AWS Security Blog

EU Compliance Update

C5 logo

AWS made many launch announcements at AWS re:Invent 2016, including the announcement of a new compliance service, AWS Artifact. After so much recent activity, I want to highlight some EU-related news that you might have missed.

AWS has completed its assessment against the Cloud Computing Compliance Controls Catalogue (C5) information security and compliance program. Bundesamt für Sicherheit in der Informationstechnik (BSI)—Germany’s national cybersecurity authority—established C5 to define a reference standard for German cloud security requirements. With C5 (as well as with IT-Grundschutz), customers in German member states can leverage the work performed under this BSI audit to comply with stringent local requirements and operate secure workloads in the AWS Cloud. Although this is a newer program, BSI’s C5 standard is a key assurance framework that will be an authoritative program for not only German customers moving to the cloud, but also an influential one for all EU member states. C5 has comprehensive cloud-security criteria and is audited using a proven global assessment and reporting standard. AWS is the first cloud provider to achieve this certification, and it shows our commitment to Germany and the EU region.

This completed C5 assessment follows the August announcement of our transition from Safe Harbor to the EU-US Privacy Shield Framework. Though the EU-US Privacy Shield Framework does not affect the way you use or work with AWS, it ensures that you can continue to transfer data between the US and EU in an internationally recognized, compliant way. You can contact our team at privacyshield@amazon.com, or read the FAQ.

– Chad