Germany: Criteria enabling cloud computing autonomy (C3A)

Progress

Current status

adopted

27 Apr 2026 adopted

Scope

Implementers

Germany

Policy Area

Data governance

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

software provider: other software

infrastructure provider: cloud computing, storage and databases

Government Branch

executive

Government Body

other regulatory body

Implementation Level

national

Timeline of events

27 Apr 2026

adopted

Federal Office for Information Security published Criteria enabling Cloud Computing Autonomy (C3A)

On 27 April 2026, the German Federal Office for Information Security (BSI) published the Criteria enabling Cloud Computing Autonomy (C3A), a non-binding framework setting out verifiable criteria for assessing the degree of self-determination availab…

Source

Event type outline

Action type adoption

Government branch executive

Government body other regulatory body

Progress

Scope

Timeline of events

Federal Office for Information Security published Criteria enabling Cloud Computing Autonomy (C3A)

Related changes

specifies related intervention

Germany: Cloud Computing Compliance Criteria Catalogue (C5):2026

European Union: Public procurement access requirements in Cloud Sovereignty Framework

European Union: Cybersecurity regulations in Cloud Sovereignty Framework