providers that facilitates the adoption of cloud technology in Europe and promotes the free flow of data between countries.

Borja Larrumbide, Head of Regulatory and Cyber Affairs at BBVA Engineering, co-chairs this working group together with Helmut Fallmann, co-CEO and co-founder of the Austrian cloud service company, Fabasoft.

  • Working Group on cloud switching/porting data (SWIPO): this group works to develop a pan-European code of conduct that facilitates switching cloud service providers and the simple, transparent portability of user data.

Both groups will present the progress they have made during the plenary session in Madrid. On February 27, closed sessions will be held for the expert members in the two initiative areas –CSP CERT and SWIPO. Consideration of new members to these groups is managed through their official web pages.