CISPE

Last updated

CISPE (Cloud Infrastructure Services Providers in Europe) is a non-profit trade association for infrastructure as a service (IaaS) cloud providers in Europe. It was started to aid IaaS providers in explaining their business model to policymakers. [1]

Contents

Registered in early 2017, CISPE has been operating since 2015. [2]

The association aims to advocate for an EU-wide cloud-first public procurement policy and engage for a European Digital Single Market including the promotion of high-level security and data protection rules/standards as well as avoiding vendor lock-in.

In June 2020, the association became one the 22 founding members [3] of GAIA-X, announced by the German and French Ministers of Economic Affairs Peter Altmaier and Bruno Le Maire. CISPE joined forces with European cloud users and providers like BMW, EDF, Safran, Atos, Siemens, Bosch, OVHcloud, and Deutsche Telekom.

The CISPE Data Protection Code of Conduct

To help IaaS providers and their customers to comply with the EU General Data Protection Regulation (GDPR), which entered into force from 25 May 2018, CISPE released the CISPE Data Protection Code of Conduct. On top of the required compliance to meet with the GDPR, the code also ensures that IaaS customers can choose to have their data located and processed exclusively in Europe, and that the supplier will not re-use a customer's data. [4]

The compliance has to be declared by CISPs/IaaS providers service by service. [5]

The CISPE Code of Conduct was launched on 27 September 2016 at the European Parliament, [1] [6] and the first thirty services had been declared by the first CISPs/IaaS providers on 14 February 2017. [7]

Announcements received press coverage from Le Monde , [1] InfoDSI, [8] El País , La Repubblica , [9] Silicon, [10] [11] [12] Cloud Magazine, Computer Sweden, [13] Tom's Hardware, [14] L'informaticien, [15] [16] Global Security Mag, [17] EU Observer, Politico, Computer Weekly , [18] IAPP, [7] Il corriere della Sicurezza, [19] LeMagIT, [20] Bloomberg Television, [21] ITR Manager, [22] Heise.de, [23] COR.COM, [24] ZDNet, [25] [26] ElEconomista.es, IT Channel, [27] EuropaPress, [28] [29] 01net, [30] The Register , [31] and CIO Dive. [32]

The CISPE Code has received a positive opinion [33] by the European Data Protection Board on May 19. 2021, and has been finally approved by the competent national Supervisory Authority, CNIL on June 3, 2021. [34] [35] To become operational, i.e. legally effective, the Code requires an accredited monitoring body, first. "Le code de conduite sera opérationnel dès que l’un de ces organismes de contrôle sera agréé par la Commission." [36] To date, 3 Monitoring Bodies have been approved (EY CertifyPoint, [37] Bureau Veritas, [38] LNE [38] ).

Reversibility IaaS Code of Conduct

To anticipate the Free Flow of non-personal Data Regulation (FFoD) that was published in late 2018, the European Commission started the SWIPO (Switching and Porting) Working Groups to develop two codes of conduct [39] for data portability on the Cloud market (one for Infrastructure as a Service, another for Software as a Service).

These codes were developed to specifically answer the regulation requirement of its Article 6 - "Data Porting". CISPE, together with EuroCIO (the association of European CIOs) has been tasked by the European Commission [39] to co-chair the SWIPO IaaS Working Group. The SWIPO IaaS code [40] was handed over to the European Commission in November 2019 during the High-Level Conference on Data Economy of the EU Finish Presidency. [41] [42]

Cispe members have declared first services adherent to the Swipo Iaas Code in May 2021. [43]

Environmental impact of cloud infrastructure

The organization set up a Green Cloud Task Force to discuss questions of environmental impact of data centers. [44] The Task Force worked with the European Commission to develop a self-regulatory initiative to achieve our shared goal of ensuring data centres in Europe are climate neutral by 2030: the Climate Neutral Data Centre Pact. The initiative is led by CISPE and EUDCA. [45]

10 Principles for Fair Software Licensing

In April 2021, Cispe launched together with the French CIO association CIGREF "10 Principles for Fair Software Licensing" [46] in order to address fair software licensing terms of the frame of the EU Digital Markets Act. [47]

Members and supporting organizations

Members and supportive organizations manage operations in more than 15 European countries including France, Germany, Italy, Ireland, the United Kingdom, Finland, Sweden, the Netherlands, Spain, Bulgaria, Poland, and Switzerland.

