US Focused on ‘Interoperable’ over Identical in Transatlantic Tech Framework

The United States and Europe aim to continue strengthening their partnership to foster parallel technology policy frameworks, laying a common regulatory foundation for the development and sharing of technological products worldwide.  

Ruth Berry, the acting deputy assistant secretary for international information and communications policy within the State Department, said the agency’s goal is cooperation over uniform regulations, following President Joe Biden’s landmark transatlantic data framework.

She explained during a talk hosted by the Center for New American Security that cooperation can facilitate secure data sharing between countries to promote economic growth and collaboration, while prioritizing civil rights.

“The US and Europe don't have to have completely identical regulatory systems,” Berry said. “And I think what's key is that in the areas where we do share objectives, we focus on interoperable solutions that can accommodate different models of governments and different political systems.”

She noted that, while there is little friction between countries within the European Union and the U.S., both have distinct approaches to regulating the data private tech companies harvest. Legislative proposals currently under review in the EU, such as the expansive Artificial Intelligence Act and the DATA Act, stand to restrict U.S.-based companies from conducting aspects of their business in Europe where these laws apply.

“The United States wants to ensure that…U.S. companies aren't being targeted,” Berry said. “I think we have the relationships and the processes in place to be able to address these things.” 

One of the discrepancies includes the proposed EU Cybersecurity Certification Framework, which establishes baseline requirements for all cybersecurity products operating in the EU. Berry said that domestic ownership requirements within the proposed law could require U.S. cloud and other tech companies to transfer their technology to EU companies that abide by the overarching framework. 

Berry said discussions between governments are “underway,” and that provisions within the existing Organization for Economic Cooperation and Development establish necessary guardrails and rules to monitor government access to private sector data. She further noted that, while she doesn’t anticipate the EU and U.S. to be identical in their regulatory approaches, they can work to minimize the discrepancies to facilitate access to the global tech market. 

“I think we really would like to see a risk-based approach that…does not treat companies that are headquartered in countries with friends and allies the same as companies that may be headquartered within authoritarian regimes.”

Given that national security for all countries has become inextricably linked to digital network security, Berry further noted that strict data localization laws––or the requirement to store and use data solely in the country from which it was collected––can have adverse security impacts. 

She cited the Ukrainian data centers that stored sensitive government data, and later became targeted by Russia as it further invaded the country, as examples of the benefits of global and interoperable internet protocols. 

“I think it's important to really think about what does actually raise the bar of security. And often, localization and requiring the use of non-U.S. companies does not always result in greater security or reliability for those data centers,” she said.