Skip navigation

Complementing the EU Cloud CoC to become a safeguard pursuant Art. 46 GDPR

The EU Cloud CoC has offically been approved by the Belgian data protection Authority and is designed to become a sufficient guarantee pursuant Art. 28.5 GDPR. Providing a thorough list of essential requirements for Cloud Service Providers (CSP) in their role as processor, the latest version of the Code builds the very core of an entire, upcoming ecosystem.

Following Schrems II (C-311/18), European data protection community, and ultimately European business and industry is facing severe uncertainty. Both, legal experts and authorities, are considering European Court of Justice's ruling demanding, still not being able to particularly name what shall be adequate consequences to take. 

The EU Cloud CoC General Assembly decided to take the challenge and is willing to draft an effective but accessible safeguard for third country transfers by means of a separate on-top module to the Art. 28.5 GDPR Code.

Check out our Webinar Series!

The EU Cloud CoC hosted its first Webinar series on "Codes of conduct: Building a Trustworthy Framework for International Data Transfers Post Schrems II”.

For more information about upcoming dates and past episodes visit the Webinar's dedicated webpage!

Invitation to join the initiative

While providing adequate safeguards is a legal requirement, ultimate understanding of "adequacy" easy goes beyond a mere legal discourse. Therefore, the EU Cloud CoC is willing to closely cooperate and collaborate with different stakeholders including the European Commission and the data protection supervisory authorities. This approach shall guarantee, to the extent possible, that whatever solutions this industry driven initiative will conclude, will not face undue concerns. This initiative rather intends to start an overarching discussion with all relevant stakeholders to draft the most stable, effective but accessible and business suitable solution possible.

Interested stakeholders are explicitly invited to join this unique and first of its kind initiative. Whereas Cloud Service Providers may join as Members of the General Assembly, Non-CSPs are invited to join the the EU Cloud CoC as Supporter.

Frequently Asked Questions

No, the Third Country Transfer Initiative is currently creating a dedicated safeguard for the third country data transfers as an on-top Module to the EU Cloud CoC.

Please, read more about the Third Country Transfer Initiative. 

The Third Country Transfer Initiative is currently developing an on-top Module to the EU Cloud CoC creating a dedicated safeguard for the third country data transfers.

Please, read more about the Third Country Transfer Initiative. 

No, it is not yet completed but work on the Module is underway.

Please, read more about the Initiative and its work on the Third Country Module. Stakeholders are explicitly invited to actively contribute to and partake in the Initiative.

Since it is an on-top Module of the EU Cloud CoC, every Member of the EU Cloud CoC can join the Initiative. You can use the Online Application Form.

The Third Country Module is an on-top Module of the EU Cloud CoC and therefore will also be monitored by SCOPE Europe.

The Third Country Module is an on-top module of the EU Cloud CoC. Consequently, the participation in the Module is included in the fees for the EU Cloud CoC now. That goes notwithstanding any additional fees relating to the verification of compliance once a Cloud Service will be declared adherent to this Module. 

Though the Initiative surely intends to address the Schrems II ruling and acknowledging that the underlying case of Schrems II was related to the US, the consequences and impact of such ruling is not limited to the US. Consequently, the Third Country Transfer Module intends to cover any third country transfer irrespective the applicable third country, i.e. the Module applies globally. 

This transfer Module will be created for global use. 


Transfers considered under this Third Country Module are those subject to Chapter V GDPR.