Germany: Cloud Computing Compliance Criteria Catalogue (C5):2026

Progress

Current status

adopted

07 Apr 2026 adopted

Scope

Implementers

Germany

Policy Area

Data governance

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

software provider: other software

infrastructure provider: cloud computing, storage and databases

Government Branch

executive

Government Body

other regulatory body

Implementation Level

national

Timeline of events

07 Apr 2026

adopted

Federal Office for Information Security published Cloud Computing Compliance Criteria Catalogue (C5):2026

On 7 April 2026, the German Federal Office for Information Security (BSI) published the Cloud Computing Compliance Criteria Catalogue (C5):2026, a non-binding criteria catalogue setting out security requirements for cloud computing services. The C5:…

Source

Event type outline

Action type adoption

Government branch executive

Government body other regulatory body

Progress

Scope

Timeline of events

Federal Office for Information Security published Cloud Computing Compliance Criteria Catalogue (C5):2026

Related changes

implements/transposes related intervention

Germany: Expansion of Federal Office for Information Security's powers in NIS 2 Implementation and Cybersecurity Strengthening Act

related intervention is part of the same original policy

Germany: Criteria enabling cloud computing autonomy (C3A)

specifies related intervention

European Union: Cybersecurity regulations in Cloud Sovereignty Framework

European Union: Public procurement access requirements in Cloud Sovereignty Framework

Germany: Technical Guideline TR-03183 on cyber resilience requirements for Manufacturers and Products