European industry organization CISPE is launching a code of conduct for cloud providers approved by Europe. Providers who subscribe to the code pledge to work in accordance with the GDPR and rules around data sovereignty.
CISPE (Cloud Infrastructure Services Providers in Europe) is launching a code of conduct for cloud providers. That code includes rules to ensure compliance with European legislation such as the GDPR. Providers that adhere to the CISPE code indicate that European users should not worry about what happens to their data at the infrastructure level. Thus, the GDPR is followed and data stays neatly within the European Economic Zone.
CISPE unites international cloud providers in Europe. With the code of conduct, the industry organization wants to ensure that other companies that build or consume services on top of cloud infrastructure can sleep on two ears. Among others, AWS, Aruba, OVHCloud, Outscale, Elogic and Leaseweb already signed on to the code of conduct.
Independent audit
The code is more than a piece of paper, the association emphasizes. For example, the code was approved by the European Data Protection Board (EDPB) and the French Data Protection Authority (CNIL). Thanks to cooperation rules for national entities, an approval for CNIL has EU-wide weight. Furthermore, the code includes a monitoring component. Independent bodies, approved by CNIL, will monitor whether participants actually behave correctly according to the rules.
CISPE says it is going a little further than the GDPR and also wants to be compatible with for Gaia-X. Within that European cloud project, transparency and trust are key. The CISPE Code of Conduct comes with automatically verifiable credentials to facilitate that.