Compliance resource center

Google Cloud’s industry-leading certifications, documentation, and third-party audits to help support your compliance.

Contact us See compliance offerings

Google Cloud compliance

As part of your migration to the cloud, you may need to validate our compliance documentation, certifications, and controls. Google Cloud creates and shares mappings of our industry-leading security, privacy, and compliance controls to standards from around the world. We also regularly undergo independent verification—achieving certifications, attestations, and audit reports to help demonstrate compliance.

Download reports directly via our Compliance Reports Manager

AI trust paper

Customers interested in Google Cloud’s approach to AI can reference Google Cloud’s Approach to Trust in Artificial Intelligence for a view into our security, privacy, governance, and responsible AI posture.

Compliance offerings by region

See all of our offerings by region and focus area

Compliance offerings by industry

Financial Services

Government and Public Sector

Healthcare and Life Sciences

Featured papers

Regulatory Considerations for US Financial Institutions Migrating to Google Cloud

Trusting your data with Google Cloud

Government Requests for Cloud Customer Data

Trusting your data with Google Workspace

Data Portability and Interoperability

See more papers and guides

Industry spotlight: telecommunications

Expert insights into an industry with a significant history and diverse regulatory landscape. Explore our regional compliance papers on the telecommunications industry.

United States: Regulatory themes in the telecommunications industry

Europe: Insights into telecom regulations

Middle East: Insights into telecom regulations

Latin America: Telecoms regulatory themes

India: Regulatory themes in the telecommunications industry

Compliance offerings by category

Auditor-validated certifications and attestations

An independent third-party auditor has granted a formal certification, attestation, or audit report based on an assessment that affirms our compliance with these offerings.

Global

Cloud Computing Compliance Controls Catalog (C5) | CSA | GSMA SAS-SM | Higher Education Cloud Vendor Assessment Tool (HECVAT) | ISO 9001:2015 | ISO 22301:2019 & BS EN ISO 22301:2019 | ISO 50001:2018 | ISO/IEC 27001 | ISO/IEC 27017 | ISO/IEC 27018 | ISO/IEC 27701 | PCI 3DS Core Security Standard | PCI DSS | PCI PIN Security | SOC 1 | SOC 2 | SOC 3 | SWIFT on Google Cloud | VPAT (WCAG, U.S. Section 508, EN 301 549)

The Americas

FedRAMP | FIPS 140-2 Validated | HITRUST CSF | Independent Security Evaluators (ISE) Audit | Minimum Acceptable Risk Standards for Exchanges (MARS-E) | StateRAMP | TruSight | U.S. Cybersecurity Maturity Model Certification (CMMC) | U.S. Defense Information Systems Agency Provisional Authorization

EMEA

Spain Esquema Nacional de Seguridad (ENS) | EU Cloud Code of Conduct | HDS | ISAE 3000 Type 2 Report (FINMA) | ISO 14001 | Microfin | NCSC - Cyber Essentials Plus (UK) | Police Assured Secure Facilities (PASF) | Qatar National Information Assurance (NIA) | SWIPO Data Portability Code of Conduct | TISAX

Asia Pacific

Australia Hosting Certification Framework (HCF) | Information System Security Management and Assessment Program (ISMAP) | IRAP (Information Security Registered Assessors Program) | JIIMA | K-ISMS (Korea) | MTCS (Singapore) Tier 3 | OSPAR | SNI 27001 | ETDA (Thailand)

Laws and regulations

Cloud service providers can’t provide formal certification of our customers compliance with these laws and regulations. To help support our customers, we review these laws and regulations and where possible provide guidance documents, mappings, and papers that outline our technical capabilities and legal commitments.

Global and North America

GxP | California Consumer Privacy Act (CCPA) | COPPA (U.S.) | Export Administration Regulations (EAR) | FERPA (U.S.) | FINRA (US) | HIPAA | IRS 1075 | International Traffic in Arms Regulations (ITAR) | GLBA | OSFI (Canada) | FG16/5 - FCA | NERC CIP | PHIPA (Canada) | StateRAMP | PIPEDA (Canada) | US Federal Banking Agencies | U.S. Defense Federal Acquisition Regulation Supplement (DFARS)

