Together we can solve for the future of cloud security. Join us at Google Cloud Security Summit on July 20. Register now.

Compliance resource center

Google Cloud’s industry-leading security, third-party audits and certifications, documentation, and legal commitments help support your compliance.

Contact us See compliance offerings

Google Cloud compliance

Our products regularly undergo independent verification of their security, privacy, and compliance controls, achieving certifications, attestations, and audit reports to demonstrate compliance. We’ve also created resource documents and mappings for compliance support when formal certifications or attestations may not be required or applied.

Download reports directly via our Compliance Reports Manager

Learn about:

  • Google Cloud certifications and the compliance standards that we satisfy
  • General information about regional and sector-specific regulations
  • The latest industry news and best practices updates
  • Documentation to aid your own reporting and compliance efforts

Compliance offerings by region

We continually expand our coverage against the most important global standards.

Canada

USA

Latin America

EMEA

Asia Pacific

See offerings for all regions
Map of the world showing five regions: Canada, USA, Latin American, EMEA, Asia Pacific

Featured resources

New! Regulatory notification support quick reference guide

New! Act on the Protection of Personal Information whitepaper (Japan)

Strengthening operational resilience in financial services by migrating to Google Cloud

Google Workspace data protection implementation guide

Google Workspace data subject requests (DSR) guide

Protecting healthcare data on Google Cloud

Google Cloud European commitments whitepaper

Trusting your data with Google Cloud Platform

Trusting your data with Google Workspace

See more whitepapers and guides

Compliance offerings by category

Certifications / attestations / reports

An independent third-party auditor has granted a formal certification, attestation, or audit report based on an assessment that affirms our compliance with these offerings.

Cloud Computing Compliance Controls Catalog (C5) | CSASpain Esquema Nacional de Seguridad (ENS) | EU Cloud Code of Conduct | FedRAMP | FIPS 140-2 Validated | HDS | HITRUST CSF | Higher Education Cloud Vendor Assessment Tool (HECVAT) | Independent Security Evaluators (ISE) Audit | Information System Security Management and Assessment Program (ISMAP) | IRAP (Information Security Registered Assessors Program) | ISAE 3000 Type 2 Report (FINMA) | ISO/IEC 27001 | ISO/IEC 27017 | ISO/IEC 27018 | ISO/IEC 27701 | K-ISMS (Korea) | MTCS (Singapore) Tier 3NCSC - Cyber Essentials | OSPAR | PCI DSS | SEC 17a-4(f) | SOC 1 | SOC 2 | SOC 3 | SWIPO Data Portability Code of Conduct | ETDA (Thailand)TISAXU.S. Defense Information Systems Agency Provisional Authorization 

Laws / regulations

Cloud service providers can’t provide formal certification of our customers’ compliance with these laws and regulations. But we work hard, via our products, technical capabilities, guidance documents and legal commitments, to make the compliance process as easy as possible for your organization.

ACPR (France) | APRA Prudential Standard CPS 234 | PDPL (Argentina)APPs (Australia) | BaFin Cloud Outsourcing Guidance | Banco de EspañaBanco de PortugalBank of Italy | BNM (Malaysia) | BSP (Philippines)BWG (Austria)California Consumer Privacy Act (CCPA) | COPPA (U.S.) | CSSF (Luxembourg) | DNB Decree | ESMA (EU)EU Model Contract Clauses | FDIC (US) | FERPA (U.S.) | FG16/5 - FCA | FINMA (Switzerland) | FSC Insurance Outsourcing Directions | FSC Banking Outsourcing Regulations | GDPR | GR 95/2018 guidelines | HIPAA | IA (Hong Kong) | HKMA (Hong Kong) | PDPO (Hong Kong) | Indonesia Government Regulation No. 71 (GR 71) | KNF (Poland) | FSC (Korea)Lei Geral de Proteção de Dados (LGPD) | MaRisk AT 9 Outsourcing | MAS TRM Guidelines | OJK Circular 21 of 2017 (SEOJK 21) | OJK Regulation No. 38 of 2016 (POJK 38)  | OSFI (Canada) | PHIPA (Canada) | PPC (Japan) | PRA (UK) | RBI (India) | SFSA (Sweden) | PDPA (Singapore) | South Africa POPI | SYSC 8 Outsourcing - FCA Handbook | PIPEDA (Canada) | VAG (Austria)

Alignments / frameworks

Our products, technical capabilities, guidance documents, and legal commitments help our customers map to these frameworks and alignments. These offerings may not require formal certification or attestation, though we may rely on our certifications, attestations, and reports to help our customers map to these frameworks and alignments.

APRA Prudential Standard CPS 231 | ABS (Singapore) | PMDA (Japan) | Criminal Justice Information Services (CJIS) | CyberGRX | EBA (EU) | EIOPA (EU) | FFIEC (US) | FED (US) | FISC (Japan) | Impact Level 4 (IL4) (Beta) | Know Your Third Party (KY3P) Report | NCSC (UK)MeitY (India) | Monetary Authority of Singapore (MAS) Guidelines | MPA | NEN (Netherlands) | NISC (Japan) | NIST 800-34 - Contingency Planning | NIST 800-53 | NIST 800-171 | NHS (UK) | OCC (US) | Standardized Information Gathering (SIG) Questionnaire | 3G3M (Japan) | GxP

Learn more about trust and security

Get an overview of Google Cloud’s security model and capabilities

Learn more

See how we protect the privacy of Google Cloud customers

Learn more

Security products to help you meet policy, regulatory, and business objectives

Learn more

Take the next step

Tell us what you’re solving for. A Google Cloud expert will help you find the best solution.

Contact sales