OpenLobby.EU
Explore

CLOUD INFRASTRUCTURE SERVICES PROVIDERS IN EUROPE

CISPE

CISPE is an association representing cloud infrastructure service providers operating in Europe.

Lobbying Activity

Meeting with Manuel Mateo Goyet (Acting Head of Unit Communications Networks, Content and Technology)

19 Jan 2026 · Discussion on the upcoming Cloud and AI Development Act, with particular focus on provisions related to European autonomy and demand for trusted EU cloud service providers.

CISPE Urges New Sovereign Targets for European Cloud

9 Jan 2026
Topic — This consultation reviews the monitoring mechanism for the EU's 2030 digital targets.
Message — CISPE proposes cutting data center permitting times in half. They advocate for specific targets ensuring businesses and public services use sovereign cloud infrastructure.123
Why — Faster permitting would accelerate infrastructure growth while sovereignty mandates boost local demand.456
Impact — Non-European providers would see reduced demand as customers shift to sovereign-certified services.78
Read full response

Meeting with Werner Stengg (Cabinet of Executive Vice-President Henna Virkkunen)

19 Nov 2025 · Exchange of views on EU cloud policy

Cloud infrastructure association urges EU to digitalize compliance procedures

14 Oct 2025
Topic — The consultation explores ways to simplify EU digital rules and reduce business burdens.
Message — CISPE proposes a single digital registry to prevent repetitive reporting across different regulations. They advocate for official recognition of industry-led certifications and financial aid for small businesses.123
Why — Automated processes would lower compliance costs and turn regulatory duties into market advantages.45
Impact — Global firms without European headquarters might lose competitiveness as local certifications gain prominence.6
Read full response

Meeting with Pablo Arias Echeverría (Member of the European Parliament)

14 Oct 2025 · particularities of the cloud infrastructure sector in the European market, and debate on the pivotal issues surrounding cloud services and European cloud operators.

CISPE demands cloud services remain exempt from telecom regulations

4 Jul 2025
Topic — EU proposal to modernize digital networks and incentivize broadband infrastructure investment.
Message — CISPE demands that cloud services remain distinct from telecom regulation. They reject any efforts to introduce mandatory network fees or interconnection rules.12
Why — Cloud providers maintain market flexibility and avoid significant new compliance burdens.3
Impact — Large telecom incumbents lose leverage to influence regulatory policy in their favor.4
Read full response

European Cloud Providers Demand EU-First Strategy to Reclaim Market

3 Jul 2025
Topic — The consultation addresses legislative proposals to expand Europe’s cloud and artificial intelligence infrastructure.
Message — CISPE requests a clear definition of sovereign services to guide public policy and procurement. They propose EU-first procurement rules that prioritise compliant domestic providers over foreign alternatives. Additionally, they seek an end to anti-competitive bundling of AI services into dominant software suites.123
Why — Prioritising local firms would help domestic providers reverse their shrinking share of the market.45
Impact — Foreign hyperscalers would face significant barriers to winning lucrative European public sector contracts.67
Read full response

Meeting with Marina Kaljurand (Member of the European Parliament)

10 Jun 2025 · Federation of Cloud Infrastructure

Meeting with Werner Stengg (Cabinet of Executive Vice-President Henna Virkkunen)

5 Jun 2025 · Digital sovereignty

Meeting with Filip Turek (Member of the European Parliament)

29 Apr 2025 · The future of Europe's Cloud Infrastructure

Meeting with Manuel Mateo Goyet (Acting Head of Unit Communications Networks, Content and Technology)

8 Apr 2025 · DG CONNECT E2 Unit policy initiatives in AI and Cloud and CISPE’s governance update

Meeting with Alex Agius Saliba (Member of the European Parliament)

7 Apr 2025 · Cloud services in the EU

Meeting with Sirpa Pietikäinen (Member of the European Parliament)

28 Mar 2025 · Digital policies

Meeting with Virginie Joron (Member of the European Parliament)

