Skip navigation

The EU Cloud Code of Conduct becomes first GDPR code of conduct to receive green light from data protection authorities

SCOPE EuropeEU Cloud CoC

The members of the EU Cloud Code of Conduct General Assembly and SCOPE Europe are proud to announce that the EU Cloud CoC has received its official approval by the Belgian Data Protection Authority, following the positive opinion issued by the European Data Protection Board.

It is the first Transnational Code of Conduct covering all cloud offerings to be approved. It will make it simple for cloud service users – particularly SMEs and public bodies – to determine whether a given cloud computing-based service is GDPR-compliant. In doing so, it will build trust in online services and raise the default level of data protection in the European cloud computing market, ultimately helping to accelerate the adoption of this key technology and bring the benefits of cloud computing to a wider section of Europe’s economy.

David Stevens, Chairman of the Belgian Data Protection Authority, the lead data protection authority for the Code of Conduct, said:

“The approval of the EU Cloud CoC was achieved through narrow collaboration within the European Data Protection Board and is an important step towards a harmonised interpretation and application of the GDPR in a crucial sector for the digital economy.

I hope that this first experience in approving a transnational code of conduct will mark the beginning of the development of more transnational codes of conduct to foster compliance for companies, harmonisation for sectoral organizations and transparency for data subjects”

Agnieszka Bruyère, Vice-President, IBM Cloud, IBM EMEA, said:

“The major contribution of this Code of Conduct will be to make GDPR readiness easy to verify. This is great news for users and public entities across Europe, who will find it easier to assess the services on offer and capitalise on the possibilities offered by cloud computing.”

In parallel to the approval of the Code of Conduct, SCOPE Europe has been officially accredited as the monitoring body tasked with overseeing the Code of Conduct. This means it meets the requirements in the GDPR concerning independence, expertise and established procedures for monitoring compliance.

Jörn Wittmann, Managing Director of SCOPE Europe, said:

“We’re delighted and proud to be the first accredited monitoring body for a transnational code of conduct under the GDPR, and we believe this code of conduct sets an unparalleled market standard. As such, we will continue to work to uphold the highest levels of compliance and significantly contribute to the establishment of a trustworthy and innovation-friendly online environment.”

Correspondents are invited to attend the EU Could Compliance Summit from 9:15 on 20 May, featuring high-level speakers from all the parties involved in developing the Code of Conduct.



Press Contact

Jack Keevill




The EU Cloud Code of Conduct was founded in February 2017, after four years of close collaboration between the European Commission and the cloud computing community. The EU Cloud CoC intends to increase transparency in the European cloud marketplace and those parties which sign up to it will certify that their services adhere to the rigorous European data protection requirements.

The EU Cloud CoC is open to all Cloud Service Providers, regardless of size and from all layers  (IaaS, PaaS, SaaS), on the condition that the cloud services they sign up to the Code adhere to the data protection safeguards laid out in EU data protection legislation.

The EU Cloud CoC concretizes requirements of Art. 28 GDPR – and all relevant related Articles of the GDPR – for practical implementation within the cloud market.

Cloud computing is the backbone of the digital age and the vital infrastructure anchoring the performance of every other sector in our economy. Nevertheless, the lack a reliable framework to evaluate data protection compliance of cloud services has considerably slowed down the diffusion of this key technology and, consequently, EU’s path towards digitalisation.

Finally filling this gap, the EU Cloud Code of Conduct emerges as the first tool to receive official approval by Data Protection Authorities to ensure and prove GDPR compliance for all service types of cloud computing.

Presenting a robust compliance mechanism, this initiative has the unique potential to establish a trustworthy environment capable of protecting the rights of millions of European citizens while reducing market asymmetries and boosting innovation and growth. 

The Code is a product of years of meaningful collaboration between the European Commission, the data protection authorities and the cloud computing community and gathers today a wide and diverse membership array, representing the majority of the European cloud industry market share.  

shows the logo of EU Cloud Code of Conduct