Cloud and edge computing (RP 2026)

(A.) Policy and legislation

(A.1)   Policy objectives

Establishing a coherent framework and conditions for cloud computing was one of the key priorities of the digital agenda for Europe. The digital single market strategy confirmed the importance of cloud computing, which is driving a paradigm shift in the delivery of digital technologies, enhancing innovation, digital single market and access to content. The Communication “2030 Digital Compass: the European way for the Digital Decade” sets two relevant goals for 2030: 75% business cloud adoption, and the deployment of 10 000 climate-neutral and highly secure edge nodes.

(A.2) EC perspective and progress report

By enabling data storage and processing, cloud and edge computing are key enabling technologies for the digital transformation. 

The development of the cloud computing market and the efficient delivery of cloud services particularly depend on the ability to build economies of scale. The establishment of a Digital Single Market will unlock the scale necessary for cloud computing to reach its full potential in Europe. EU-based cloud providers have only a small share of the cloud market, which leaves the EU exposed to dependency risks and limits the investment potential for the European digital industry in the data processing market. Also, given the impact of data centers and cloud infrastructures on energy consumption, the EU is taking steps to lead they way towards making these infrastructures climate-neutral and energy efficient by 2030, while using their excess energy to help heating homes, businesses and common public spaces.

The proposed actions follow the direction as outlined in the EU Communication on ICT standardisation priorities which identified cloud as a key priority for Europe. The actions include a follow-up of cloud standards coordination started in 2012/2013 when the Commission asked ETSI to coordinate stakeholders to produce a detailed map of the necessary standards (e.g. for security, interoperability, data portability and reversibility).

The Commission is pursuing international cooperation in the field of cloud computing, and a number of policy and joint research initiatives have been put in place with Japan, Brazil and South Korea and are ongoing with USA.

Cybersecurity is an important concern for users of cloud and edge computing. Under the Cybersecurity Act, ENISA is currently working on a draft Cybersecurity Certification Scheme for Cloud Services, which is regularly discussed with Member State experts in the EU cybersecurity certification group (ECCG). Once Member States reach consensus, the scheme will go through the comitology procedure to be adopted as an implementing act. The activities of ENISA have resulted in two Technical Specifications from CEN-CENELEC: CEN/TS 18026:2024 (https://standards.cencenelec.eu/dyn/www/f?p=CEN:110:0::::FSP_PROJECT,FSP_ORG_ID:74247,2307986&cs=1D16C403241525AEE1704573DE610D5E9), providing  a set of cybersecurity requirements for cloud services and CEN/CLC/TS 18072:2025, that provides requirements and ISO/IEC 17065 interpretations for Conformity Assessment Bodies (CABs) assessing Cloud Services (https://standards.cencenelec.eu/dyn/www/f?p=CEN:110:0::::FSP_PROJECT,FSP_ORG_ID:74248,2307986&cs=146A3197F00623AC414B10FDB22929A2B). The work of ENISA followed relevant work done as part of the study Certification Schemes for Cloud Computing  ( SMART 2016/0029 ). In April 2018 the Commission launched two DSM (Digital Single Market) Cloud Stakeholder groups (https://ec.europa.eu/digital-single-market/en/news/cloud-stakeholder-work-ing-groups-start-their-work-cloud-switching-and-cloud-security). The DSM Working Group on Cloud Certification Scheme explored the feasibility of an EU certification scheme on cloud security. The Group consisted of national cyber security authorities, cloud service provider, cloud service customer as well as auditing entities. 

