CISPE

CISPE (Cloud Infrastructure Services Providers in Europe) is a non-profit trade association for infrastructure as a service (IaaS) cloud providers in Europe. It was started to aid IaaS providers in explaining their business model to policymakers.

Registered in early 2017, CISPE has been operating since 2015.

The association aims to advocate for an EU-wide cloud-first public procurement policy and engage for a European Digital Single Market including the promotion of high-level security and data protection rules/standards as well as avoiding vendor lock-in.

In June 2020, the association became one the 22 founding members of GAIA-X, announced by the German and French Ministers of Economic Affairs Peter Altmaier and Bruno Le Maire. CISPE joined forces with European cloud users and providers like BMW, EDF, Safran, Atos, Siemens, Bosch, OVHcloud, and Deutsche Telekom.

The CISPE Data Protection Code of Conduct
To help IaaS providers and their customers to comply with the EU General Data Protection Regulation (GDPR), which entered into force from 25 May 2018, CISPE released the CISPE Data Protection Code of Conduct. On top of the required compliance to meet with the GDPR, the code also ensures that IaaS customers can choose to have their data located and processed exclusively in Europe, and that the supplier will not re-use a customer's data.

The compliance has to be declared by CISPs/IaaS providers service by service.

The CISPE Code of Conduct was launched on 27 September 2016 at the European Parliament, and the first thirty services had been declared by the first CISPs/IaaS providers on 14 February 2017.

Announcements received press coverage from Le Monde, InfoDSI, El Pais, La Repubblica, Silicon,  Cloud Magazine, Computer Sweden, Tom's Hardware, L'informaticien,  Global Security Mag, EU Observer, Politico, Computer Weekly, IAPP, Il corriere della Sicurezza, LeMagIT, Bloomberg Television, ITR Manager, Heise.de, COR.COM, ZDNet,  ElEconomista.es, IT Channel, EuropaPress,  01net, The Register, and CIO Dive.

The CISPE Code has received a positive opinion by the European Data Protection Board on May 19. 2021, and has been finally approved by the competent national Supervisory Authority, CNIL on June 3, 2021. To become operational, i.e. legally effective, the Code requires an accredited monitoring body, first. ''"Le code de conduite sera opérationnel dès que l’un de ces organismes de contrôle sera agréé par la Commission." '' To date, 3 Monitoring Bodies have been approved (EY CertifyPoint, Bureau Veritas, LNE ).

Reversibility IaaS Code of Conduct
To anticipate the Free Flow of non-personal Data Regulation (FFoD) that was published in late 2018, the European Commission started the SWIPO (Switching and Porting) Working Groups to develop two codes of conduct for data portability on the Cloud market (one for Infrastructure as a Service, another for Software as a Service).

These codes were developed to specifically answer the regulation requirement of its Article 6 - "Data Porting". CISPE, together with EuroCIO (the association of European CIOs) has been tasked by the European Commission to co-chair the SWIPO IaaS Working Group. The SWIPO IaaS code was handed over to the European Commission in November 2019 during the High-Level Conference on Data Economy of the EU Finish Presidency.

Cispe members have declared first services adherent to the Swipo Iaas Code in May 2021.

Environmental impact of cloud infrastructure
The organization set up a Green Cloud Task Force to discuss questions of environmental impact of data centers. The Task Force worked with the European Commission to develop a self-regulatory initiative to achieve our shared goal of ensuring data centres in Europe are climate neutral by 2030: the Climate Neutral Data Centre Pact. The initiative is led by CISPE and EUDCA.

10 Principles for Fair Software Licensing
In April 2021, Cispe launched together with the French CIO association CIGREF "10 Principles for Fair Software Licensing" in order to address fair software licensing terms of the frame of the EU Digital Markets Act.

Members and supporting organizations
Members and supportive organizations manage operations in more than 15 European countries including France, Germany, Italy, Ireland, the United Kingdom, Finland, Sweden, the Netherlands, Spain, Bulgaria, Poland, and Switzerland.

Corporate members of CISPE, or organisations supporting the Code of Conduct, include: Arsys, Art of Automation, Aruba S.p.A., AWS, BIT, Dada, Daticum, Dominion, Enter, Fasthosts, FjordIT, Gigas, Hetzner Online, Home, Host Europe Group, IDS, Ikoula, LeaseWeb, Lomaco, Netalia, Netcetera, Outscale, OVHcloud, Seeweb, Serverplan, SolidHost, UpCloud, VTX, XXL Webhosting, and 1&1 Internet.

Organization
The CISPE General Assembly elects a ten-member board. The composition of the board of directors should at any time take into account composition rules: a majority of the board should be composed with European-headquartered companies; a majority of the board should be composed of small and mid-caps (< €1 billion turnover) and represent at least three different EU countries (considering worldwide headquarter's location). The first chairman of the board is Alban Schmutz.

The general secretary is named by the board. The first general secretary is Francisco Mingorance.

The Board also names a Code of Conduct Task Force (CISPE CCTF) which is in charge of the evolution and improvements of the CISPE Data Protection Code of Conduct.

The organization is open to any member operating at least one IaaS service in one European country and engaging to declare at least one service under the CISPE Code of Conduct within six months.