Security & Trust Center

C5

C5 (Cloud Computing Compliance Criteria Catalogue) is a cloud security certification developed by the German Federal Office for Information Security (BSI). It defines a baseline set of security controls that cloud service providers must implement to demonstrate transparency, data security and compliance with German regulatory requirements. C5 is particularly important for organizations in Germany and the EU that handle sensitive or regulated data, as it helps ensure that cloud services meet rigorous security standards. By achieving C5 certification, a cloud service provider gives assurance to customers — especially those in the public sector or highly regulated industries — that their cloud environments are secure, trustworthy and aligned with national compliance expectations.

Databricks’ annual C5 audit is a Type II assessment. The Compliance Security Profile is required to process C5-protected data.