EU Cloud Code of Conduct

After GDPR was adopted, the Belgian Data Protection Authority (“BDPA”) approved the EU Cloud CoC in 2021. The code defines clear requirements for Cloud Service Providers ("CSPs”) to implement Article 28 of the GDPR (“Processor”) and all relevant related articles. The framework covers data protection policies, as well as technical and organizational security measures. The code can provide a thorough understanding to buyers of cloud services on how a CSP manages personal data such as confidentiality, subprocessing, and handling potential data breaches. It is important to understand that currently the EU Cloud CoC is not a third country transfer safeguard. The code is for CSPs to demonstrate compliance for Article 28 GDR and related articles.

For more information about the EU Cloud CoC, visit Cloudflare’s blog.

Cloudflare conducts an annual assessment and obtains a new report for customers to review. These annual re-assessments are conducted by the Monitoring Body of the EU Cloud CoC. Adherence to the code means that Cloudflare commits to implementing data protection policies and security measures that align to the GDPR.

Application Security:
Advanced Certificate Manager, Bot Management, DDoS Protection, Page Shield, Rate Limiting, SSL/TLS, SSL/TLS for SaaS, Turnstile, Web Application Firewall (WAF)

Application Performance:
API Gateway, Argo Smart Routing, Cache Reserve, CDN, DNS, Load Balancing, Web Optimization Services, Waiting Room, Web3 Gateways, Zaraz

Secure Access Service Edge (SASE):
Cloudflare One

Zero Trust Services:
Access, Browser Isolation, CASB, Cloudflare Email Security (Area 1), Cloudflare Tunnel, Cloudflare Zero Trust, Data Loss Prevention (DLP), Gateway, Warp Zero Trust Client

Network Services:
Magic WAN, Magic Transit, Magic Firewall, Magic Network Monitoring, Network Interconnect, Spectrum

Developer Platform:
AI Gateway, Cloudflare for SaaS, Durable Objects, Email Routing, Hyperdrive, Images, Pages, Queues, R2 Object Storage, Stream, Video Stream Delivery, Vectorize, Workers, Workers AI, Workers KV

Analytics and Insights:
Analytics, Cloudflare Web Analytics, D1, Logs, Security Center

Privacy and Compliance:
Data Localization Suite (Geo Key Manager, Keyless SSL, Customer Metadata Boundary, Regional Services)

Cloudflare continuously introduces new features/functions across our platform throughout the year. We introduce those to our EU Cloud CoC scope depending on the annual audit cycle.

The report is publicly available. Customers can click on the link to view the report.

Cloudflare services are verified compliant with the EU Cloud CoC, Verification-ID: 2023LVL02SCOPE4316. For more information, please visit https://eucoc.cloud/en/public-register.

• The report demonstrates Cloudflare’s commitment to the highest standards of global data protection.

• EU Cloud CoC has an independent monitoring body (SCOPE Europe) to oversee assessments.

• EU Cloud CoC helps customers understand how Cloudflare services will handle personal information and maintain compliance with GDPR.

Visit Cloudflare’s Trust Hub to learn about additional compliance resources.

Explore Cloudflare’s privacy policies and learn how we support regulatory requirements like the GDPR by visiting our privacy and data protection hub.

Learn more about how Cloudflare’s connectivity cloud capabilities help enterprises streamline and map to compliance requirements across multiple standards by visiting our data compliance and protection page.