CISPE

To help IaaS providers and their customers to comply with the EU General Data Protection Regulation (GDPR), which entered into force from 25 May 2018, CISPE released the CISPE Data Protection Code of Conduct. On top of the required compliance to meet with the GDPR, the code also ensures that IaaS customers can choose to have their data located and processed exclusively in Europe, and that the supplier will not re-use a customer's data.{{Cite book|last1=Gutwirth|first1=Serge|url=https://books.google.com/books?id=MQ6zpDlJawgC&q=Cloud+Infrastructure+Services+Providers+in+Europe&pg=PA214|title=European Data Protection: In Good Health?|last2=Leenes|first2=Ronald|last3=Hert|first3=Paul De|last4=Poullet|first4=Yves|date=2012-02-22|publisher=Springer Science & Business Media|isbn=978-94-007-2903-2|language=en}}

The compliance has to be declared by CISPs/IaaS providers service by service.{{cite web|url=https://cispe.cloud/publicregister/|title=Public Register - Current list of services declared under the CISPE Code Of Conduct|website=Cispe.cloud|accessdate=28 July 2017}}

The CISPE Code of Conduct was launched on 27 September 2016 at the European Parliament,{{cite web|url=http://www.cloudcomputing-insider.de/europaeische-cloud-infrastruktur-anbieter-veroeffentlichen-verhaltenskodex-a-552551/|title=Europäische Cloud-Infrastruktur-Anbieter veröffentlichen Verhaltenskodex|website=Cloudcomputing-insider.de|date=6 October 2016 |accessdate=2017-07-28}} and the first thirty services had been declared by the first CISPs/IaaS providers on 14 February 2017.{{cite web|url=https://iapp.org/news/a/cispe-announces-30-services-will-comply-with-its-code-of-conduct/|title=CISPE announces 30 services comply with its code of conduct|website=Iapp.org|accessdate=2017-07-28}}