EMEA

ACPR (France) | BaFin Cloud Outsourcing Guidance | Banco de España | Banco de Portugal | Bank of Italy | BRSA (Turkey) | BSI Critical Infrastructure (KRITIS) |BWG (Austria) | Central Bank of Ireland (Ireland) | CSSF (Luxembourg) | De Nederlandsche Bank (the Netherlands) | EU DORA | European Union’s Digital Markets Act | EU Solvency II | EU Standard Contractual Clauses | FINMA (Switzerland) | FSA (Denmark) | GDPR | ISO 14001 | Israel’s Privacy Protection Authority | KNF (Poland) | MaRisk AT 9 Outsourcing | PRA (UK) | revFADP (Switzerland) | South Africa POPI | SFSA (Sweden) | Telecoms Security Act (UK) | VAG (Austria)| SYSC 8 Outsourcing - FCA Handbook | UK CHECK

Latin America

PDPL (Argentina) | BCRA (Argentina) | Central Bank of Brazil (Brazil) | CNBV (Mexico) | CNSF (Mexico) | CMF (Chile) | Superintendencia de Banca (Peru) | Financial Superintendence of Colombia | Lei Geral de Proteção de Dados (LGPD) | ASFI (Bolivia)

Asia Pacific

Act on the Protection of Personal Information (Japan) | APRA Prudential Standard CPS 234 | APPs (Australia) | APRA (Australia) | Bank Negara (Malaysia) | Bank of Thailand (BOT) | BSP (Philippines) | DSA (Bangladesh) | FSC Insurance Outsourcing Directions | FSC Banking Outsourcing Regulations | GR 95/2018 guidelines | IA (Hong Kong) | HKMA (Hong Kong) | MAMPU (Malaysia) | PDPO (Hong Kong) | Indonesia Government Regulation No. 71 (GR 71) | IRDAI (India) | FSC (Korea) | Korean Financial Supervisory Service (FSS) | MAS TRM Guidelines | OIC (Thailand) | OJK Circular 21 of 2017 (SEOJK 21) | OJK Regulation No. 38 of 2016 (POJK 38) | PDP Law (Indonesia) | PDPA (Malaysia) | PDPA (Philippines) | PDPA (Taiwan) | PDPA (Thailand) | PDPD (Vietnam) | PIPA (Korea) | RBI (India) | Reserve Bank of New Zealand (New Zealand) | Securities and Exchange Board of India (SEBI) | PDPA (Singapore) | State Bank of Vietnam | The Privacy Act (New Zealand)

Alignments and frameworks

Our products, technical capabilities, guidance documents, and legal commitments help our customers map to these frameworks and alignments. These offerings may not require formal certification or attestation, though we may rely on our certifications, attestations, and reports to help our customers map to these frameworks and alignments.

Global

Bitsight | Center for Internet Security (CIS) Benchmarks | CyberGRX | ISO/IEC 27110 | Know Your Third Party (KY3P) Report | MVSP | Standardized Information Gathering (SIG) Questionnaire | USDM Life Sciences | Whistic

Additional resources

Strengthening Operational Resilience in Financial Services by Migrating to Google Cloud

Google Workspace Data Subject Requests (DSR) Guide

Insights into the German Healthcare Industry

Learn more about trust and security

Take the next step

Tell us what you’re solving for. A Google Cloud expert will help you find the best solution.

Learn security best practices
See our best practices
Solve common problems
Watch security use-case videos
Work with a partner
See our security partners

Accelerate your digital transformation
Whether your business is early in its journey or well on its way to digital transformation, Google Cloud can help solve your toughest challenges.
Learn more

Industry Solutions
Reduce cost, increase operational agility, and capture new market opportunities.
See all industry solutions

Google Cloud products
Browse over 100 products. New customers get $300 in free credits to run, test, and deploy workloads. All customers can use 25+ products for free, up to monthly usage limits.
See all products (100+)

Save money with our transparent approach to pricing
Google Cloud's pay-as-you-go pricing offers automatic savings based on monthly usage and discounted rates for prepaid resources. Contact us today to get a quote.
Request a quote

Save money with our transparent approach to pricing
Request a quote
Pricing overview and tools
Google Cloud pricing
Pricing calculator
Google Cloud free tier
Cost optimization framework
Cost management tools
Product-specific Pricing
Compute Engine
Cloud SQL
Google Kubernetes Engine
Cloud Storage
BigQuery
See full price list with 100+ products