EU Cloud Code of Conduct Resources

Latest guidance and information for companies navigating the
EU Cloud Code of Conduct approval

  • Learn More
  • EU Cloud Code of Conduct

    EU Cloud Code of Conduct Summary

    The EU Data Protection Code of Conduct for Cloud Service Providers (known by its abbreviated name EU Cloud Code of Conduct) sets out clear requirements and recommends procedures to raise the level of data protection in cloud services, based on GDPR.

    The current Cloud Code of Conduct helps cloud service providers demonstrate compliance with all the requirements of the GDPR, as well as an extensive range of data security demands.

    Based on input by supervisory authorities and the Guidelines on Codes of Conduct and Monitoring Bodies by the European Data Protection Board, the Code has been designed to ensure a robust level of data protection and transparency, complemented by an independent monitoring function.

    The EU Cloud Code of Conduct was approved by the Belgian Data Protection Authority, following a positive opinion of the EDPB, on 20 May 2021.

    EU Cloud Code of Conduct in the TrustArc Platform


    PrivacyCentral now offers additional guidance to its users specific to the EU Cloud Code of Conduct, and will soon offer a validation program for organizations that need support in demonstrating compliance with the EU Cloud Code of Conduct before submitting adherence to SCOPE Europe, its monitoring body.

    The EU Cloud Code of Conduct PrivacyCentral solution incorporates the controls catalog developed as part of the Code as well as alignment with ISO 27001, GDPR, UK GDPR, APEC CBPRs and PRPs, the TrustArc Privacy and Data Governance Framework, Nymity Privacy Management Accountability Framework, CCPA, LGPD, and HIPAA so that organizations can leverage the standards they already have in place to demonstrate their adherence to the Code.

    Monitoring & TrustArc Collaboration

    Compliance will be monitored by an independent monitoring body, Scope Europe, as well as by the Belgian Data Protection Authority.


    At this time, the Code is not yet approved to function as a legal basis for international data transfers. However, an additional module is being prepared to cover international transfers. TrustArc is part of the drafting team for the Third Country Transfer Module.

    TrustArc Resources


    TrustArc Blog


    • TrustArc has incorporated the EU Cloud of Conduct into the Privacy Central Platform.
      Learn More
    • TrustArc Answers Frequently Asked Questions About the EU Cloud Code of Conduct.
      Learn More


    TrustArc Serious Privacy Podcast


    Serious Privacy Podcast hosts
    K Royal and Paul Breitbarth present the unique potential of the EU Cloud CoC to demonstrate GDPR compliance for all service types of cloud computing.
    Listen Now


    EU Cloud FAQs


    Answers to your most pressing questions about the EU Cloud Code of Conduct.
    Read Now