Compliance resource center

Google Cloud’s industry-leading certifications, documentation, and third-party audits to help support your compliance.

Google Cloud compliance

As part of your migration to the cloud, you may need to validate our compliance documentation, certifications, and controls. Google Cloud creates and shares mappings of our industry leading security, privacy, and compliance controls to standards from around the world. We also regularly undergo independent verification—achieving certifications, attestations, and audit reports to help demonstrate compliance.

Download reports directly via our Compliance Reports Manager

Learn about:

  • Certifications and compliance standards that we satisfy
  • Information about regional and sector-specific regulations
  • Documentation to aid your own reporting and compliance efforts

Compliance offerings by region

We continually expand our coverage against the most important global standards.


Latin America


Asia Pacific

See all of our offerings by region, industry, and focus area
Map of the world showing five regions: Canada, USA, Latin American, EMEA, Asia Pacific

Compliance offerings by category

Auditor-validated certifications and attestations

An independent third-party auditor has granted a formal certification, attestation, or audit report based on an assessment that affirms our compliance with these offerings.


Cloud Computing Compliance Controls Catalog (C5) | CSA | GSMA SAS-SM | Higher Education Cloud Vendor Assessment Tool (HECVAT) | ISO 9001:2015 | ISO 22301:2019 & BS EN ISO 22301:2019 | ISO 50001:2018 | ISO/IEC 27001 | ISO/IEC 27017 | ISO/IEC 27018 | ISO/IEC 27701 | PCI 3DS Core Security Standard | PCI DSS | SOC 1 | SOC 2 | SOC 3 | VPAT (WCAG, U.S. Section 508, EN 301 549)

Laws and regulations

Cloud service providers can’t provide formal certification of our customers compliance with these laws and regulations. To help support our customers we review these laws and regulations and where possible provide guidance documents, mappings, and papers that outline our technical capabilities and legal commitments. 

Global and North America

GxPCalifornia Consumer Privacy Act (CCPA) | COPPA (U.S.) | Export Administration Regulations (EAR) | FDIC (US) | FERPA (U.S.) | FINRA (US) | HIPAA | IRS 1075International Traffic in Arms Regulations (ITAR) | GLBA | OSFI (Canada) | FG16/5 - FCA | NERC CIP | PHIPA (Canada) | StateRAMP | PIPEDA (Canada)


ACPR (France) | BaFin Cloud Outsourcing Guidance | Banco de España | Banco de Portugal | Bank of Italy | BRSA (Turkey)BSI Critical Infrastructure (KRITIS) |BWG (Austria) | Central Bank of Ireland (Ireland) | CSSF (Luxembourg) | De Nederlandsche Bank (the Netherlands) | EU Standard Contractual Clauses | FINMA (Switzerland)FSA (Denmark) | GDPR | KNF (Poland) | revFADP (Switzerland) | South Africa POPI | SFSA (Sweden) | VAG (Austria)| SYSC 8 Outsourcing - FCA Handbook | UK CHECK

Alignments and frameworks

Our products, technical capabilities, guidance documents, and legal commitments help our customers map to these frameworks and alignments. These offerings may not require formal certification or attestation, though we may rely on our certifications, attestations, and reports to help our customers map to these frameworks and alignments.