CISPE

Overview

CISPE (Cloud Infrastructure Services Providers in Europe) is a coalition of cloud computing leaders serving millions of European customers. The CISPE Data Protection Code of Conduct (CISPE Code) is the first pan-European data protection code of conduct for cloud infrastructure service providers under Article 40 of the European Union’s General Data Protection Regulation (GDPR). It was approved by the European Data Protection Board (EDPB) in May 2021 and formally adopted by the French Data Protection Authority (CNIL), acting as the lead supervisory authority, in June 2021.

The CISPE Code assures organizations that their cloud infrastructure service provider meets the requirements applicable to a data processor under the GDPR. This gives cloud customers additional confidence that they can choose services that have been independently verified for their compliance with the GDPR.

The CISPE Code goes beyond GDPR compliance by requiring cloud infrastructure service providers to give customers the choice to select services that store and process customer data exclusively within the European Economic Area. Cloud infrastructure service providers must also commit that they will not access or use any customer data, except as necessary to provide and maintain the declared services. In particular, the cloud infrastructure service providers must commit to not use customer data for their own purposes, including for data mining, profiling or direct marketing. Ernst and Young CertifyPoint (EYCP) independently certified 100 AWS services as complying with the CISPE Code. EYCP was the first "monitoring body" accredited by CNIL to verify cloud infrastructure provider's compliance with the CISPE Code.

AWS supports more security standards and compliance certifications than any other cloud provider, and we are continuously reviewing the needs of our customers as the regulatory environment evolves. The CISPE Code provides an added level of assurance to our customers that AWS Cloud services can be used in compliance with the GDPR and addresses our customers’ compliance requirements today.

Have Questions? Connect with an AWS Business Representative
Exploring compliance roles?
Apply today »
Want AWS Compliance updates?
Follow us on Twitter »