Corporate members of CISPE, or organisations supporting the Code of Conduct, include: Arsys, Art of Automation, Aruba S.p.A., AWS, BIT, Dada, Daticum, Dominion, Enter, Fasthosts, FjordIT, Gigas, Hetzner Online, Home, Host Europe Group, IDS, Ikoula, LeaseWeb, Lomaco, Netalia, Netcetera, Outscale, OVHcloud, Seeweb, Serverplan, SolidHost, UpCloud, VTX, XXL Webhosting, and 1&1 Internet. [48]

Organization

The CISPE General Assembly elects a ten-member board.

The composition of the board of directors should at any time take into account composition rules: a majority of the board should be composed with European-headquartered companies; a majority of the board should be composed of small and mid-caps (< €1 billion turnover) and represent at least three different EU countries (considering worldwide headquarter's location). The first chairman of the board is Alban Schmutz. [49]

The general secretary is named by the board. The first general secretary is Francisco Mingorance. [49]

The Board also names a Code of Conduct Task Force (CISPE CCTF) which is in charge of the evolution and improvements of the CISPE Data Protection Code of Conduct. [50]

The organization is open to any member operating at least one IaaS service in one European country and engaging to declare at least one service under the CISPE Code of Conduct within six months. [51]

Related Research Articles

<span class="mw-page-title-main">Amazon Web Services</span> On-demand cloud computing company

Amazon Web Services, Inc. (AWS) is a subsidiary of Amazon that provides on-demand cloud computing platforms and APIs to individuals, companies, and governments, on a metered, pay-as-you-go basis. Clients will often use this in combination with autoscaling. These cloud computing web services provide various services related to networking, compute, storage, middleware, IoT and other processing capacity, as well as software tools via AWS server farms. This frees clients from managing, scaling, and patching hardware and operating systems. One of the foundational services is Amazon Elastic Compute Cloud (EC2), which allows users to have at their disposal a virtual cluster of computers, with extremely high availability, which can be interacted with over the internet via REST APIs, a CLI or the AWS console. AWS's virtual computers emulate most of the attributes of a real computer, including hardware central processing units (CPUs) and graphics processing units (GPUs) for processing; local/RAM memory; hard-disk (HDD)/SSD storage; a choice of operating systems; networking; and pre-loaded application software such as web servers, databases, and customer relationship management (CRM).

Pseudonymization is a data management and de-identification procedure by which personally identifiable information fields within a data record are replaced by one or more artificial identifiers, or pseudonyms. A single pseudonym for each replaced field or collection of replaced fields makes the data record less identifiable while remaining suitable for data analysis and data processing.

ePrivacy Directive

Privacy and Electronic Communications Directive2002/58/EC on Privacy and Electronic Communications, otherwise known as ePrivacy Directive (ePD), is an EU directive on data protection and privacy in the digital age. It presents a continuation of earlier efforts, most directly the Data Protection Directive. It deals with the regulation of a number of important issues such as confidentiality of information, treatment of traffic data, spam and cookies. This Directive has been amended by Directive 2009/136, which introduces several changes, especially in what concerns cookies, that are now subject to prior consent.

Infrastructure as a service (IaaS) is a cloud computing service model where a cloud services vendor provides computing resources such as storage, network, servers, and virtualization. This service frees users from maintaining their own data center, but they must install and maintain the operating system and application software. Iaas provides users high-level APIs to control details of underlying network infrastructure such as backup, data partitioning, scaling, security and physical computing resources. Services can be scaled on-demand by the user. According to the Internet Engineering Task Force (IETF), such infrastructure is the most basic cloud-service model. IaaS can be hosted in a public cloud, a private cloud, or a hybrid cloud.

Data portability is a concept to protect users from having their data stored in "silos" or "walled gardens" that are incompatible with one another, i.e. closed platforms, thus subjecting them to vendor lock-in and making the creation of data backups or moving accounts between services difficult.

