AmCham EU appreciates the attempt of the European Commission to provide a roadmap for the implementation of the new standard contractual clauses (SCCs) as well as European Data Protection Board's (EDPB) public consultation on the Recommendations 01/2020 to collect feedback on the supplementary measures. However, we are concerned that the EDPB guidance goes beyond both the general data protection regulation and the Schrems II ruling of the Court of Justice of the European Union. Read our full consultation response here.
AmCham EU responds to European Data Protection Board recommendations
AmCham EU appreciates the attempt of the European Commission to provide a roadmap for the implementation of the new standard contractual clauses (SCCs) as well as European Data Protection Board's (EDPB) public consultation on the Recommendations 01/2020 to collect feedback on the supplementary measures. However, we are concerned that the EDPB guidance goes beyond both the general data protection regulation and the Schrems II ruling of the Court of Justice of the European Union. Read our full consultation response here.
AmCham EU members support the purpose of the recommendations to protect the rights and privacy of citizens. Nevertheless, some elements of the recommendations would place an extreme burden on businesses of all sizes and sectors trying to conduct business. This is concerning when thousands of American and European businesses, from small and medium-sized enterprises (SMEs) to international corporations, rely on international data transfers on a day-to-day basis.
We urge the EDPB to recognise more explicitly that the application of safeguards should be risk-based, reflecting the type and volume of personal data (including whether or not it includes special categories of data), the type of government surveillance requests and access to which a multinational may be exposed. Furthermore, rather than directly addressing concerns with the foreign governments that control data protection legal regimes, the recommendations shift the responsibility and burden of assessing and supplementing the essential equivalent protection of legal systems to the private sector. These developments hinder business opportunities and international collaboration, when a seamless system for the transfer of data across borders is essential for competitiveness and innovation.
Within our consultation response we have identified key changes that could be made to the draft recommendations to improve the EDPB’s work on data transfer measures. We urge the EDPB to consider these elements and practical implications of the recently published recommendations in order to revaluate the text accordingly and proportionately.
AmCham EU makes five key recommendations. These are:
Taking account of the importance of a risk-based approach to data transfers;
The need to take a proportionate approach to potential risk to data subjects;
Considering the limitations of encryption as a protective measure for business use;
Ensuring coherence with the draft implementing decision on SCCs; and
Aligning the timeline for the transition and compliance periods with the period foreseen in the European Commission’s new SCCs.
In addition, AmCham EU joined a wide-ranging coalition of industry groups in a call to the EDPB and the European Commission to ensure much-needed legal certainty around data flows in and outside of the European Union, pointing to repercussions an unduly restrictive approach to data flows would have on European industries. Read the global business community statement here.
Related items
:focal())
News
28 Jan 2026
Choose France, choose the future
Cisco is strengthening France’s role in the global digital economy with the launch of its Global AI Hub, announced at the 2025 Choose France Summit. The hub will focus on secure, energy-efficient artificial intelligence (AI) infrastructure, innovative cooling solutions for data centres and support for the startup ecosystem. To address future workforce needs, Cisco will also train 230,000 people in France over the next three years through its Networking Academy, covering fields such as cybersecurity, data science and AI. Building on nearly 400,000 individuals already trained in France, this investment supports Cisco’s EU-wide commitment to train 1.5 million people by 2030. Read more on Invested in Europe.
:focal())
News
21 Jan 2026
Cybersecurity Act review: AmCham EU calls for greater industry engagement and evidence-based certification criteria
The European Commission’s proposal to revise the Cybersecurity Act (CSA2) comes at the right moment, as Europe faces an evolving range of cyber threats. With its measures to reinforce ENISA and make harmonisation the key to a more resilient Single Market, the proposal brings the Act closer to the realities of today’s fast-moving cybersecurity ecosystem.
However, the Commission’s proposal still fails to go far enough on providing a platform for more active industry engagement. It rightly formalises existing structures but falls short of creating mechanisms that allow for regular expert-level exchanges and meaningful industry feedback into the CSA2 framework, building on lessons learned from the past years. Such exchanges are essential, given industry’s role as a front-line defender against cyber threats.
Now, as the file moves to the European Parliament and the Council of the EU, the co-legislators must ensure certification schemes under the CSA2 remain based on technical criteria. The EU’s cybersecurity needs should be a matter for sober, technical analysis. AmCham EU therefore supports the proposal's structural distinction between technical certification and non-technical supply chain risks. Maintaining this separation prevents restrictive requirements that limit choice, reduce competition and slow innovation.
The same approach is necessary for the proposal’s provisions to secure critical infrastructure under the new ‘Trusted ICT Supply Chain Framework’ (Title IV). These measures must also be underpinned by an objective, evidence-based approach to ‘non-technical risks’. At the same time, measures involving restrictions on data transfers must be aligned with international agreements to avoid unintended disruptions to global operations.
Ultimately, US companies share the EU’s commitment to securing the region’s digital resilience. AmCham EU members invest heavily in security and stand ready to support the delivery of a framework that keeps Europe open, secure and competitive.
:focal())
News
14 Jan 2026
Irish-made AI
Developing advanced artificial intelligence (AI) capabilities is central to Europe’s digital ambitions. With a new €175 million investment, Workday is reinforcing this priority by establishing an AI Centre of Excellence in Dublin. Building on its long-standing research and development presence, the company will expand product development and create more than 200 specialised roles. Workday is also deepening its commitment to skills, partnering with national training networks and universities to equip employees with cutting-edge AI expertise. Through these collaborations, Workday is helping to drive innovation, strengthen Europe’s digital competitiveness and support the next generation of AI talent. Discover more on Invested in Europe.
Policy priorities
Insights and advocacy driving Europe’s policy agenda. Our priorities support growth, innovation and a stronger transatlantic economy.
Membership
Connecting business and policymakers to strengthen the voice of American companies in Europe.