EU Cloud Code of Conduct

EU Cloud Code of Conduct overview

The EU Cloud Code of Conduct (EU Cloud CoC), authored by SCOPE Europe, serves as basis for implementing the requirements of Article 28 of the GDPR for cloud providers acting as a business-to-business processors under the GDPR. The European Data Protection Board has provided positive opinion for the EU Cloud CoC with final approval led by the Belgian Data Protection Authority.

Azure and EU Cloud CoC

Microsoft submitted Azure’s attestation of adherence to the EU Cloud CoC based on facts submitted to SCOPE Europe, relying on third-party audits from three widely-regarded certifications: ISO/IEC 27001 (Information Security Management System), ISO/IEC 27701 (Privacy Information Management System), and ISO/IEC 27018 (Cloud Privacy), which are foundational to Azure security and compliance. Independent review by SCOPE Europe has demonstrated that Azure meets EU Cloud CoC second level of compliance.

Applicability

  • Azure

Services in scope

The list of Azure services in scope can be found within the EU Cloud CoC Verification of Declaration of Adherence report links below.

Audit reports and certificates

The Azure EU Cloud CoC Verification of Declaration of Adherence report is available directly from the SCOPE Europe list of adherent services site.

Alternatively, you can download the report from the Azure portal by navigating to Home > Security Center > Regulatory compliance > Audit reports or using a direct link to the Azure portal audit reports blade (login required). You must have an existing Azure subscription or free Azure trial account to download EU Cloud CoC report document.

Resources