<span class="mw-page-title-main">Cloud computing</span> Form of shared internet-based computing

Cloud computing is the on-demand availability of computer system resources, especially data storage and computing power, without direct active management by the user. Large clouds often have functions distributed over multiple locations, each of which is a data center. Cloud computing relies on sharing of resources to achieve coherence and typically uses a pay-as-you-go model, which can help in reducing capital expenses but may also lead to unexpected operating expenses for users.

The following is a comparison of cloud-computing software and providers.

Backend as a service (BaaS), sometimes also referred to as mobile backend as a service (MBaaS), is a service for providing web app and mobile app developers with a way to easily build a backend to their frontend applications. Features available include user management, push notifications, and integration with social networking services. These services are provided via the use of custom software development kits (SDKs) and application programming interfaces (APIs). BaaS is a relatively recent development in cloud computing, with most BaaS startups dating from 2011 or later. Some of the most popular service providers are AWS Amplify and Firebase.

<span class="mw-page-title-main">General Data Protection Regulation</span> EU regulation on the processing of personal data

The General Data Protection Regulation, abbreviated GDPR, or French RGPD is a European Union regulation on information privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and human rights law, in particular Article 8(1) of the Charter of Fundamental Rights of the European Union. It also governs the transfer of personal data outside the EU and EEA. The GDPR's goals are to enhance individuals' control and rights over their personal information and to simplify the regulations for international business. It supersedes the Data Protection Directive 95/46/EC and, among other things, simplifies the terminology.

This is a timeline of Amazon Web Services, which offers a suite of cloud computing services that make up an on-demand computing platform.

Serverless computing is a cloud computing execution model in which the cloud provider allocates machine resources on demand, taking care of the servers on behalf of their customers. Serverless is a misnomer in the sense that servers are still used by cloud service providers to execute code for developers. However, developers of serverless applications are not concerned with capacity planning, configuration, management, maintenance, fault tolerance, or scaling of containers, virtual machines, or physical servers. When an app is not in use, there are no computing resources allocated to the app. Pricing is based on the actual amount of resources consumed by an application. It can be a form of utility computing.

Alibaba Cloud, also known as Aliyun, is a cloud computing company, a subsidiary of Alibaba Group. Alibaba Cloud provides cloud computing services to online businesses and Alibaba's own e-commerce ecosystem. Its international operations are registered and headquartered in Singapore.

<span class="mw-page-title-main">Oracle Cloud</span> Cloud computing service

Oracle Cloud is a cloud computing service offered by Oracle Corporation providing servers, storage, network, applications and services through a global network of Oracle Corporation managed data centers. The company allows these services to be provisioned on demand over the Internet.

<span class="mw-page-title-main">NOYB</span> European data protection advocacy group

NOYB – European Center for Digital Rights is a non-profit organization based in Vienna, Austria established in 2017 with a pan-European focus. Co-founded by Austrian lawyer and privacy activist Max Schrems, NOYB aims to launch strategic court cases and media initiatives in support of the General Data Protection Regulation (GDPR), the proposed ePrivacy Regulation, and information privacy in general. The organisation was established after a funding period during which it has raised annual donations of €250,000 by supporting members. Currently, NOYB is financed by more than 4,400 supporting members.

The General Data Protection Regulation (GDPR) is a European Union regulation that specifies standards for data protection and electronic privacy in the European Economic Area, and the rights of European citizens to control the processing and distribution of personally-identifiable information.

<span class="mw-page-title-main">IBM Cloud</span> Cloud computing services provided by IBM

IBM Cloud is a set of cloud computing services for business offered by the information technology company IBM.

Gaia-X is an initiative to develop a federated secure data infrastructure for Europe, whereby data are shared, with users retaining control over their data access and usage, and according to some to ensure European digital sovereignty. It aims to develop digital governance, based on European values of transparency, openness, data protection, and security, which can be applied to cloud technologies to obtain transparency and controllability across data and services. The project name is a reference to the Greek goddess Gaia.

The Climate Neutral Data Centre Pact is a pledge of industry players and trade association of cloud infrastructure services and data centres in Europe to achieve climate neutrality by 2030. It is supported by the European Commission and Frans Timmermans, Executive Vice-President of the European Commission for the European Green Deal.


