EMEA | Financial services


The European Securities and Markets Authority (“ESMA”) is an independent European Union authority that contributes to safeguarding the stability of the EU’s financial system by enhancing the protection of investors and promoting stable and orderly financial markets. ESMA aims to promote supervisory convergence across the financial sector and works closely with the European Banking Authority  and the European Insurance and Occupational Pensions Authority.

The guidelines on outsourcing to cloud service providers (“ESMA cloud outsourcing guidelines”) assist regulated entities identify, address and monitor the risks that may arise from cloud outsourcing arrangements. The ESMA cloud outsourcing guidelines provide specific guidance on: key contractual elements, information security, exit strategies, access and audit rights and sub-outsourcing.

Google Cloud’s contracts for financial institutions in the EU address the requirements in the ESMA Cloud Outsourcing Guidelines. We have also created mappings to the guidelines for both GCP and Google Workspace to assist you with understanding how we can support you with meeting the requirements and assess us as an outsourced service provider. Google Cloud is committed to addressing these requirements regardless of how financial institutions choose to use our services.

ISO/IEC 27001

Learn more

ISO/IEC 27017

Learn more

ISO/IEC 27018

Learn more