Skip navigation

Your path to trusted cloud services in Europe

The EU Cloud Code of Conduct contains rigorous assurances for the protection of data in cloud services.



You are a Cloud Service Provider and want to know more about Codes of Conduct? Read more about Codes of Conduct in general and the benefits of joining the EU Cloud Code of Conduct.


Latest news

The EU Cloud CoC is expanding! Read more about recent developments within our news section or follow us on twitter.


Get the Code

Here is the full text of the recently fully revised Code (first developed under Directive 95/46/EC and revised for GDPR). It will be subject to regular revision and updates to take into account additional GDPR requirements as these evolve.

Trust in cloud computing is essential.

It has never been more true than today to assert that without user trust, technology will not be able to advance to reach its full potential. At the core of building trust is robust data protection. The EU Data Protection Code of Conduct for Cloud Service Providers plays an important role here. Known by its abbreviated name EU Cloud Code of Conduct, it sets out clear requirements and recommends procedures to raise the level of data protection in cloud services, based on GDPR.

The first version of the EU Cloud Code of Conduct was released in February 2017, following close collaboration between the Cloud Select Industry Group and the European data protection regulatory bodies. As of 25 May 2018, the EU Cloud CoC has been revised to align with the new rules under GDPR. For this latest release of the Code, we have added an implementation guide, the Controls Catalogue,  which builds on industry best practices in security and privacy and expands upon them. Requirements of the GDPR and the Code are linked and mapped to leading information security standards.

This is the first time that a single initiative allows a cloud provider or a cloud customer to establish precisely which requirements they should meet under the GDPR, which assurances they get from existing certifications, and above all obtain the certainty that the gap between the GDPR and the certification is comprehensively filled. This is a crucial added value of the Code.

Alibaba Cloud
Cloud Industry Forum
Google Cloud