Announcements received press coverage from Le Monde, InfoDSI,{{cite web|url=http://www.infodsi.com/articles/164841/code-conduite-fournisseurs-iaas.html|title=Un code de conduite pour les fournisseurs d'IaaS|website=Infodsi.com|accessdate=2017-07-28}} El País, La Repubblica,{{cite web|url=http://www.repubblica.it/tecnologia/2016/09/28/news/cloud_nuovo_codice_di_condotta_europeo_ecco_cosa_cambia-148675682/|title=Cloud, nuovo codice di condotta europeo: ecco cosa cambia|date=28 September 2016|website=Repubblica.it|accessdate=2017-07-28}} Silicon,{{cite web|url=http://www.silicon.de/41634633/cispe-kodex-europas-cloud-anbieter-positionieren-sich-zum-datenschutz/|title=CISPE Kodex: Europas Cloud-Anbieter positionieren sich zum Datenschutz - silicon.de|date=29 September 2016|website=Silicon.de|accessdate=2017-07-28}}{{cite web|url=http://www.silicon.fr/cispe-lobby-europeen-cloud-code-conduite-data-158729.html|title=CISPE, lobby européen du Cloud, publie un code de conduite data|date=28 September 2016|website=Silicon.fr|accessdate=2017-07-28}}{{cite web|url=http://www.silicon.co.uk/cloud/aws-cispe-membership-205392|title=AWS Touts CISPE Membership To Help Its Cloud Services Meet EU GDPR|date=14 February 2017|website=Silicon.co.uk|accessdate=2017-07-28}} Cloud Magazine, Computer Sweden,{{cite web|url=http://computersweden.idg.se/2.2683/1.675965/organisation-gdpr-molnet|title=Ny organisation ska ge garantier för GDPR i molnet – Amazon är med|website=Computersweden.idg.se|accessdate=2017-07-28}} Tom's Hardware,{{cite web|url=https://www.tomshw.it/con-cispe-un-codice-di-condotta-per-il-cloud-80349|title=Con CISPE un codice di condotta per il Cloud|website=Tomshw.it|accessdate=2017-07-28}}{{Dead link|date=November 2023 |bot=InternetArchiveBot |fix-attempted=yes }} L'informaticien,{{cite web|url=http://www.linformaticien.com/actualites/id/41816/cispe-un-code-de-conduite-pour-la-protection-des-donnees-en-europe.aspx|title=CISPE : un code de conduite pour la protection des données en Europe|website=Linformaticien.com|accessdate=2017-07-28|archive-date=10 March 2017|archive-url=https://web.archive.org/web/20170310002457/http://www.linformaticien.com/actualites/id/41816/cispe-un-code-de-conduite-pour-la-protection-des-donnees-en-europe.aspx|url-status=dead}}{{cite web |url=https://www.linformaticien.com/actualites/id/43122/confiance-dans-le-cloud-aws-rejoint-l-initiative-cispe-qui-passe-en-prod.aspx |title=Confiance dans le cloud : AWS rejoint l'initiative CISPE, qui passe en prod ! |accessdate=2017-05-15 |url-status=dead |archiveurl=https://web.archive.org/web/20170704064959/http://www.linformaticien.com/actualites/id/43122/confiance-dans-le-cloud-aws-rejoint-l-initiative-cispe-qui-passe-en-prod.aspx |archivedate=4 July 2017 |df=dmy-all }} Global Security Mag,{{cite web|url=http://www.globalsecuritymag.fr/Certification-de-la-protection-des,20170214,68992.html|title=Certification de la protection des données : des fournisseurs d'infrastructures cloud opérant en Europe déclarent leur conformité au code de conduite relatif à la protection des données|website=Global Security Mag Online|accessdate=2017-07-28}} EU Observer, Politico, Computer Weekly,{{cite web|url=http://www.computerweekly.com/news/450412937/AWS-preps-GDPR-readiness-by-signing-up-to-cloud-Code-of-Conduct|title=AWS preps GDPR readiness by signing up to cloud Code of Conduct|website=Computerweekly.com|accessdate=2017-07-28}} IAPP, Il corriere della Sicurezza,{{cite web|url=http://www.ilcorrieredellasicurezza.it/articolo.asp?idarticolo=dada-aderisce-al-codice-di-condotta-sulla-protezione-dati-del-cispe_17801|title=Dada aderisce al Codice di condotta sulla protezione dati del CISPE - Il corriere della sicurezza|website=Ilcorrieredellasicurezza.it|date=15 February 2017 |accessdate=2017-07-28}} LeMagIT,{{cite web|url=http://www.lemagit.fr/actualites/450413491/Les-fournisseurs-de-services-Cloud-anticipent-le-RGPD|title=Les fournisseurs de services Cloud anticipent le RGPD|website=Lemagit.fr|accessdate=2017-07-28}} Bloomberg Television,{{cite web|url=http://www.bloombergtv.bg/v-razvitie/2017-02-22/kolko-golyama-e-zaplahata-pred-sigurnostta-na-dannite-v-oblaka|title=Колко голяма е заплахата пред сигурността на данните в облака |website=Bloombergtv.bg|accessdate=2017-07-28}} ITR Manager,{{cite web|url=http://www.itrmanager.com/articles/167349/cispe-anticipe-rgpd-fournit-marque-conformite.html|title=CISPE anticipe le RGPD et fournit une "marque de conformité"|website=Itrmanager.com|accessdate=2017-07-28}} Heise.de,{{cite web|url=https://www.heise.de/ix/meldung/Datenspeicherung-in-Europa-soll-Cloud-Kontrolle-verbessern-3333988.html|title=Datenspeicherung in Europa soll Cloud-Kontrolle verbessern|website=Heise.de|date=27 September 2016 |accessdate=2017-07-28}} COR.COM,{{cite web|url=http://www.corrierecomunicazioni.it/digital/43622_cloud-nasce-il-primo-codice-di-condotta-i-dati-dei-clienti-non-si-toccano.htm|title=Cloud, nasce il primo codice di condotta: "I dati dei clienti non si toccano"|website=Corrierecomunicazioni.it|date=28 September 2016|accessdate=2017-07-28}} ZDNet,{{cite web|url=http://www.zdnet.fr/actualites/rgpd-les-fournisseurs-cloud-prennent-de-l-avance-39842556.htm|title=RGPD : Les fournisseurs cloud prennent de l'avance|website=Zdnet.fr|date=28 September 2016 |accessdate=2017-07-28}}{{cite web|url=http://www.corrierecomunicazioni.it/cloud/45877_una-grande-alleanza-cloud-europea-via-al-cispe.htm|title=Una grande alleanza cloud europea: via al Cispe|website=Corrierecomunicazioni.it|date=15 February 2017|accessdate=2017-07-28}} ElEconomista.es, IT Channel,{{cite web|url=http://www.itchannel.info/index.php/articles/164841/code-conduite-fournisseurs-iaas.html|title=Un code de conduite pour les fournisseurs d'IaaS|website=Itchannel.info|accessdate=2017-07-28}} EuropaPress,{{cite web|url=http://www.europapress.es/portaltic/sector/noticia-aprobado-primer-codigo-conducta-aplicacion-reglamento-proteccion-datos-ue-20160927160139.html|title=Aprobado el código de conducta en aplicación del Reglamento de Protección de Datos de la UE|date=27 September 2016|website=Europapress.es|accessdate=2017-07-28}}{{cite web|url=http://www.europapress.es/portaltic/sector/noticia-gigas-garantiza-total-privacidad-datos-nube-20170215105826.html|title=Gigas garantiza la total privacidad de los datos en la nube|date=15 February 2017|website=Europapress.es|accessdate=2017-07-28}} 01net,{{cite web|url=http://www.01net.it/cispe-ecco-chi-aderisce-alla-coalizione/|title=Cispe: ecco chi aderisce alla coalizione|author=Maria Teresa Della Mura|date=15 February 2017|website=01net.it|accessdate=2017-07-28}} The Register,{{cite web|url=https://www.theregister.co.uk/2017/02/16/cloud_industry_body_sets_up_new_data_protection_code/|title=Cloud industry body sets up new data protection code|website=Theregister.co.uk|accessdate=2017-07-28}} and CIO Dive.{{cite web|url=http://www.ciodive.com/press-release/20170214-data-protection-certification-cloud-infrastructure-services-providers-oper/|title=Data Protection Certification: Cloud Infrastructure Services Providers operating in Europe declare compliance with CISPE Data Protection Code of Conduct|website=Ciodive.com|accessdate=2017-07-28|archive-url=https://web.archive.org/web/20170728114839/http://www.ciodive.com/press-release/20170214-data-protection-certification-cloud-infrastructure-services-providers-oper/|archive-date=28 July 2017|url-status=dead}}

