Data Protection for Cloud Infrastructure Service Providers

Code of Conduct

The CISPE Code of Conduct is the first and only code to focus exclusively on the Infrastructure-as-a-Service (IaaS) sector. Compliance with the CISPE Code is verified by independent,
external auditors accredited as “Monitoring Bodies” by the competent European Data Protection Authority.


The CISPE Code of Conduct for Data Protection was developed over several years with the close cooperation and support of the French data protection authority CNIL. It has been ratified both by CNIL and the European Data Protection Board (EDBP) which coordinates and works towards consistent application of data protection rules. 

Main achievement so far

  • The CISPE Code of Conduct was formally approved by EDPD and ratified by CNIL in May and June 2021 – the first Code dedicated to IaaS to receive approval
  • The CISPE Code of Conduct has been welcomed by politicians, regulators and businesses across Europe for its specific focus on Data sovereignty, Independence, Prohibition of using customer data, and Focus on IaaS,
  • Hundreds of Cloud Infrastructure Services have declared adherence to the CISPE Code providing their customers with confidence to build GDPR compliant services with them.



Contact Person

Bálint Sedlmayr