The EU Cloud Code of Conduct is a transnational Code of Conduct pursuant Article 40 of the European General Data Protection Regulation (GDPR).

Yandex Cloud is a public cloud platform developed by the Russian internet company Yandex. Yandex Cloud provides private and corporate users with infrastructure and computing resources in an ‘as a service’ format.

References

  1. 1 2 3 Fagot, Vincent (27 September 2016). "Protection des données : les hébergeurs européens à l'offensive". Le Monde . Retrieved 28 July 2017.
  2. "Cloud Infrastructure Services Providers in Europe - Transparency Register". Ec.europa.eu. Retrieved 28 July 2017.
  3. "Germany, France launch Gaia-X platform in bid for 'tech sovereignty'". POLITICO. 4 June 2020. Retrieved 5 July 2020.
  4. Gutwirth, Serge; Leenes, Ronald; Hert, Paul De; Poullet, Yves (22 February 2012). European Data Protection: In Good Health?. Springer Science & Business Media. ISBN   978-94-007-2903-2.
  5. "Public Register - Current list of services declared under the CISPE Code Of Conduct". Cispe.cloud. Retrieved 28 July 2017.
  6. "Europäische Cloud-Infrastruktur-Anbieter veröffentlichen Verhaltenskodex". Cloudcomputing-insider.de. Retrieved 28 July 2017.
  7. 1 2 "CISPE announces 30 services comply with its code of conduct". Iapp.org. Retrieved 28 July 2017.
  8. "Un code de conduite pour les fournisseurs d'IaaS". Infodsi.com. Retrieved 28 July 2017.
  9. "Cloud, nuovo codice di condotta europeo: ecco cosa cambia". Repubblica.it. 28 September 2016. Retrieved 28 July 2017.
  10. "CISPE Kodex: Europas Cloud-Anbieter positionieren sich zum Datenschutz - silicon.de". Silicon.de. 29 September 2016. Retrieved 28 July 2017.
  11. "CISPE, lobby européen du Cloud, publie un code de conduite data". Silicon.fr. 28 September 2016. Retrieved 28 July 2017.
  12. "AWS Touts CISPE Membership To Help Its Cloud Services Meet EU GDPR". Silicon.co.uk. 14 February 2017. Retrieved 28 July 2017.
  13. "Ny organisation ska ge garantier för GDPR i molnet – Amazon är med". Computersweden.idg.se. Retrieved 28 July 2017.
  14. "Con CISPE un codice di condotta per il Cloud". Tomshw.it. Retrieved 28 July 2017.[ permanent dead link ]
  15. "CISPE : un code de conduite pour la protection des données en Europe". Linformaticien.com. Archived from the original on 10 March 2017. Retrieved 28 July 2017.
  16. "Confiance dans le cloud : AWS rejoint l'initiative CISPE, qui passe en prod !". Archived from the original on 4 July 2017. Retrieved 15 May 2017.
  17. "Certification de la protection des données : des fournisseurs d'infrastructures cloud opérant en Europe déclarent leur conformité au code de conduite relatif à la protection des données". Global Security Mag Online. Retrieved 28 July 2017.
  18. "AWS preps GDPR readiness by signing up to cloud Code of Conduct". Computerweekly.com. Retrieved 28 July 2017.
  19. "Dada aderisce al Codice di condotta sulla protezione dati del CISPE - Il corriere della sicurezza". Ilcorrieredellasicurezza.it. 15 February 2017. Retrieved 28 July 2017.
  20. "Les fournisseurs de services Cloud anticipent le RGPD". Lemagit.fr. Retrieved 28 July 2017.
  21. "Колко голяма е заплахата пред сигурността на данните в облака". Bloombergtv.bg. Retrieved 28 July 2017.
  22. "CISPE anticipe le RGPD et fournit une "marque de conformité"". Itrmanager.com. Retrieved 28 July 2017.
  23. "Datenspeicherung in Europa soll Cloud-Kontrolle verbessern". Heise.de. 27 September 2016. Retrieved 28 July 2017.
  24. "Cloud, nasce il primo codice di condotta: "I dati dei clienti non si toccano"". Corrierecomunicazioni.it. 28 September 2016. Retrieved 28 July 2017.
  25. "RGPD : Les fournisseurs cloud prennent de l'avance". Zdnet.fr. 28 September 2016. Retrieved 28 July 2017.
  26. "Una grande alleanza cloud europea: via al Cispe". Corrierecomunicazioni.it. 15 February 2017. Retrieved 28 July 2017.
  27. "Un code de conduite pour les fournisseurs d'IaaS". Itchannel.info. Retrieved 28 July 2017.
  28. "Aprobado el código de conducta en aplicación del Reglamento de Protección de Datos de la UE". Europapress.es. 27 September 2016. Retrieved 28 July 2017.
  29. "Gigas garantiza la total privacidad de los datos en la nube". Europapress.es. 15 February 2017. Retrieved 28 July 2017.
  30. Maria Teresa Della Mura (15 February 2017). "Cispe: ecco chi aderisce alla coalizione". 01net.it. Retrieved 28 July 2017.
  31. "Cloud industry body sets up new data protection code". Theregister.co.uk. Retrieved 28 July 2017.
  32. "Data Protection Certification: Cloud Infrastructure Services Providers operating in Europe declare compliance with CISPE Data Protection Code of Conduct". Ciodive.com. Archived from the original on 28 July 2017. Retrieved 28 July 2017.
  33. https://edpb.europa.eu/system/files/2021-05/edpb_opinion_202117_cispecode_en_0.pdf [ bare URL PDF ]
  34. "The CNIL approves the first European code of conduct for cloud infrastructure service providers (IaaS) | CNIL". cnil.fr. 11 June 2021. Archived from the original on 11 June 2021. Retrieved 18 June 2024.
  35. Délibération de la Commission Nationale de l'Informatique et des Libertés, 3 June 2021, retrieved 18 June 2024
  36. "Délibération 2021-065 du 3 juin 2021". www.legifrance.gouv.fr. Archived from the original on 13 June 2021. Retrieved 13 June 2021.
  37. "Code of conduct: CNIL grants first accreditation to a monitoring body | CNIL".
  38. 1 2 "Code de conduite : La CNIL délivre deux nouveaux agréments à des organismes de contrôle | CNIL".
  39. 1 2 Anonymous (16 April 2018). "Cloud stakeholder working groups start their work on cloud switching and cloud security certification". Shaping Europe’s digital future - European Commission. Retrieved 5 July 2020.
  40. "High-level Conference on Data Economy". Valtioneuvosto. Retrieved 5 July 2020.
  41. Liikenne- ja viestintäministeriö (25 November 2019). High-Level Conference on Data Economy 25.11.2019 (day 1) . Retrieved 18 June 2024 via YouTube.
  42. https://api.hankeikkuna.fi/asiakirjat/2d0f4123-e651-4874-960d-5cc3fac319b6/3b0ad494-bb45-419b-8853-786754d1b287/LIITE_20191009135505.pdf [ bare URL PDF ]
  43. "3DS Outscale, Aruba, AWS, CoreTech, Infoclip, Irideos, Leaseweb, OVHcloud, and Scaleway to declare first cloud infrastructure services adhering to SWIPO IaaS Code for data porting". 12 May 2021.
  44. https://cispe.cloud/climate-neutral-data-centre-pact-task-force/ [ dead link ]
  45. "5 keys to understand the Climate Neutral Datacenter Pact". 21 January 2021.
  46. "Cigref and CISPE Launch Ten Principles to End Unfair Practices of Software Gatekeepers". 14 April 2021.
  47. "Cloud : Le torchon brûle entre les entreprises et les éditeurs de logiciels américains". 13 April 2021.
  48. "Implications of the Code of Conduct for Cloud Infrastructure Service Providers in Europe". Idc.com. Archived from the original on 28 July 2017. Retrieved 28 July 2017.
  49. 1 2 "Board of Directors - CISPE - The Voice of Cloud Infrastructures Providers in Europe". Cispe.cloud. Retrieved 28 July 2017.
  50. "CCTF - CISPE - The Voice of Cloud Infrastructures Providers in Europe". Cispe.cloud. Retrieved 28 July 2017.
  51. "Become CISPE Member". Cispe.cloud. Retrieved 8 June 2020.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.