News Item

After cloud…cybersecurity certification: launching the ENISA ad hoc Working Group on Cloud Services

In response to a Commission request concerning a cybersecurity certification scheme for Cloud services, the EU Agency for Cybersecurity established a suitable ad hoc working group.

Published on March 06, 2020

Under the EU Cybersecurity Act, an ad hoc working group provides advice to the European Union Agency for Cybersecurity (ENISA) vis-à-vis a draft candidate cybersecurity certification scheme and it culminates open consultation with relevant stakeholders.

Over the past few years, cloud services have become the backbone of information and telecommunications services in the Digital Single Market as consumers as well as private and public services alike seek to reap the benefits of ubiquitous services in relation to increased productivity at a lower cost. In response, several Member States including but not limited to France, Germany, Spain and the Netherlands have set up assessment and/or certification frameworks concerning these services. These frameworks have complemented private certification schemes widely available throughout the market.  

Acting on a prominent Commission initiative, dubbed CSP-CERT, representatives of both the private and the public sectors have already reached consensus and put forward a proposal for a certification scheme for the cloud; however, several aspects have yet to be sorted out.

The Commission request to ENISA concerning a cybersecurity certification scheme for Cloud services has been grounded on the Regulation for the free flow of non-personal data. Other relevant aspects concerning the cybersecurity of non-personal as well as personal data flows are likely to also come under the scope.

This ad hoc working group is composed of 20 selected members broadly representing stakeholders’ communities across providers and users, small and large companies, public sector etc. The work of this group has also attracted the interest of around 15 representatives from Member States public authorities as well as EU Institutions and bodies that have designated representatives; the output draft candidate cybersecurity certification is expected to be finalised in late 2020.


Further Information

ENISA's work on cloud servicies

ENISA's work on certification schemes

Call for expression of interest for an ad hoc Working Group on cybersecurity certification for cloud services

For questions and interviews:


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information