C5:2025 – Shaping the Future of Secure Cloud Computing
Cloud computing has become the backbone of digital transformation in industry, public administration, and society. But with great reliance comes great responsibility: security and trust are the cornerstones that enable true digital progress.
The German Federal Office for Information Security (BSI) has long supported this journey with the Cloud Computing Compliance Criteria Catalogue (C5) – a trusted framework for evaluating and certifying cloud security. The next major milestone is now on the horizon: C5:2025.
Currently published as a community draft (open for comments until September 15, 2025), C5:2025 continues to evolve as a collaborative effort between regulators, cloud providers, auditors, consultants, and the European cybersecurity community.
🔑 What’s New in C5:2025?
While C5:2020 remains the solid foundation, the new edition reflects six years of technological, regulatory, and operational progress:
1. European Integration: C5 and EUCS
2. Incorporation of Global Standards
C5:2025 integrates the latest versions of:
This harmonization reduces redundancy and creates a common language for cloud security.
3. New Focus Areas for Emerging Challenges
These updates ensure that C5 remains future-proof in a rapidly shifting security landscape.
4. Structural Improvements for Usability
Recommended by LinkedIn
🚀 Why This Matters
C5:2025 is more than just an update; it’s a strategic move toward a unified European cloud security framework. It enhances trust, promotes comparability, and prepares organizations for future technological and regulatory challenges.
For cloud providers, it presents an opportunity to align with European standards and demonstrate security maturity.
For auditors and consultants, it provides a clearer structure and stronger benchmarks.
And for society at large, it ensures that digitalization and cybersecurity move forward hand in hand.
🗓️ Get Involved
The C5:2025 community draft is open for feedback until September 15, 2025. So, you have the opportunity to contribute your expertise and help shape the future of secure cloud computing in Germany and across Europe.
About Kertos
Kertos is the no-code solution for automated implementation of global data protection and compliance regulations. Our platform enables fast-scaling tech companies to streamline their compliance with minimal personnel costs.
Helpful Resources
↘️ Shhh! It's private. Read our latest newsletter editions.
💻 Kertos. Discover how you can streamline your compliance operations
📈 Enhancing startup security. Read our guide for practical strategies for early-stage success.
The release of C5:2025 as a Community Draft marks a pivotal shift for European cloud security, moving beyond national compliance towards genuine regulatory harmonization. By aligning with EUCS and integrating international frameworks like ISO/IEC 27001:2022, NIS2, and CSA CCM v4, C5:2025 sets a robust foundation for organizations navigating increasing cyber risks and evolving legal obligations. The emphasis on containers, supply chain security, post-quantum cryptography, and confidential computing addresses exactly where technological disruption meets emerging threats. This update is particularly relevant as the European cloud market accelerates, with demand for certified and sovereign services projected to surge in the next few years. For IT leaders, assessing the compliance gap and proactively engaging with this Community Draft is an opportunity to anticipate upcoming regulatory requirements and streamline multi-standard audits. The open consultation process not only gives the community a voice but also ensures sector-specific needs are addressed in shaping a standard that will underpin trust and digital resilience across the continent.