• To enable customers to effectively switch between different cloud service providers, the Data Act removes vendor lock-in practices and sets minimum interoperability requirements. Article 30 paragraph 3 of the Data Act stipulates that when building open interfaces for their services, providers of Platform as a Service and Software as a Service must ensure compatibility with the standards and open interoperability specifications published in a central Union standards repository for the interoperability of data processing services. Art. 35 paragraph 8 obliges the Commission to build this repository by means of implementing acts. To prepare this repository, the Commission has launched a study with a manifold objective: 1) to operationalize the criteria specified in the Data Act, 2) map the landscape of existing harmonised standards and open interoperability specifications that could qualify for recognition in the repository and 3) identify gaps in the standardisation landscape, as the Data Act empowers the Commission to launch possible new requests for harmonised standards to European standardisation organisations. The Data Act foresees the adoption of common specifications based on open interoperability specifications covering all of the essential requirements of Art. 35 (para 1 and 2). Previous work on interoperability and switching includes the CloudWatch2 project which (reported on the status of interoperability and security standards, developed a catalogue of cloud services and mapped EU cloud services and providers), a study on switching cloud providers (SMART 2016/0032), and SWIPO (self-regulatory codes of conduct to facilitate data portability and cloud switching in support of article 6 of the Regulation on the Free-Flow of Non-Personal Data, which ultimately did not gain the desired market traction (https://swipo.eu/) These portability codes intend to support article 6 of the Regulation on the free-flow of non-personal data. 
• The JRC published a study on the relationship of open source software and standards setting at the end of 2019 ( https://ec.europa.eu/jrc/en/publication/eur-scientific-and-technical-research-reports/relationship-between-open-source-software-and-standard-setting ) . The objective of the study was to identify possible commonalities and barriers for interaction between standardisation and open source (OSS) processes and in particular the interplay between OSS and FRAND licensing in standardisation.

Open source continues to be a major driver of innovation in the area of Cloud services. Almost all Cloud services are largely based on open source technologies. The role of open source for Cloud interoperability and portability is of high importance.

(A.3) References 

• Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (Data Act)
• Regulation (EU) 2018/1807 of the European Parliament and of the Council of 14 November 2018 on a framework for the free flow of non-personal data in the European Union
• COM(2016)176 “ICT Standardisation priorities for the digital single market”
• COM(2016)178 “European cloud initiative — building a competitive data and knowledge economy in Europe” (Along with SWD(2016)106 and SWD(2016)107)
• COM(2012)529 “Unleashing the potential of cloud computing in Europe”
• COM(2015)192  “A digital single market strategy for Europe”
• Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the EU (NIS Directive).
• COM(2021)118 “2030 Digital Compass: the European way for the Digital Decade”

The volume of data generated is greatly increasing. A growing proportion of data is expected to be processed at the edge, closer to the users and where data are generated. This shift will require the development and deployment of fundamentally new data processing technologies encompassing the edge, adding to those current and future developments concerning a centralised cloud-based infrastructure models.

(B.) Requested actions 

The Communication on ICT Standardisation Priorities for the digital single market proposed priority actions in the domain of Cloud. Some actions are still relevant and mentioned below. Others come from the need to respond to the challenges of the Digital Decade Communication

Action 1: Identify cloud service customer needs for ICT standards, practices, rules, open source technologies, and (as exceptional fallback case) open specifications to support the interoperability of cloud services and portability of workloads, and continue or start respective ESO activities. In particular, there is a need to address (1) customer access to and use of data, (2) data sharing across parties, including data intermediaries and altruism organizations and (3) data processing services interoperability, in support of customers aiming to switch between providers of data processing services.

Action 2: MSP to discuss ways for promoting the use of standards, ICT technical specifications and open source technologies needed to further improve the interoperability, data sovereignty, data protection and portability of cloud services as well as multi-cloud management.

Action 3: SDOs and open source communities to strengthen the interlock between standardisation, open interoperability specifications, and open source solutions in the area of cloud, and establish and support bilateral actions for close collaboration of open source initiatives and standardisation. Foster a level playing field that allows the use of open source procedures and deliverables. 

Action 4: ESOs and SDOs to consider the ISO/IEC JTC 1 reference cloud architecture and generic cloud architecture building blocks, taking into account available international standards. Available standards and open source technologies should be mapped to the generic cloud architecture building blocks, including privacy, security and test standards for each building block. This will also help determine which standards can be used for open cloud platforms and architectures taking, into account the key role of open source for cloud infrastructure design and implementations.

Action 5: Promote the development of adequate standards/open source developments to ensure a competitive playing field for cloud services provision in Europe and contribute to the green agenda.

Action 6: SDOs, EU-funded projects, and open source communities to foster their collaboration, mutual exchange, integration of Open Source outcomes in ESO deliverables and identification of technologies, e.g. APIs, that have been developed in open source and could be standardised also to enable new automation capabilities.