The CISPE Code has received a positive opinionhttps://edpb.europa.eu/system/files/2021-05/edpb_opinion_202117_cispecode_en_0.pdf {{Bare URL PDF|date=March 2022}} by the European Data Protection Board on May 19. 2021, and has been finally approved by the competent national Supervisory Authority, CNIL on June 3, 2021.{{Cite web |date=2021-06-11 |title=The CNIL approves the first European code of conduct for cloud infrastructure service providers (IaaS) {{!}} CNIL |url=https://www.cnil.fr/en/cnil-approves-first-european-code-conduct-cloud-infrastructure-service-providers-iaas |archive-url=https://web.archive.org/web/20210611222413/https://www.cnil.fr/en/cnil-approves-first-european-code-conduct-cloud-infrastructure-service-providers-iaas |archive-date=2021-06-11 |access-date=2024-06-18 |website=cnil.fr}}{{Citation |title=Délibération de la Commission Nationale de l'Informatique et des Libertés |date=2021-06-03 |url=https://www.legifrance.gouv.fr/cnil/id/CNILTEXT000043632207 |access-date=2024-06-18}} To become operational, i.e. legally effective, the Code requires an accredited monitoring body, first. "Le code de conduite sera opérationnel dès que l’un de ces organismes de contrôle sera agréé par la Commission."{{Cite web|title=Délibération 2021-065 du 3 juin 2021|url=https://www.legifrance.gouv.fr/cnil/id/CNILTEXT000043632207|url-status=live|access-date=2021-06-13|website=www.legifrance.gouv.fr|archive-url=https://web.archive.org/web/20210613153812/https://www.legifrance.gouv.fr/cnil/id/CNILTEXT000043632207 |archive-date=13 June 2021 }} To date, 3 Monitoring Bodies have been approved (EY CertifyPoint,{{Cite web|url=https://www.cnil.fr/en/code-conduct-cnil-grants-first-accreditation-monitoring-body|title = Code of conduct: CNIL grants first accreditation to a monitoring body | CNIL}} Bureau Veritas,{{Cite web|url=https://www.cnil.fr/en/node/121762|title = Code de conduite : La CNIL délivre deux nouveaux agréments à des organismes de contrôle | CNIL}} LNE).

To anticipate the Free Flow of non-personal Data Regulation (FFoD) that was published in late 2018, the European Commission started the SWIPO (Switching and Porting) Working Groups to develop two codes of conduct{{Cite web|last=Anonymous|date=2018-04-16|title=Cloud stakeholder working groups start their work on cloud switching and cloud security certification|url=https://ec.europa.eu/digital-single-market/en/news/cloud-stakeholder-working-groups-start-their-work-cloud-switching-and-cloud-security|access-date=2020-07-05|website=Shaping Europe’s digital future - European Commission|language=en}} for data portability on the Cloud market (one for Infrastructure as a Service, another for Software as a Service).

These codes were developed to specifically answer the regulation requirement of its Article 6 - "Data Porting". CISPE, together with EuroCIO (the association of European CIOs) has been tasked by the European Commission to co-chair the SWIPO IaaS Working Group. The SWIPO IaaS code{{Cite web|title=High-level Conference on Data Economy|url=https://valtioneuvosto.fi/en/project?tunnus=LVM019:00/2019|access-date=2020-07-05|website=Valtioneuvosto|language=en-US}} was handed over to the European Commission in November 2019 during the High-Level Conference on Data Economy of the EU Finish Presidency.{{Cite AV media |url=https://www.youtube.com/watch?v=xOJoXCjo_NA |title=High-Level Conference on Data Economy 25.11.2019 (day 1) |date=2019-11-25 |last=Liikenne- ja viestintäministeriö |access-date=2024-06-18 |via=YouTube}}https://api.hankeikkuna.fi/asiakirjat/2d0f4123-e651-4874-960d-5cc3fac319b6/3b0ad494-bb45-419b-8853-786754d1b287/LIITE_20191009135505.pdf {{Bare URL PDF|date=March 2022}}

Cispe members have declared first services adherent to the Swipo Iaas Code in May 2021.{{Cite web|url=https://cispe.cloud/3ds-outscale-aruba-aws-coretech-infoclip-irideos-leaseweb-ovhcloud-and-scaleway-to-declare-first-cloud-infrastructure-services-adhering-to-swipo-iaas-code-for-data-porting/|title=3DS Outscale, Aruba, AWS, CoreTech, Infoclip, Irideos, Leaseweb, OVHcloud, and Scaleway to declare first cloud infrastructure services adhering to SWIPO IaaS Code for data porting|date=12 May 2021}}

