Certifications & Regulations

Compliance is a comparison axis of its own β€” the cheapest provider is no use if it can't meet your regulatory bar. Each tile below is a security, privacy, industry, or government standard, with a short definition, the providers that currently hold it, and a link to learn more. Filter by provider to see the standards a cloud carries, by region to focus on a jurisdiction, or by category to narrow the type of standard. We track a curated set of 24 widely-recognized standards so clouds compare cleanly side by side β€” this is notan exhaustive list, and the largest providers hold many more (AWS advertises 140+, Azure 100+). For a provider's complete, authoritative list, open its trust centerlinked at the bottom. Status is compiled from each provider's official documentation; this is for general comparison only, not legal advice. Last update, July 2026.

🀝

Sponsor This Page

Have your company featured as a sponsor of our Certifications & Regulations comparison. Reach engineers, architects, and security teams evaluating cloud compliance posture.

πŸ“§ hello@comparecloudcosts.com

Provider
Region
Category
Tracked certifications by providerCounts reflect the 24standards tracked here β€” not each provider's full catalog (AWS 140+, Azure 100+). See the trust centers below for the complete list.
AWS
24
Azure
24
Google Cloud
23
Oracle
20
Alibaba Cloud
15
Cloudflare
7
DigitalOcean
6
Showing 24 of 24 tracked standards
SecurityGlobal

ISO/IEC 27001

International standard for information security management systems (ISMS).

7/7
Learn more
SecurityGlobal

ISO/IEC 27017

Code of practice for information security controls for cloud services.

5/7
Learn more
SecurityGlobal

SOC 1

AICPA audit of controls relevant to financial reporting.

5/7
Learn more
SecurityGlobal

SOC 2

AICPA audit of controls for security, availability, processing integrity, confidentiality and privacy.

7/7
Learn more
SecurityGlobal

SOC 3

Publicly shareable, general-use version of the SOC 2 report.

6/7
Learn more
SecurityGlobal

CSA STAR

Cloud Security Alliance Security Trust Assurance and Risk registry.

6/7
Learn more
SecurityN. America

FIPS 140-2

US government standard for cryptographic module validation.

4/7
Learn more
SecurityGlobal

ISO 22301

International standard for business continuity management systems.

4/7
Learn more
SecurityGlobal

ISO/IEC 20000-1

International standard for IT service management (ITSM).

4/7
Learn more
SecurityGlobal

ISO/IEC 42001

First international standard for AI management systems (AIMS).

4/7
Learn more
PrivacyGlobal

ISO/IEC 27018

Code of practice for protecting personally identifiable information (PII) in public clouds.

6/7
Learn more
PrivacyW. Europe

GDPR

EU General Data Protection Regulation for personal data.

7/7
Learn more
PrivacyGlobal

ISO/IEC 27701

Privacy information management system (PIMS) extension to ISO 27001.

6/7
Learn more
IndustryGlobal

PCI DSS

Payment Card Industry Data Security Standard for handling cardholder data.

7/7
Learn more
IndustryN. America

HIPAA

US healthcare law governing protected health information (via a Business Associate Agreement).

6/7
Learn more
IndustryN. America

HITRUST CSF

Certifiable security framework widely used in US healthcare.

3/7
Learn more
Government / RegionalN. America

FedRAMP High

US government authorization for high-impact cloud workloads.

4/7
Learn more
Government / RegionalN. America

FedRAMP Moderate

US government authorization for moderate-impact cloud workloads.

4/7
Learn more
Government / RegionalAustralia

IRAP

Australian Government Information Security Registered Assessors Program.

4/7
Learn more
Government / RegionalW. Europe

BSI C5

Germany’s Cloud Computing Compliance Criteria Catalogue (BSI).

5/7
Learn more
Government / RegionalW. Europe

ENS

Spain’s Esquema Nacional de Seguridad (National Security Framework).

3/7
Learn more
Government / RegionalAsia Pacific

MTCS

Singapore’s Multi-Tier Cloud Security standard (SS 584).

4/7
Learn more
Government / RegionalN. America

NIST SP 800-171

US standard for protecting controlled unclassified information (CUI).

4/7
Learn more
Government / RegionalAsia Pacific

ISMAP

Japan’s government Information system Security Management and Assessment Program.

4/7
Learn more

Sources & Trust Centers

The links below are each provider's official compliance hub / trust center β€” the complete, authoritative list of certifications, which for the largest clouds runs to 100+ (AWS alone advertises 140+). We track a curated, comparable subset above; standard names link to a definition of each. This information may not reflect real-time changes and is not legal or compliance advice β€” verify directly with the provider before relying on it.

Last update, July 2026.