EU Cloud Code of Conduct

The EU Cloud Code of Conduct (CoC) was designed to contribute to an environment of trust and transparency in the European cloud computing market and to simplify the risk assessment process of Cloud Service Providers (CSPs) for cloud customers.   

The CoC was developed by Scope Europe, an independent third party association, in collaboration with several industry players.

Adherence to an approved code of conduct, as described  in GDPR Article 40, can be used to help demonstrate that sufficient guarantees have been made to implement appropriate technical and organizational measures as a data processor under the GDPR. 

The CoC was approved by the Belgian Data Protection Authority on May 20, 2021, based on a positive opinion by the European Data Protection Board. Prior to official endorsement by supervisory authorities, Scope Europe enabled CSPs to demonstrate their adherence to the EU CoC under provisional assessment procedures. 

Google Cloud Platform and Google Workspace have demonstrated their adherence to the CoC at the second level of compliance, which means that these services commit to implementing data protection and security policies that align to the GDPR as determined by Scope Europe. To demonstrate compliance, Google Cloud performed an internal audit of over 80 CoC requirements and leveraged our existing independent third-party certificates and audits, such as ISO/IEC 27001.

Google Cloud services that are in scope for EU Cloud Code of Conduct

ISO/IEC 27001

Learn more

ISO/IEC 27701

Learn more