Skip navigation

Cloud computing provides significant benefits to both public and private sector customers in terms of cost, flexibility, efficiency, security and scalability. In order to secure the trust of cloud customers in Cloud Service Provider (CSPs), the EU Cloud Code of Conduct aims to demonstrate and assure compliance with data protection laws as essential preparation for the General Data Protection Regulation (GDPR).

As representatives of European and multinational companies and organizations with significant involvement in cloud computing, we have developed a set of regulations that enables CSPs to demonstrate their capacity to comply with the Code across varying levels of proof and assurance.


The EU Cloud Code of Conduct consists principally of a set of requirements for CSPs adhering to the Code, plus a governance structure that aims to support the effective and transparent implementation, management, and evolution of the Code. The Code is a voluntary instrument, allowing a CSP to evaluate and demonstrate its adherence to the Code’s requirements, either through self-evaluation and self-declaration of compliance and / or through third-party certification.

The intention of the EU Cloud Code of Conduct is to make it easier for cloud customers (particularly small and medium enterprises and public entities) to determine whether certain cloud services are appropriate for their designated purpose. In addition, the transparency created by the Code will contribute to an environment of trust and create a high default level of data protection in the European cloud computing market.

The EU Cloud Code of Conduct is

  • the only Code covering the full spectrum of cloud services: software (SaaS) and platform (PaaS) as well as infrastructure (IaaS).
  • the only Code governed independently: declarations are overseen by the independent monitoring body SCOPE Europe, scrutinizing cloud services which sign up to the Code and monitoring services that are certified in the Code – a requirement of the GDPR.
  • the only Code specifically inviting Cloud Service Providers of all sizes and from all cloud sectors: the distinct membership options invite all CSPs committing to adhering to rigorous data protection safeguards, regardless of the size of the company or the cloud delivery model or your size.
  • the only Code drafted together with authorities of the European Union: the Code was developed by the Cloud Select Industry Group (Data Protection Code of Conduct Subgroup) convened by the European Commission under the auspices of DG Connect and with the involvement and advice of DG Justice. Development of the Code was further informed by input from the Article 29 Working Party.