Certifications & Regulations
Compliance is a comparison axis of its own β the cheapest provider is no use if it can't meet your regulatory bar. Each tile below is a security, privacy, industry, or government standard, with a short definition, the providers that currently hold it, and a link to learn more. Filter by provider to see the standards a cloud carries, by region to focus on a jurisdiction, or by category to narrow the type of standard. We track a curated set of 24 widely-recognized standards so clouds compare cleanly side by side β this is notan exhaustive list, and the largest providers hold many more (AWS advertises 140+, Azure 100+). For a provider's complete, authoritative list, open its trust centerlinked at the bottom. Status is compiled from each provider's official documentation; this is for general comparison only, not legal advice. Last update, July 2026.
Sponsor This Page
Have your company featured as a sponsor of our Certifications & Regulations comparison. Reach engineers, architects, and security teams evaluating cloud compliance posture.
ISO/IEC 27001
International standard for information security management systems (ISMS).
ISO/IEC 27017
Code of practice for information security controls for cloud services.
SOC 2
AICPA audit of controls for security, availability, processing integrity, confidentiality and privacy.
CSA STAR
Cloud Security Alliance Security Trust Assurance and Risk registry.
FIPS 140-2
US government standard for cryptographic module validation.
ISO 22301
International standard for business continuity management systems.
ISO/IEC 42001
First international standard for AI management systems (AIMS).
ISO/IEC 27018
Code of practice for protecting personally identifiable information (PII) in public clouds.
ISO/IEC 27701
Privacy information management system (PIMS) extension to ISO 27001.
PCI DSS
Payment Card Industry Data Security Standard for handling cardholder data.
HIPAA
US healthcare law governing protected health information (via a Business Associate Agreement).
HITRUST CSF
Certifiable security framework widely used in US healthcare.
FedRAMP High
US government authorization for high-impact cloud workloads.
FedRAMP Moderate
US government authorization for moderate-impact cloud workloads.
IRAP
Australian Government Information Security Registered Assessors Program.
BSI C5
Germanyβs Cloud Computing Compliance Criteria Catalogue (BSI).
ENS
Spainβs Esquema Nacional de Seguridad (National Security Framework).
MTCS
Singaporeβs Multi-Tier Cloud Security standard (SS 584).
NIST SP 800-171
US standard for protecting controlled unclassified information (CUI).
ISMAP
Japanβs government Information system Security Management and Assessment Program.
Sources & Trust Centers
The links below are each provider's official compliance hub / trust center β the complete, authoritative list of certifications, which for the largest clouds runs to 100+ (AWS alone advertises 140+). We track a curated, comparable subset above; standard names link to a definition of each. This information may not reflect real-time changes and is not legal or compliance advice β verify directly with the provider before relying on it.
Last update, July 2026.