ENCLAIVE COMMENTS GERMAN MOVE AHEAD ON CONFIDENTIAL COMPUTING
Our German member ENCLAIVE informs on interesting developments in Germany, regarding use of confidential computing, a domain of expertise for ENCLAIVE. « C5 » and « C3A », quoted below, are sectorial cybersecurity rules enforced by the national Agency BDI.
A brief update from the Sovereignty discussion in Germany: Confidential Computing has recently become part of the C5 BSI directive. In addition, the question of sovereign cloud solutions is gaining further momentum with the new C3A. For many, the inclusion of Confidential Computing in the C5 probably sounds like yet another technical detail. However, for the public sector and healthcare with their highly sensitive personal data it is considerably more than that: the Federal Office for Information Security (BSI) now uses the C5 to set out how technical operator exclusion can be achieved through confidential execution environments, and what requirements are placed on cloud providers. The C3A further specifies and reinforces sovereignty requirements in the cloud.
What this means in practice: For public administration: Digital sovereignty is becoming more tangible. Trusted Execution Environments and external key management ensure that even operators of cloud infrastructure have no access to data or encryption keys. This directly addresses the questions that repeatedly arise during data protection impact assessments or when working with IT service providers. For healthcare: The question of how health data can be used securely has been answered and on two fronts:
Confidential Computing creates secure data spaces for the exchange of information within and between patient care, research, and policymaking. At the same time, protecting data during processing is the decisive building block for the safe use of artificial intelligence.
To know more:
https://drive.google.com/file/d/1uOkIktUyrvkmpYZyWyMU1GlzD4KOB8hf/view
