The European Banking Authority (EBA) is an independent EU Authority that works to ensure effective and consistent prudential regulation and supervision across the European banking sector. The EBA Guidelines on Outsourcing Arrangements (EBA outsourcing guidelines) specify the internal governance arrangements that financial institutions within the EBA’s mandate should implement when they outsource functions to service providers, including cloud service providers. These guidelines replace the Committee of European Banking Supervisors (CEBS) guidelines on outsourcing that were issued in 2006. They also replace the EBA’s recommendations on outsourcing to cloud service providers published in 2018.
The EBA outsourcing guidelines provide specific guidance on the relationship between financial institutions and their service providers. In particular, the guidelines specify a set of aspects that should be included in the contract between the financial institution and their service provider, including requirements on sub-outsourcing, security, access, information and audit rights, and termination rights.
Google Cloud’s contracts for financial institutions in Europe address the contractual requirements in the EBA outsourcing guidelines. We have also created mappings to the guidelines for both GCP and Google Workspace to assist you with understanding how we can support you with meeting the requirements and assess us as an outsourced service provider. Google Cloud is committed to addressing these requirements regardless of how institutions choose to use our services.