Compliance

Overview

Exoscale operates a comprehensive Information Security Management System (ISMS) aligned with international standards and independently audited on a regular basis. Our compliance framework is designed to provide customers with transparency and assurance regarding the confidentiality, integrity, and availability of their data.

Exoscale has been ISO/IEC 27001 certified since 2018 and continuously extends its certification perimeter and assurance portfolio. We maintain compliance with the latest versions of the applicable standards.

Third-Party Certifications and Attestations

FrameworkDescriptionTypeLatest Revision
ISO/IEC 27001Information Security Management SystemCertification2022
ISO/IEC 27017Security controls for cloud servicesCertification2022
ISO/IEC 27018Protection of Personally Identifiable Information (PII) in public cloudsCertification2022
SOC 2 Type 2Attestation over the design and operating effectiveness of controls based on AICPA Trust Services CriteriaAttestation (Type 2)Reporting period: May 1st – May 1st
BSI C5 Type 2German Cloud Computing Compliance Criteria Catalogue (C5:2020)Attestation (Type 2)Reporting period: May 1st – May 1st
HDSFrench health data hosting certification (hébergement de données de santé)CertificationScope: 1–4 and 6
TISAX Level 2Trusted Information Security Assessment Exchange for the automotive industryAssessmentAvailable to registered partners on the ENX portal

All certifications and attestations are performed by accredited third-party auditors. The full set of certificates and reports can be accessed from the Compliance Center in the Exoscale Portal (see below).

Compliance Center

The Compliance Center is available to all registered Exoscale customers directly from the Exoscale Portal.
It provides self-service access to the latest compliance documentation once a Non-Disclosure Agreement (NDA) has been accepted electronically.

Available documentation includes:

  • ISO/IEC 27001, 27017, and 27018 certificates
  • SOC 2 Type 2 and BSI C5 Type 2 reports
  • Exoscale Compliance Statement
  • Green energy certificates for our regions
  • Third-party compliance data from data center operators
  • HDS and TISAX certificates
  • Additional environmental and regulatory disclosures

The Exoscale Compliance Center

The Compliance Center ensures that customers can independently verify Exoscale’s compliance posture and access all relevant supporting documentation under confidentiality.

Support for Regulated Industries

Exoscale supports customers operating in regulated industries that must demonstrate compliance with specific legal and regulatory frameworks.
Our security and governance controls are designed to help customers meet the requirements of regulations such as:

  • HIPAA (Health Insurance Portability and Accountability Act – United States)
  • FINMA Circular 2018/3 on outsourcing (Switzerland)
  • DORA (Digital Operational Resilience Act – EU Regulation 2022/2554)

Through tailored contractual arrangements, Exoscale can provide the necessary guarantees to support customers’ regulatory obligations related to data protection, operational resilience, and third-party risk management.

Customers who require enhanced assurances or specific contractual terms can contact our Support team to discuss available options.

Data Center Operators and Subcontractors

Exoscale relies on trusted partners to operate its regional data centers. Each facility meets stringent physical and procedural security requirements.
Data center operators must hold, at a minimum, ISO 9001:2015 and ISO/IEC 27001:2022 certifications covering access control, operational security, and facility management.

Data CenterRegionSlugOperator
Frankfurt, GermanyDE-FRA-1de-fra-1Equinix
Munich, GermanyDE-MUC-1de-muc-1Equinix
Geneva, SwitzerlandCH-GVA-2ch-gva-2Equinix
Zurich, SwitzerlandCH-DK-2ch-dk-2Equinix
Vienna, AustriaAT-VIE-1at-vie-1A1 Telekom Austria Group
Vienna, AustriaAT-VIE-2at-vie-2A1 Telekom Austria Group
Sofia, BulgariaBG-SOF-1bg-sof-1A1 Telekom Austria Group

All data centers implement modern security controls for physical access, environmental monitoring, and redundant power and connectivity. Exoscale regularly reviews its suppliers’ compliance posture as part of its ISMS.

Continuous Improvement

Exoscale continuously reviews and improves its security and compliance programs to meet evolving international standards, regulatory requirements, and customer expectations.
Our integrated management approach ensures consistent application of best practices across all regions and services.


For questions regarding compliance, certifications, or to request specific documentation, please contact our Support team.

More Information