Action 7: SDOs should focus on addressing the edge/cloud X-continuum paradigm and standardisation challenges, taking into account available international standards. In particular, due to huge increase of connected devices and systems, several computing deployments are embracing the notion of computing continuum, where the right compute resources are placed at optimal processing points, i.e., cloud data centre, edge computing systems and end devices, This requires the support of: (1) continuum of technologies across sensors, connectivity, gateways, edge processing, robotics, platforms, applications, Al, and analytics, including underlying technologies like optical, wireless (cellular and non-cellular) and satellite communications, (2) continuum of intelligence and edge capabilities, (3) continuum of edge applications across vertical sectors and seamless integration.

Action 8: SDOs to contribute to the preparation of an overview of relevant harmonised standards and open interoperability specifications that respond to the legal requirements outlined in the Data Act Art. 35 and that could be recognised in the to-be-established common Union repository for the interoperability of data processing services. 

Action 9: SDOs to Promote the development of a standard or a set of standards for processor sockets for cloud computing infrastructure.

Action 10: SDOs to analyse the need and eventually work on promoting the development of standards for multi-cloud and hybrid-cloud management for telecommunication applications and networks. 

(C.) Activities and additional information 

(C.1) Related standardisation activities

CEN & CENELEC

When it comes to Cloud Security, CEN-CLC/JTC 13 ‘Cybersecurity and Data protection’ mirrors the activities of ISO/IEC JTC 1 SC 38 ‘Cloud Computing and distributed platforms’, and considers in this respect the potential adoption of International Standards as European Standards, where market relevant. CEN-CLC/JTC 13’s scope covers the development of standards for cybersecurity and data protection covering all aspects of the evolving information society. This includes notably: Management systems, frameworks, methodologies; Data protection and privacy; Services and products evaluation standards suitable for security assessment for large companies and small and medium enterprises (SMEs); Competence requirements for cybersecurity and data protection; Security requirements, services, techniques and guidelines for ICT systems, services, networks and devices, including smart objects and distributed computing devices.

As of 2024, CEN-CLC/JTC 13 finished the development of the following relevant deliverables:

• CEN/TS 18026:2024 (https://standards.cencenelec.eu/dyn/www/f?p=CEN:110:0::::FSP_PROJECT,FSP_ORG_ID:74247,2307986&cs=1D16C403241525AEE1704573DE610D5E9), providing  a set of cybersecurity requirements for cloud services
• CEN/CLC/TS 18072:2025, that provides requirements and ISO/IEC 17065 interpretations for Conformity Assessment Bodies (CABs) assessing Cloud Services (https://standards.cencenelec.eu/dyn/www/f?p=CEN:110:0::::FSP_PROJECT,FSP_ORG_ID:74248,2307986&cs=146A3197F00623AC414B10FDB22929A2B)

In 2025, CEN-CLC/JTC25, notably WG4 on Cloud and Edge have kicked off their activities with a Technical Report analysing the current landscape of international standards in the field of cloud computing interoperability.

Details about JTC25 and its Work Programme are available at:
https://standards.cencenelec.eu/dyn/www/f?p=205:22:0::::FSP_ORG_ID,FSP_LANG_ID:3485479,25&cs=1E76BC90CC192CD8A7BF6B69906CB7BA0  “

ETSI

ISG NFV (Network Functions Virtualisation): https://www.etsi.org/committee/NFV  adapts standard IT virtualisation technologies, consolidating heterogeneous network infrastructures based on disparate, ad hoc equipment types onto industry standard servers, switches and storage. ISG NFV develops the NFV architectural framework to make more efficient the integration of edge computing and NFV.