27 Mar 2025 · is cloud made in France & Europe currently possible?

Meeting with Maria Grapini (Member of the European Parliament)

25 Mar 2025 · Cloud infrastructure

Meeting with Silke Dalton (Cabinet of Executive Vice-President Henna Virkkunen), Werner Stengg (Cabinet of Executive Vice-President Henna Virkkunen)

25 Mar 2025 · Cloud policy

CISPE Rejects EU Plan For New Internet Traffic Fees

28 Jun 2024
Topic — European Commission consultation on scenarios to address future digital infrastructure and connectivity needs.
Message — CISPE urges the Commission to abandon extending telecom regulations to cloud providers. They argue these rules would create unnecessary administrative burdens and legal uncertainty.12
Why — Avoiding these regulations would prevent compliance costs and protect European cloud competitiveness.34
Impact — Large incumbent telecom operators would lose potential revenue from proposed mandatory network fees.56
Read full response

Response to Reporting scheme for data centres in Europe

15 Jan 2024

CISPE appreciates the opportunity to provide input on the proposal for a Delegated Regulation to set a reporting scheme to rate the sustainability of data centres in the EU under the Energy Efficiency Directive (EED). This position paper outlines our concerns and recommendations to ensure clarity, fairness, and effective implementation. CISPE members are concerned with unrealistically short timeline to prepare for the first reporting cycle and consequently to measure and report the data. We recommend the implementation of a phased reporting approach, commencing with a concentration on the data specified in Annex VII of the EED. This phased strategy not only alleviates the concern regarding excessive granularity but also ensures a more streamlined and expeditious execution of the reporting obligations. CISPE advocates for maximum legal certainty and clarity regarding public disclosure of information and key performance indicators (KPIs) in compliance with Annex IV of the EED. We propose a clear and unambiguous framework requiring aggregated disclosure at both Member State and Union levels. CISPE continues to strongly recommend against the inclusion of data traffic metrics in the draft Delegated Regulation, as this metric is not indicative of the energy performance of the data centres. Please find attached the detailed CISPE's position.
Read full response

Meeting with Marcel Kolaja (Member of the European Parliament, Shadow rapporteur for opinion)

8 Nov 2022 · discussion about protection of children on-line

CISPE urges cloud infrastructure exemptions from abuse detection mandates

6 Sept 2022
Topic — Proposed EU regulation setting rules for online providers to detect and report child sexual abuse material.
Message — Detection orders should only target entities with direct control over content rather than infrastructure. A cascade approach should ensure infrastructure providers are contacted for content removals only as a last resort.12
Why — This protects the cloud business model and avoids requirements to build security vulnerabilities into infrastructure.3
Impact — Law enforcement and victims may experience slower content removal due to mandatory rerouting of orders.4
Read full response

Meeting with Michele Piergiovanni (Cabinet of Executive Vice-President Margrethe Vestager), Penelope Papandropoulos (Cabinet of Executive Vice-President Margrethe Vestager)

11 Mar 2022 · DMA/cloud

Cloud providers urge reporting for smaller, less efficient data centres

19 Nov 2021
Topic — A revision of EU rules to increase energy efficiency targets for 2030.
Message — CISPE proposes including data centres over 100kW in the reporting scope to capture inefficient sites. They request removing metrics for data traffic and storage that do not track energy performance. Finally, they suggest aligning sustainability indicators with established industry standards.123
Why — Broadening the scope highlights the superior energy efficiency of large cloud providers over traditional servers.4
Impact — Small on-premise server operators face new reporting burdens and scrutiny over their inefficiency.5
Read full response

Meeting with Daniel Mes (Cabinet of Executive Vice-President Frans Timmermans) and European Data Centre Association

24 Mar 2021 · Climate neutral data centres

Response to Commission Implementing Decision on standard contractual clauses for the transfer of personal data to third countries

