ENISA has released updated guidance on cloud security risks, focusing on shared responsibility models, vendor lock-in, and cross-border data risks. The guidance supports compliance with NIS2, GDPR, and the Data Act.
Cloud customers are urged to conduct structured risk assessments and maintain contractual safeguards for data protection and incident response.
This guidance is particularly relevant for organizations outsourcing critical processing activities.
Official source:
ENISA – Cloud Security
https://www.enisa.europa.eu/topics/cloud-and-big-data