The Digital Single Market Strategy 2015 (DSM) committed the European Commission to delivering a European Cloud Initiative, including certification. The Cloud Select Industry Group (C-SIG) subgroup has helped the European Commission to implement the certification action of the European Cloud Computing Strategy 2012 and will continue to support the European Commission to implement the European Cloud Initiative action of the DSM.

The 2012 Communication "Unleashing the Potential of Cloud Computing in Europe" included an action for certification. Therefore, within the Cloud Select Industry Group (C-SIG) the subgroup on Certification Schemes (SIG-Cert) was established with support from the European Union Network and Information Security Agency (ENISA).

Together SIG-Cert and the European Union Agency for Network and Information Security (ENISA) delivered a list of (voluntary) certification schemes for the cloud (CCSL) to give potential cloud customers more transparency about certification schemes and how they relate to the cloud.

As an extension of the CCSL, SIG-Cert and ENISA also delivered the Cloud Certification Schemes Metaframework (CCSM) in order to facilitate the use of existing certification schemes during procurement of cloud services. It provides a neutral, high-level mapping of potential customers' security requirements to security objectives in existing cloud certification schemes.

Information security and certification of cloud computing services are still barriers to the use of cloud computing services in Europe according to the 2014 Eurostat report and the 2015 EU28 Cloud Security Conference.

This C-SIG on Certification Schemes is open for participation by interested stakeholders in the field of cloud computing. Currently the group consists of members of more than 30 organisations in the field of cloud computing and certification.

Timeline and deliverables

February 2013:

The group started its work and amongst others delivered a list of existing cloud relevant certification schemes in the field of security and data protection, and a set of important principles and recommendations on cloud certification.

Summer of 2013:

These intermediary results were validated with the support of ENISA.

October 2013:

  • Discussion and endorsement of the proposal by ENISA to work on a detailed list of cloud relevant security certification schemes and a so-called "Metaframework" to compare those schemes as regards cloud customers' security requirements.
  • A plenary session of the Cloud Select Industry Group endorsed this approach.

February 2014:

After discussing with the group, ENISA published the list of cloud relevant security certification schemes , thereby completing the work on the key action on cloud computing certification of the European Cloud Computing Strategy.

January 2015:

The list of cloud relevant security certification schemes was finalised by ENISA and the Metaframework of cloud security certification schemes was launched by ENISA.

The list of cloud relevant security certification schemes is published on ENISA's website.


12 November 2014

Agenda Minutes

8 July 2014

Agenda Minutes

2 June 2014

Agenda Minutes

3 April 2014

Agenda Minutes

30 January 2014

Agenda Minutes

4 October 2013

Agenda Minutes

29 May 2013

Agenda Minutes

21 February 2013

Agenda Minutes


If you are interested in shaping the EU's policy on cloud computing certification and your organisation is able to actively contribute to the work of the C-SIG working group, you are invited to join and participate in its work.