Eurocloud denounces the risks of amendment 73 rect to the Narcotrafic Bill for the security of Cloud Computing

Paris, March 3, 2025 – Eurocloud, an association representing Cloud Computing service providers, expresses its deep concern regarding Amendment 73 rect to the proposed law “Getting France out of the drug trafficking trap”, adopted by the Senate. While the objective of combating drug trafficking is legitimate, this amendment, which imposes obligations on cryptology service providers, including cloud services, presents major risks for data security and the competitiveness of the French digital sector.

Amendment 73 rect would apply to all Cloud services

Amendment 73 rect, which creates Article 8 ter of the Narcotrafic Bill, by amending Article L. 871-1 of the Internal Security Code, requires cryptology service providers to implement the technical measures necessary to allow intelligence services to access the intelligible content of the data. This obligation removes the possibility for companies to invoke technical or contractual impossibilities to avoid these requests.
However, cloud services use cryptology to secure data at rest, in transit and during processing. Cloud storage services encrypt data on servers and disks to prevent theft or loss. Cloud databases integrate column encryption and tokenization to secure sensitive information. Key management relies on dedicated servers and HSM modules to protect cryptographic keys. Finally, many cloud applications use client-side encryption solutions and apply cryptography throughout the data lifecycle.

Backdoors: a threat to everyone's security

Eurocloud points out that creating "backdoors" in encryption systems weakens the security of the entire service, which could be taken advantage of by malicious actors. As Guillaume Poupard, former head of ANSSI, regularly points out, it is technically impossible to guarantee that these devices will only benefit authorized persons, as illustrated by the cyber-espionage carried out by the Salt Typhoon group. Finally, experience shows that criminals do not hesitate to develop their own encrypted communication tools, thus rendering the obligation to create backdoors in legitimate messaging ineffective. By weakening the security of Cloud Computing services, Amendment 73 rect risks backfiring on the intended objective, by offering criminals opportunities to exploit the security flaws created. Eurocloud calls for the deletion of Article 8 ter

Eurocloud urges parliamentarians to delete Article 8 ter as adopted by the Senate and calls for in-depth consultation with stakeholders in the digital sector in order to find effective solutions to combat drug trafficking without compromising data security and the competitiveness of the French Cloud Computing industry.