10 Dec 2020

CISPE RESPONSE TO THE DRAFT STANDARD CONTRACTUAL CLAUSES PURSUANT TO REGULATION (EU) 2016/679 (“GDPR”) 1. Presentation of CISPE Cloud Infrastructure Services Providers in Europe (CISPE) is a non-profit association that focuses on developing greater understanding and promoting the use of cloud infrastructure services in Europe. Members based in 14 EU Member States range from SMEs to large multinationals. CISPE members have invested billions of euros in Europe’s digital infrastructure and currently provide services to millions of customers, including organisations in multiple countries and locations outside the EU. Security and data protection are cornerstones of the CISPE constitution. It was the first association in the EU to develop a dedicated GDPR-compliant Code of Conduct for Data Protection for the sector, aligning with strict GDPR requirements to help providers comply while bringing clarity to customers to help them select providers and build trust in their services. CISPE also co-chaired the cloud industry working group (European Commission) to develop codes of conduct for reversibility and data portability under the Regulation on the free flow of non-personal data. 2. Executive Summary The purpose of this document is for CISPE to respond to the European Commission (EC) public consultation on the new draft standard contractual clauses for the transfer of personal data to third countries pursuant to GDPR (New SCCs). CISPE comments and proposed changes to the New SCCs address where the provisions (a) replicate or conflict with GDPR (including Article 28 requirements), and/or (b) are infeasible or difficult to implement in the nature of the provision of Infrastructure-as-a-Service (IaaS) or other digital supply chains. CISPE has provided an overview of IaaS, together a summary of the key issues in the New SCCs below. We have also attached an Annex, which provides further details on concerns with the New SCCs, together with proposed changes to particular terms. 3. Overview of IaaS IaaS provides standardised virtualised hardware or computing infrastructure services at scale. A customer using IaaS has the freedom to select services and choose what data it processes on the infrastructure. The provider of such IaaS services is unware of whether their infrastructure will be used at any specific point in time by their customer to process personal data, and as the service is provided on a highly automated, multi-tenanted basis, the provider makes available self-service tools and functionalities that the customer can use to configure and protect their data. Customers who use IaaS services to process personal data subject to GDPR may be controllers or processors. The IaaS provider has no visibility of its customer’s data subjects, and where the customer is a processor, the IaaS provider (as a sub-processor) does have any knowledge of, or contractual relationship with, the underlying controllers. 4. Summary of key issues (please see attachment) i. Relationship with GDPR. ii. Relationships with controllers and data subjects. iii. Warranty. iv. Notification to the supervisory authority. v. Commercial matters.
Read full response

Meeting with Werner Stengg (Cabinet of Executive Vice-President Margrethe Vestager)

2 Dec 2020 · Digital Services Act, Digital Markets Act

CISPE urges EU to remove renewable energy procurement barriers

21 Sept 2020
Topic — Revision of the Renewable Energy Directive to meet higher 2030 climate goals.
Message — CISPE requests the removal of barriers to voluntary renewable energy purchases. They suggest Member states set non-binding goals for corporate power purchase agreements.12
Why — This would allow cloud providers to meet aggressive corporate sustainability targets.3
Read full response

Cloud providers urge caution on data center waste heat rules

21 Sept 2020
Topic — Review of the Energy Efficiency Directive to achieve higher 2030 EU climate targets.
Message — CISPE requests careful design of waste heat policies as reheating requires extra energy. They suggest custom designs instead of rigid mandates. They also advocate for shifting workloads to the cloud.123
Why — Flexible rules prevent high costs for heat pumps and preserve options for data center locations.45
Impact — Local heating networks lose a potential source of heat to warm urban buildings.6
Read full response