The organization set up a Green Cloud Task Force to discuss questions of environmental impact of data centers.https://cispe.cloud/climate-neutral-data-centre-pact-task-force/ {{Dead link|date=February 2022}} The Task Force worked with the European Commission to develop a self-regulatory initiative to achieve our shared goal of ensuring data centres in Europe are climate neutral by 2030: the Climate Neutral Data Centre Pact. The initiative is led by CISPE and EUDCA.{{Cite web|url=https://www.ovh.com/blog/5-keys-to-understand-the-climate-neutral-datacenter-pact/|title = 5 keys to understand the Climate Neutral Datacenter Pact|date = 21 January 2021}}

In April 2021, Cispe launched together with the French CIO association CIGREF "10 Principles for Fair Software Licensing" {{Cite web|url=https://www.cigref.fr/ten-principles-to-end-unfair-practices-of-software-gatekeepers|title=Cigref and CISPE Launch Ten Principles to End Unfair Practices of Software Gatekeepers|date=14 April 2021}} in order to address fair software licensing terms of the frame of the EU Digital Markets Act.{{Cite web|url=http://www.lesechos.fr/amp/1306555|title = Cloud : Le torchon brûle entre les entreprises et les éditeurs de logiciels américains|date = 13 April 2021}}

Members and supportive organizations manage operations in more than 15 European countries including France, Germany, Italy, Ireland, the United Kingdom, Finland, Sweden, the Netherlands, Spain, Bulgaria, Poland, and Switzerland.

Corporate members of CISPE, or organisations supporting the Code of Conduct, include: Arsys, Art of Automation, Aruba S.p.A., AWS, BIT, Dada, Daticum, Dominion, Enter, Fasthosts, FjordIT, Gigas, Hetzner Online, Home, Host Europe Group, IDS, Ikoula, LeaseWeb, Lomaco, Netalia, Netcetera, Outscale, OVHcloud, Seeweb, Serverplan, SolidHost, UpCloud, VTX, XXL Webhosting, and 1&1 Internet.{{cite web|url=http://www.idc.com/getdoc.jsp?containerId=EMEA42512717|title=Implications of the Code of Conduct for Cloud Infrastructure Service Providers in Europe|website=Idc.com|accessdate=2017-07-28|archive-url=https://web.archive.org/web/20170728115212/http://www.idc.com/getdoc.jsp?containerId=EMEA42512717|archive-date=28 July 2017|url-status=dead}}

The CISPE General Assembly elects a ten-member board.

The composition of the board of directors should at any time take into account composition rules: a majority of the board should be composed with European-headquartered companies; a majority of the board should be composed of small and mid-caps (< €1 billion turnover) and represent at least three different EU countries (considering worldwide headquarter's location). The first chairman of the board is Alban Schmutz.{{cite web|url=https://cispe.cloud/board-of-directors/|title=Board of Directors - CISPE - The Voice of Cloud Infrastructures Providers in Europe|website=Cispe.cloud|accessdate=2017-07-28}}

The general secretary is named by the board. The first general secretary is Francisco Mingorance.

The Board also names a Code of Conduct Task Force (CISPE CCTF) which is in charge of the evolution and improvements of the CISPE Data Protection Code of Conduct.{{cite web|url=https://cispe.cloud/cctf/|title=CCTF - CISPE - The Voice of Cloud Infrastructures Providers in Europe|website=Cispe.cloud|accessdate=2017-07-28}}

The organization is open to any member operating at least one IaaS service in one European country and engaging to declare at least one service under the CISPE Code of Conduct within six months.{{cite web|url=https://cispe.cloud/become-cispe-member/|title=Become CISPE Member|website=Cispe.cloud|accessdate=2020-06-08}}

{{Reflist}}

• [https://cispe.cloud/ CISPE website]
• [https://cispe.cloud/code-of-conduct/ CISPE Data Protection Code of Conduct].
• [https://ec.europa.eu/digital-single-market/en/free-flow-non-personal-data Free Flow of non-personal Data Regulation]

Category:Organizations established in 2015

Category:2015 establishments in Europe

Category:Cloud computing

Category:Non-profit organisations based in Belgium

Category:Organisations based in Belgium