Depending on the Membership option you choose, there are different requirements.
An overall requirement is to support the EU Cloud CoC in good faith. That includes at least being named as Member on the EU Cloud CoC website and publicly communicate your support and membership.
For joining the EU Cloud CoC as a Cloud Service Provider, you will have to explore the possibility of declaring the adherence to the EU Cloud CoC Code of at least one service within an appropriate timeframe.
Yes. Currently there are two main options: General Assembly Member and General Assembly Supporter.
General Assembly Membership is open to any Cloud Service Provider who fulfils the requirements. There are three sub-options of becoming a General Assembly Member:
- Full-Membership including voting rights
- Membership for Medium Sized Enterprises excluding voting rights
- Membership for Small Sized Enterprises excluding voting rights
Every Cloud Service provider may choose to become a Full-Member no matter of its size. Membership options for Small and Medium Sized Enterprises (SME) are only applicable for those Cloud Service Providers that fulfil the European definition of a Small or Medium Sized Enterprise.
General Assembly Supporters are considered to be non-Cloud Service Providers but any natural or legal entity that strives to support the aims of the EU Cloud CoC.
The development of the EU Cloud CoC has already started under the Directive 95/46/EC. The European Commission was involved during the drafting process. During the drafting period, the EU Cloud CoC has been handed over to the Working Party 29 twice. The feedback received by the Working Party 29 was incorporated into the latest version of the EU Cloud CoC by May 2017.
Currently the EU Cloud CoC is adjusted to become fully compliant with the European General Data Protection Regulation. As the Working Party 29 has communicated to not be able to feedback any new version of the EU Cloud CoC prior spring 2018 and due to the fact that the GDPR will enter into force by May 2018, the next time the EU Cloud CoC will be handed over to an official body of the European Union, it will be the representative body of the European data protection authorities, the European Data Protection Board. The General Assembly of the EU Cloud CoC is aiming for an official approval by the competent data protection authority shortly after.
For the EU Cloud CoC there is a dedicated and independent Monitoring Body. Any Cloud Service Provider declaring its adherence to the EU Cloud CoC must prove its compliance to the satisfaction of the independent Monitoring Body. The EU Cloud CoC will provide different levels of compliance and a respective translation of its provisions into precise controls. The respective compliance levels are currently under construction. Until then, the compliance with the EU Cloud CoC will be based on the very minimum under GDPR that is a credible plausibility check.
Cloud Service Providers may only market their adherence to the EU Cloud CoC after having received the official approval by the Monitoring Body. Such Cloud Service Providers will then be listed in the Public Register of Adherent Cloud Services.
The EU Cloud CoC addresses Cloud Services / Cloud Service Families. Hence, you will not have to comply as a Cloud Service Provider in general. But those services declared adherent to the EU Cloud CoC must fully comply with its provisions.
Please read more at Do I have to comply with the EU Cloud CoC as Cloud Service Provider as a whole?
For further questions, please do not hesitate to contact us.