Wed. Nov 29th, 2023

Editor’s Note: The European Securities and Markets Authority (ESMA) is an independent EU Authority that contributes to safeguarding the stability of the European Union’s financial system by enhancing the protection of investors and promoting stable and orderly financial markets. As part of its role in assessing risks to investors and markets, ESMA recently published consultative guidelines for cloud outsourcing. This update presents ESMA considerations for financial market participants on outsourcing cloud service providers. While focused on financial markets, the information may be beneficial for legal, business, and information technology professionals as they consider the cloud.

Consultation Paper: Draft Guidelines on Outsourcing to Cloud Service Providers

Executive Summary

Firms are increasingly outsourcing to cloud service providers. Although cloud outsourcing can offer a number of benefits, including reduced costs and enhanced operational efficiency and flexibility, it raises challenges in terms of data protection and information security. Concentration risk can also arise, as a result of many firms using the same large cloud service providers, with potential negative outcomes for financial stability.

ESMA identified the need to develop guidance on outsourcing to cloud service providers following the European Commission’s  FinTech  Action  Plan and feedback received from firms and stakeholders. Considering that the main risks associated with cloud outsourcing are similar across sectors, ESMA has considered the recent guidelines published by EBA and EIOPA, namely the EBA Guidelines on outsourcing arrangements, which have incorporated the EBA Recommendations on outsourcing to cloud service providers, and the EIOPA Guidelines on outsourcing to cloud service providers.

In accordance with Article 16(2) of Regulation (EU) No 1095/20105  (the ‘ESMA Regulation’), as recently amended, this paper sets out for consultation draft ESMA guidelines on outsourcing to cloud service providers.

The purpose of these draft guidelines is to provide guidance on the outsourcing requirements applicable to firms where they outsource to cloud service providers. These draft guidelines are intended to help firms identify, address and monitor the risks that may arise from their cloud outsourcing arrangements (from making the decision to outsource, selecting a cloud service provider, monitoring outsourced activities to providing for exit strategies).

ESMA Draft Guidelines on Outsourcing to Cloud Service Providers (3 June 2020)

The complete ESMA Consultation Paper (PDF)

ESMA Cloud Outsourcing Guidelines – June 2020

Read the original announcement at ESMA Consults on Cloud Outsourcing

Additional Reading

Source: ComplexDiscovery


Generative Artificial Intelligence and Large Language Model Use

ComplexDiscovery OÜ recognizes the value of GAI and LLM tools in streamlining content creation processes and enhancing the overall quality of its research, writing, and editing efforts. To this end, ComplexDiscovery OÜ regularly employs GAI tools, including ChatGPT, Claude 2, Midjourney, and DALL-E3, to assist, augment, and accelerate the development and publication of both new and revised content in posts and pages published (initiated in late 2022).

ComplexDiscovery also provides a ChatGPT-powered AI article assistant for its users. This feature leverages LLM capabilities to generate relevant and valuable insights related to specific page and post content published on By offering this AI-driven service, ComplexDiscovery OÜ aims to create a more interactive and engaging experience for its users, while highlighting the importance of responsible and ethical use of GAI and LLM technologies.


Have a Request?

If you have information or offering requests that you would like to ask us about, please let us know, and we will make our response to you a priority.

ComplexDiscovery is a distinguished digital publication that delivers journalistic insights into cybersecurity, information governance, and eDiscovery developments and technologies. It adeptly navigates the intersection of these sectors with international business and current affairs, transforming relevant developments into informational news stories. This unique editorial approach enables professionals to gain a broader perspective on the intricacies of the digital landscape for informed strategic decision-making.

Incorporated in Estonia, a nation celebrated for its digital innovation, ComplexDiscovery OÜ adheres to the most rigorous standards of journalistic integrity. The publication diligently analyzes global trends, assesses technological breakthroughs, and offers in-depth appraisals of services involving electronically stored information. By contextualizing complex legal technology issues within the broader narrative of worldwide commerce and current events, ComplexDiscovery provides its readership with indispensable insights and a nuanced understanding of the eDiscovery industry.