Response to 2nd Data Package

19 Dec 2017

CISPE would like to express its support for adopting such regulation which is very important for a truly integrated Digital Single Market. Removing restrictions to the flow of data across EU borders will greatly support spreading the benefits of the cloud to the European economy. In order to achieve that, it is necessary to adopt in parallel a harmonised level of data security across the EU. CISPE also welcomes the measured approach in addressing data portability in the cloud and the encouragement in developing self-regulatory Union Codes of conduct, an area where CISPE has experience in . When looking at the specificities of cloud computing, it is clear that customers embracing the cloud today are enjoying much more freedom and flexibility when choosing their underlying technology components than in the traditional IT environment and that the potential for “lock-in” is now significantly lower than it used. However, the envisaged dispositions do not seem to be operational in their current wording which lacks clarity. Free flow of data principle The cloud industry welcomes the general principle of free flow of data and reinforces the importance of banning national data localisation rules, which will provide legal certainty for cloud services providers and boost the European economy. However, to maximise the benefits of cross border data flow, the final Regulation should limit cases when Member States will be able to localise non-personal data. That should happen only in very exceptional and pre-determined cases. While such cases have not yet been clearly identified (e.g. public safety or the definition of non-personal data), they should not be expansive such that they defeat the purpose of the Regulation. More comments are available in enclosed document.
Read full response

Response to Commission Implementing Regulation pursuant Art 16(8) of NIS Directive

11 Oct 2017

CISPE (Cloud Infrastructure Service Providers in Europe) welcomes the opportunity to provide feedback on the draft Commission Implementing Regulation that concerns the security and notification obligations of so-called “digital service providers” (DSPs) which will help implement the Network and Information Security (NIS) Directive. CISPE supports the objectives of the NIS Directive and would like to reiterate the importance of an implementation that is true to its intended outcome, especially regarding the definition of substantial impact, which triggers the obligation for DSPs to notify an incident. It is crucial that the implementing Regulation reflect the “light-touch approach” agreed by Council and the European Parliament in this regard. This “light touch” approach is of the upmost importance for medium European companies to allow them to comply with the implementing Regulation without stifling their development. We are concerned that costly and complex systems to implement could change the structure of the European Cloud market, and in particular the Infrastructure as a Service (IaaS) market, which is mainly made by SMEs. 1. DSP obligations should not be stricter than those for Operators of Essential Services We are concerned that with proposed Regulation DSPs' obligations could become stricter than those of Operators of Essential Services (OES). Given the non-essential nature of the DSPs services and operations as specified in the Recital 49 of the NIS Directive, the degree of economic and societal risks for an incident affecting OESs (e.g. banking sector) would be expected to be substantially higher than for an incident involving a DSP (e.g. cloud computing service provider, marketplace and search engines). 2. A definition of substantial impact that is proportionate and fit for purpose The “light-touch approach” is also reflected in the definition of a substantial incident in the NIS Directive. The threshold for triggering an incident report for a DSP is markedly higher than for an OES. It is determined by more parameters, most of which focus on service availability, ensuring that only substantial incidents are notified. In this regard, CISPE would like to raise your attention to the following provisions: Art 4a: CISPE proposes to exclude the unavailability of the service for voluntary maintenance purposes. Art 4b: CISPE proposes to the term, “user” is applied to “paying customer in a contractual agreement”. CISPE also asks to define timeframe and if it is applied to one incident. Art 4c: CISPE proposes to remove this provision from the Regulation since we believe it is not fit for purpose. Art 4e: Alternatively, we encourage the Commission to support a more flexible wording such as ‘In case the incident met one of the above criteria, the DSP will communicate the affected Member States’. 3. DSPs obligations and limited resources of medium companies Some of the provisions seem to be very difficult if not impossible for medium companies to implement as they are both too costly and would require radical disruption in how they currently operate. In particular Recital 7 which refers to segregation of networks and systems and disaster recovery capabilities referred in Art. 2.3b CISPE proposal is to delete those provisions or to exclude medium companies from their scope. 4. A requirement to report vulnerabilities that is balanced We suggest removing this provision from Art. 2.2 b since it could be unduly burdensome for companies and has little value for competent authorities.
Read full response

Meeting with Maximilian Strotmann (Cabinet of Vice-President Andrus Ansip)

15 Dec 2016 · Free flow of data, standardisation