Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

CISPE Code of Conduct

x
00:00
00:00
00:00
Download

The CISPE Code of Conduct is the first pan-European sector-specific code for cloud infrastructure service providers under Article 40 of the European Union’s General Data Protection Regulation (GDPR) receiving a green light from the European Data Protection Board (EDPB). It helps organisations across Europe accelerate the development of GDPR compliant cloud-based services for consumers, businesses, and institutions.

The CISPE Code of Conduct offers three key advantages:

Data in Europe

Many European businesses want to retain better control over their data by ensuring that it remains within the EU. Uniquely and while not required for GDPR compliance, the CISPE Code of Conduct gives IaaS customers explicit options to select services that enable data to be processed entirely within the European Economic Area. As such, it also promotes data protection best practices which support the EU’s GAIA-X initiative to develop European federated cloud data services.

Independent

Compliance with the CISPE Code of Conduct is verified by independent, external auditors accredited as “Monitoring Bodies” by the competent European Data Protection Authority. Independent “Monitoring Bodies” strengthen the level of assurance provided by services declared under the code.

Focused

It is the first and only code to focus exclusively on the Infrastructure-as-a-Service (IaaS) sector and address the specific roles and responsibilities of IaaS providers, which cannot be represented in general, multi-purpose codes. The CISPE Code of Conduct creates the confidence and trust for end-users that a declared IaaS service is compliant with GDPR. Providers of declared services will only access or use customer data to maintain or provide the service and will not use customer data for marketing or advertising purposes.

The Trust Mark

Any company that provides Infrastructure as a Service (IAAS) in line with our Code of Conduct is eligible to apply for an official CISPE trust mark.

Candidate

The ‘Candidate’ mark is awarded to services and providers that have fulfilled the self-assessment against the CISPE Code of Conduct requirements pending the verification by an independent Monitoring Body.

Compliant

The ‘Compliant’ mark is given to services and providers for which compliance with the CISPE Code of Conduct has been verified by an independent Monitoring Body. 

Using CISPE data protection trust marks is subject to :

  • Declaring your service to CISPE and receiving a declaration number
  • Paying the fees required
  • Accepting the licensing contract that covers CISPE trust marks

4 steps to get the CISPE Trust Mark

1

Read the Code and determine which one(s) of your services meet the requirement(s)

2

Declare your services by completing and submitting the Declaration
of Adherence with the required documentation on the “Declare a Service” page.

3

If the submission is complete, CISPE Secretariat will incorporate the Declaration of Adherence into the Public Register within 10 working days of the notification of acceptance. (note: notification of acceptance may take up to 40 days)

4

CISPE will issue an invoice based on the number of services declared according to the fee schedule.