On June 3, 2021, the CNIL approved the first European code of conduct, carried by Cloud Infrastructure Service Providers Europe (CISPE), dedicated to cloud infrastructure service providers (Iaas).
This code of conduct identifies several bodies in charge of monitoring its correct application by members, including the National Metrology and Testing Laboratory (LNE) and Bureau Veritas Italia Spa. – After an instruction and discussion phase, the CNIL decided to issue these two this approval for a period of 5 years from September 23, 2021 for the first and October 7, 2021 for the second. The CNIL will ensure that these approved organizations comply with the standards it has established.
The verifications carried out by approved organizations such as LNE and Bureau Veritas Italia Spa are completely separate from the verification missions carried out by the CNIL in application of the Data Protection Act.
Each code of conduct provides for penalties in the event of non-compliance noted, for example it may be a public exclusion of the member concerned.