A Growing EU Cloud CoC Community
The EU Cloud Code of Conduct continued its expansion throughout 2025, surpassing 1,750 declared adherent services. The Code represents a key benchmark for GDPR compliance across the cloud sector (XaaS), enabling transparency, accountability, and effective risk-based assessments. Each new adherence further consolidates the EU Cloud CoC’s role as a scalable and practical compliance framework for cloud providers operating in Europe.
Progress on the Third Country Transfers Module
Significant progress was made in 2025 on the development of the EU Cloud CoC Third Country Transfers Module, a robust cloud-specific solution for international data transfers. Through the dedicated efforts of the Working Group, advancements were made on building a workable mechanism to support lawful data flows in line with GDPR requirements. We extend our sincere thanks to all participating members for their remarkable expertise, engagement, and commitment to advancing this important initiative as we gear up for submission to the competent authorities.
Engaging with Stakeholders and Advancing Dialogue
Throughout the year, SCOPE Europe actively engaged in conferences, panels, workshops, and exchanges with regulators, industry representatives, and public stakeholders. We hosted and participated in discussions at key events including the IAPP UK Intensive in London, the IAPP Data Protection Congress and CPDP.ai in Brussels, the Privacy Symposium in Venice, as well as at Bitkom’s Privacy Conference and the European Federation of Data Protection Officers Conference in Berlin.
These interactions fostered open dialogue on regulatory implementation, compliance challenges, and the evolving data protection landscape. This included the highest-rated session of this year's IAPP Data Protection Congress in Brussels, which highlighted the value of cross-border cooperation in advancing effective compliance frameworks. Through continued collaboration and knowledge-sharing, we remain committed to promoting harmonisation through the development and monitoring of high-quality compliance standards.
Advancing Compliance Through CSA Collaboration
A key milestone in 2025 was the first EU Cloud CoC adherence completed through the Cloud Security Alliance (CSA). Through this collaboration, the EU Cloud CoC and CSA enable cloud providers within the CSA community to formally demonstrate GDPR compliance through a dedicated framework. This first adherence marks an important step in aligning data protection and cybersecurity practices, offering cloud customers greater transparency into providers’ privacy and security commitments. It also illustrates how this partnership can accelerate the global dissemination of trusted and verifiable GDPR compliance, making robust privacy safeguards more accessible, scalable, and visible across the cloud ecosystem.
In Conversation with the EU Cloud CoC Community
In 2025, our Across the Cloud interview series continued to offer valuable insights from EU Cloud CoC members. These conversations highlighted real-world experiences with compliance, the role of codes of conduct in operationalising GDPR requirements and the importance of continuous collaboration across the cloud industry. In addition, the interviews provide valuable insights on the interplay between privacy and other crucial regulatory developments in the digital sphere, such as AI.
