I agree. The US federal government buys a lot of kit and so may have an effect on the market. They also have a small set of bodies / agencies - OMB, Homeland Security, NIST - who can be tasked in this particular case. This is not the case in the EU. MS do the purchasing.

But “trade” tends to mean "international trade" and that is “complicated". I think we are not there. I can expand if required.

But briefly. Everybody - everybody! - has supplied kit with vulnerabilities. So it is cool to accept broken stuff from local - NA / EU - suppliers but say we will not buy any stuff from certain other countries? 

And anyway your smartphone was manufactured where exactly?

;-)

Gordon


On 4 Aug 2017, at 19:31, Patrik Fältström <paf@frobbit.se> wrote:

To comment on what Gordon wrote, I think the choice of saying for example "procured by the federal government" etc is simply because of what power the legislator have. In many MS of EU one could probably say "public sector" and not only federal level. But it may differ between MS.

Regarding Europol, I think they only act as proxies between police in the various MS. They do not take action on their own. And regarding ENISA, well, we have the struggle between COM and ENISA and I personally think it would be COM that make statements.

That said, this is most certainly much more a trade issue than IT or even security.

So Gordon, who knows trade?

  paf