EMEA | Financial services

BaFin Cloud Outsourcing Guidance

The Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) is responsible for the supervision of all banks, credit institutions, insurers, funds and financial institutions in Germany. Its objective is to ensure the functioning, stability and integrity of the German financial market. BaFin issued guidance on outsourcing to cloud service providers (BaFin Cloud Outsourcing Guidance) to create greater transparency into the supervisory assessment of cloud outsourcing.

The BaFin Cloud Outsourcing Guidance provides specific outsourcing guidance for financial institutions on contractual terms, including information and audit rights, the right to issue instructions, data security / protection, termination and chain outsourcing.

Google Cloud's contracts for financial institutions in Germany address the requirements in the BaFin Cloud Outsourcing Guidance. We have also created mappings to the BaFin Cloud Outsourcing Guidance for both GCP and Google Workspace to assist you with understanding how we can support you with meeting the requirements and assess us as an outsourced service provider. Google Cloud is committed to addressing these requirements regardless of how financial institutions choose to use our services.


ISO/IEC 27001

Learn more

ISO/IEC 27017

Learn more

ISO/IEC 27018

Learn more