4th November 2024, Brussels. CISPE’s Cloud Switching Framework (CISPE Framework), available now, provides comprehensive guidelines and technical requirements to help cloud providers and their customers to quickly operationalize and automate compliance with the Data Act’s obligations around cloud data portability and switching. The CISPE Framework gives new assurances to cloud customers, in preparation for the Data Act fully entering into force in September 2025, while empowering them to innovate with speed and agility today.
The Data Act is designed to empower European customers to experiment, choose, and change cloud services – whether taking a single or multi-cloud approach – to find the solutions that best fit their evolving business needs. As it comes into force, the challenge for customers, vendors and regulators alike will be to ensure compliance without creating unnecessary burdens.
The CISPE Framework, already supported by CISPE members representing all parts of the sector from global hyperscale to local SME cloud providers, facilitates and simplifies the practicalities of compliance. By streamlining technical and operational complexities of traditional outsourcing projects it will reinforce customer choice and their ability to realize the full benefits of cloud migration with no fear of lock-in. Building on the long-term collaboration between CISPE and GAIA-X, cloud providers will also be empowered to present their declaration of adherence to the Framework in a machine-readable format, also called “verifiable credentials”, enabling automation of compliance checks. As such, the CISPE Framework will become an important tool that promotes greater cloud choice, competitiveness and innovation across Europe.
The CISPE Framework focuses on the technical and operational processes required to deliver the porting and switching capabilities demanded by the Data Act. It covers:
- Transparency: providing customers with clear, detailed information on the switching process, including procedures, data formats, costs, and technical limitations.
- Initiation of Switching: detailing designated channels for customers to notify a switching request and to track progress of such requests.
- Technical Requirements: availability of open interfaces, data export tools, and other technical capabilities that facilitate switching while ensuring data security.
- Termination: process for terminating the contract on the switching service, upon customer’s confirmation of the switch completion and subsequent account closure request.
- Contractual Obligations: confirmation of the right and ability of a customer to switch or use multiple providers, and specification of the provider’s switching assistance obligations, data export requirements, and termination procedures.
“Today we are providing a tool that radically simplifies compliance with the Data Act – allowing providers and customers ample time before next September’s deadline,” said Francisco Mingorance, secretary general of CISPE “The implications of the machine-readable verifiable credentials supported by the CISPE Framework are far reaching, and this is just the beginning.”
The CISPE Cloud Switching Framework can be found here and any organization interested in using it, or finding out more, should get in touch with CISPE here.
Further comments from CISPE members
Emile Chalouhi, CEO and co-founder of CISPE member, Opiquad, added: “The future of the cloud in Europe lies in federated solutions that deliver choice through seamless composition of cloud services from diverse providers. The potential to automate compliance in the future is an exciting catalyst for these services.”
Lorenzo Chiriatti, Group General Counsel at Register, said: “At CISPE we have a well-earned reputation for creating and successfully deploying codes of conduct and frameworks that help members and their customers comply with regulation in the cloud. This CISPE Framework is another valuable addition to this portfolio and I urge cloud service providers and European cloud customers to incorporate it into their compliance routines.”
“Our customers are excited by the porting and switching aspects of the Data Act, but they are confused about its application. The CISPE Framework will be a significant advantage to us as we demonstrate to customers the practical steps to making switching clouds, or establishing multi-cloud infrastructures a reality,” said Diego Cabezudo, CEO of Gigas.
“CISPE Cloud Switching Framework will greatly assist both Cloud Service Providers (CSPs) and their customers in meeting the compliance requirements set by the upcoming Data Act, which will come into effect in less than a year. Its practical and straightforward approach makes it an invaluable tool for the entire cloud market, especially in terms of addressing switching and data portability obligations” said Stefano Sordi, General Manager at Aruba.
Claudio Abad, CEO at Deda.cloud, said: “For smaller customers and vendors seeking to create flexible hybrid and multi-cloud solutions it is essential that compliance with the Data Act is as seamless and straightforward as possible. The CISPE Framework helps ensure this is the case.”
Antti Vilpponen, CEO at UpCloud added, “The focus on practical compliance processes and the potential to automate much of the work necessary makes the CISPE Framework stand out from other approaches, and we will certainly be using it.”
Jacqueline van de Werken, Leaseweb Global Group General Counsel and President of CISPE, said; “Leaseweb has been deeply involved both in creating the CISPE Framework and in working with the European Commission on its voluntary Standard Contractual Clauses for the Data Act. Still, there remains much to clarify. The CISPE Cloud Switching Framework provides IAAS cloud providers, especially SMEs, as well as their business customers, an invaluable, stand-alone way to understand and implement Data Act compliance requirements.”
Arnaud David, Director Public Policy EMEA, Digital and AI, at AWS said: “We have been a huge supporter of the CISPE Cloud Switching Framework from the outset. It is important that it is available now to allow providers and customers ample time to assess their cloud choices as the deadline for Data Act compliance draws closer.”