Schrems II and industry examples

Is this type of encryption (proposed in Concrete library) “Schrems II” compliant? can it be considered as one of the “additional security measures” required by EDBP for transfers to the US?

Do you have examples in industry of using FHE in general and Concrete ML particularly?

Thanks in advance

1 Like

Thanks a lot. So, two questions in one:

  • regarding the first one (compliance): This depends on how they look at end-to-end encryption in general. We dont think there is anything currently about this, so we would say FHE is currently equivalent to traditional encryption from a regulatory perspective. However, there is a case to be made that it doesn’t matter where the encrypted data goes since the decryption keys aren’t sent along with it (maybe companies / organizations – including yours – can lobby to make that more clear?).

  • regarding the second one (industry examples): Our focus in Zama is currently to support developers by providing tools that enables them to use FHE. The current limitations of FHE that prevents it from being used in complex applications are being lifted and we are confident FHE will be production ready for 80% of applications by 2025. If the applications is not too complex, or if runtime is not an issue, it can even be used today.

A good example of FHE in production: