EQS Group Achieves EU Cloud Code of Conduct Compliance through the Cloud Security Alliance Framework

BRUSSELS – 10 September 2025 – The EU Cloud CoC General Assembly is pleased to announce that EQS Group is the first cloud service provider to successfully declare services adherent to the EU Cloud Code of Conduct (EU Cloud CoC) through the dedicated framework established in collaboration with the Cloud Security Alliance (CSA). This milestone showcases EQS Group’s commitment to robust data protection practices and to transparently demonstrating GDPR compliance.

The EU Cloud CoC is a comprehensive compliance tool that enables cloud providers to legally demonstrate their GDPR adherence efforts while promoting standardization, transparency, and accountability. Greenlit by the European Data Protection Board (EDPB), the Code has become a trusted benchmark across the cloud industry, supporting risk assessments, harmonizing compliance practices, and fostering trust in digital services. In parallel, CSA is a global leader in IT and cybersecurity certifications, all featured in the STAR Registry, which provides cloud users with clear, trustworthy standards for assessing cloud services.

As part of the collaboration between the EU Cloud CoC and CSA, a special framework for CSA STAR and Corporate Members provides a pathway to demonstrate compliance with GDPR requirements. All services that successfully pass the Code’s monitoring process have their EU Cloud CoC Compliance Mark displayed in both the Code's Public Register and the CSA STAR Registry, offering customers a robust overview of cloud offerings and their respective commitments to privacy and cybersecurity.

By achieving compliance with the EU Cloud CoC, EQS Group demonstrates its dedication to safeguarding customer data and delivering secure, reliable cloud services. The completion of this process underscores EQS’ efforts to uphold GDPR compliance and contribute to advancing industry best practices. The company’s adherence not only strengthens the EU Cloud CoC ecosystem but also demonstrates the growing relevance of practical compliance solutions for the global cloud market.

To gain further insights on EQS Group’s services declared adherent, access the EU Cloud CoC Public Register and download their Public Report.

Addressing this achievement, Dr. Marco Ermini, Chief Information Security Officer at EQS Group, stated:

"We’re proud to have achieved formal GDPR compliance through the EU Cloud CoC and SCOPE Europe. While we’ve long demonstrated our commitment to privacy through certifications and audits like ISO/IEC 27018, ISAE 3000, and SOC 2, this recognition — backed by the European Data Protection Board — carries particular weight for our customers, who trust us with some of their most sensitive data. At EQS Group, we believe true trust in cloud services comes not from individual efforts alone, but through collective action, standardization, and regulatory oversight."

Daniele Catteddu, Chief Technology Officer at Cloud Security Alliance, said:

“This achievement by EQS marks an important milestone in demonstrating how CSA’s STAR framework can serve as a bridge between global cloud security standards and European data protection requirements. By aligning with the EU Cloud Code of Conduct, we are not only reinforcing GDPR compliance but also enabling organizations worldwide to adopt transparent, verifiable, and trusted practices in cloud security and privacy.”

Gabriela Mercuri, Managing Director of SCOPE Europe, added:

“The first adherence through the CSA framework demonstrates how this collaboration can accelerate the wide dissemination of trusted and verifiable GDPR compliance across the global cloud community. By joining forces with CSA, we are making robust privacy safeguards more accessible, scalable, and visible to cloud users worldwide,”

About the EU Cloud Code of Conduct

The EU Cloud Code of Conduct is an approved and fully legally operational Code of Conduct pursuant to Article 40 GDPR. Defining clear requirements for Cloud Service Providers to implement Article 28 GDPR, the Code covers all cloud service layers (IaaS, PaaS, SaaS), has its compliance overseen by an accredited monitoring body, and represents the vast majority of the European cloud industry market share.