Germany’s Digital Agenda 2014-2017 promoted digitalisation, internet use, technical skills, the buildout of e-government services, and movement towards broader cloud adoption — according to the federal government, successfully. In March 2016, the Federal Ministry of Economic Affairs and Energy released the new digital strategy, Digitale Strategie 2025, which notably implied that cloud can help meet goals.
In 2015, German IT officials agreed on terms for public sector cloud use under Resolution 2015/5 of the federal government’s IT Council. Under this resolution, Germany began developing the ‘Bundescloud,’ a cloud for federal government data hosting incorporating strict data protection and privacy schemes for government agencies.
The Resolution requires Bundescloud providers to sign a non-disclosure agreement promising to refrain from giving access to German data in foreign jurisdictions, such as the US, as well as requiring that sensitive information be stored on servers in Germany. Under these terms, the German government is only allowed to use cloud service providers (CSPs) certified by the government’s IT security office, the BSI, under the Cloud Computing Compliance Controls Catalogue (C5). In 2016, the BSI set C5 requirements as the mandatory minimum baseline for German government agencies to adopt public cloud solutions.
As experts in the field of regulatory policy, Access Partnership have the knowledge and expertise to help guide clients through the cloud procurement landscape. Our public policy specialists have a thorough understanding of the regulatory environment across Germany, the EU, and its member states, and possess extensive sector-specific knowledge, particularly in the fields of finance and health. These attributes allow us to provide our clients with comprehensive solutions to help achieve their goals with minimal fuss.
This report examines the regulations, rules and procedures surrounding procurement, and more specifically cloud procurement, in Germany. We provide a snapshot of the laws, regulations, and guidance that may impact cloud uptake and outsourcing in public, financial, and healthcare sectors.