Specifications and reports on container infrastructure management (Referring to the latest published version e.g., in Release 5):

• ETSI GR NFV-IFA054 documents the NFV evolution towards the Telco Cloud
• ETSI GS NFV-EVE 011 documents the set of criteria to help characterize cloud-native VNFs.
• ETSI GR NFV-REL 014 studies and evaluates reliability for cloud-native VNFs and ETSI GR NFV-IFA 029 documents enhancements of the NFV architecture for providing “PaaS”-type capabilities and supporting virtualised network functions (VNFs) which follow “cloud-native” design principles. ETSI GS NFV-IFA 040 is about Requirements for service interfaces and object model for OS container and containerized workloads management and orchestration specification.
• ETSI GS NFV-IFA 036 is about container cluster management and orchestration (requirements, functionality, object modelling, etc.). Stage 2 interface specifications have been updated accordingly in ETSI GS NFV-IFA 007, ETSI GS NFV-IFA 008, ETSI GS NFV-IFA 013 and ETSI GS NFV-IFA 014 to support containerized workload management like also ETSI GS NFV-IFA 010 including updates for functional requirements for existing NFV-MANO functional blocks and new NFV-MANO functions responsible for the management and orchestration of containerized workloads and container clusters.
• ETSI GS NFV-IFA 049 specifies the framework for VNF generic OAM functions and additional PaaS Services and associated interface and modelling specifications.
• Regarding Stage 3 work ETSI GS NFV-SOL 018 is about mapping of the NFV object model for OS container management to Kubernetes® managed objects.
• ETSI GS NFV-SOL 020, is about protocol and data models profiling Cluster API (CAPI). ETSI GS NFV-SOL 001, ETSI GS NFV-SOL 002, ETSI GS NFV-SOL 003, ETSI GS NFV-SOL 004, ETSI GS NFV-SOL 005 and ETSI GS NFV-SOL 016 have been updated accordingly in Release 5 to support the management of containerized workloads.
• Additional aspects, such as networking for container-based deployments are investigated in ETSI GR NFV-IFA 038 and ETSI GR NFV-IFA 043.
• Performance measurements of containerized deployments are specified in ETSI GS NFV-IFA 027.
• Study of power efficiency topics are addressed in ETSI GR NFV-EVE 021.
• Topics related to physical infrastructure management for both VM and containerized deployments (in bare metal or VMs) are covered in ETSI GS NFV-IFA 053.

ETSI ISG NFV cooperates with several open source projects such as OpenStack, Anuket and Sylva. Especially a gap analysis was performed to align NFV standards with open source, see ETSI GR NFV-IFA 051. NFV works in close cooperation with OpenStack. Interfaces of CNCF are profiled to create specifications on container infrastructure management.

ISG MEC (Multi-access Edge Computing): https://www.etsi.org/committee/MEC offers to application developers and content providers cloud-computing capabilities and an IT service environment at the edge of the network. ISG MEC is developing a set of standardised Application Programming Interfaces (APIs) to enable MEC services. To application developers and content providers, the access network offers a service environment with ultra-low latency and high bandwidth and direct access to real-time network information that can be used by applications and services to offer context-related services. 
Relevant ISG MEC documents:

• The group led the publication of a White Paper on “MEC security: Status of standards support and future evolutions” written by several authors participating in ETSI ISG MEC, ETSI ISG NFV SEC and ETSI TC CYBER. The work identified aspects of security where the nature of edge computing leaves typical industry approaches to cloud security insufficient.
• Following the white paper, ISG MEC has completed a study on MEC Security (ETSI GR MEC041) and has commenced associated normative work, including API Gateway for Client Applications (ETSI GS MEC 060) with architectural impacts captured in the latest draft of the Framework and Reference Architecture specification (ETSI GS MEC 003).
• Also multi-MEC and MEC-Cloud environments can be relevant in this context. In the domain of Cloud Federation, ETSI ISG MEC published a study ETSI GR MEC 035.
• As a follow-up to the previous study (MEC 035), the group has completed the related normative work (ETSI GS MEC 040) to standardise MEC Federation Enablement APIs.
• A MEC specific testing methodology framework (ETSI GR MEC-DEC 025), which forms the basis for the creation of Conformance Test Specification for MEC APIs. These are captured in a multi-part deliverable comprising of Test Requirements and Implementation Conformance Statements (ETSI GS MEC-DEC 032-1); Test Purposes (ETSI GS MEC-DEC 032-2); and Abstract Test Suite in both TTCN-3 and the Robot Framework (ETSI GS MEC-DEC 032-3). Test Descriptions, with associated Interoperability Feature Statement templates, are also specified in support of MEC Interoperability testing (ETSI GS MEC-DEC 042).
• ISG IPE (IPv6 Enhanced Innovation):  https://www.etsi.org/committee/1424-ipe  has published a report “IPv6 based Data Centers, Network and Cloud Integration”.
• ISG NIN (Non-IP Networking):  is investigating communications and networking protocols to provide the scale, security, mobility and ease of deployment required for a connected society. It is developing a forwarding plane standard that, while still supporting traditional Internet protocols, will also natively support new forms of routing, with a clean interface between the forwarding plane and the control and management planes. Thus, when accessing a service that might be provided at the edge or centrally, a client no longer needs to discover an IP address which identifies an interface to the equipment that provides the service, but can identify the service, content, etc, directly.
• ISG ETI (Encrypted Traffic Integration):  is exploring means to ensure the smooth integration of encrypted traffic to the operation of networks. The concern is that with an over enthusiastic approach to encryption the data required to manage the network effectively is hidden from management points (e.g. routers, switches, control planes). The intent of the work of the ISG is captured in the published problem statement (ETSI GR ETI 001) and is being addressed in ongoing work that endorses the Zero Trust Architecture wherein network elements have to attest to their function in the network before managing it.
• ISG ZSM (Zero Touch Management):   https://www.etsi.org/committee/ZSM. Provides a framework which enables the management of the network and services without human involvement. The automation of operation will ease the management of the edge-cloud continuum, and the enforcement of security and privacy policies.
• ISG F5G (Fixed 5G): completed three releases for the F5G (ETSI GR F5G 001) and F5G Advanced (ETSI GR F5G 021) network generations. The F5G Advanced Use Cases (ETSI GR F5G 020) are driving the different F5G standards release requirements. Currently, release 3 is finalized and release 4 has been started. From the beginning of the ISG, the use of cloud services was a focus of F5G and the requirements for the fixed network have been specified for guaranteed and mission critical cloud services. Starting from the F5G Advanced generation, computing takes a prominent role within the F5G Advanced network, where the F5G Advanced architecture defines cross-plane computing to use computing for the optimization of networks and providing cloud-based services.  Dedicated interfaces to cloud services and the interfaces between different cloud computing resources, which are located throughout the F5G Advanced network are defined in the F5G Advanced Architecture. The E2E F5G Advanced management provides specifications about how the F5G Advanced network should handle requests for Cloud based services to support them with the Optical Cloud Network (OCN) architecture.
• OSM (Open Source MANO):   http://osm.etsi.org/ developing an open source Management and Orchestration (MANO) software stack aligned with ETSI NFV.
• ISG NIN (Non-IP Networking): is investigating communications and networking protocols to provide the scale, security, mobility and ease of deployment required for a connected society. It is developing a forwarding plane standard that, while still supporting traditional Internet protocols, will also natively support new forms of routing, with a clean interface between the forwarding plane and the control and management planes. Thus, when accessing a service that might be provided at the edge or centrally, a client no longer needs to discover an IP address which identifies an interface to the equipment that provides the service, but can identify the service, content, etc, directly.

ISO/IEC

• ISO/IEC JTC 1/SC 27 Information security, cybersecurity and privacy protection
• ISO/IEC 27017 — Code of practice for information security controls based on ISO/IEC 27002 for cloud services
• ISO/IEC 27018 — Code of practice for personally identifiable information (PII) protection in public cloud acting as PII processors
• ISO/IEC 27036-4 — Information security for supplier relationships — Part 4: Guidelines for security of cloud services

ISO/IEC JTC 1/SC 38    Cloud computing and distributed platforms:

A full suite of standards is available and in progress in ISO/IEC JTC 1 SC 38 on cloud computing technologies including, most notably, the ISO Cloud Reference Architecture but also work on vocabulary, SLAs, etc. This is complemented by work in ISO/IEC JTC 1 SC27 on cybersecurity and on more specific work as on Virtualisation. Below is a non-exhaustive list of relevant ISO standards.

• https://www.iso.org/committee/601355.html
• ISO/IEC 19086-1:2016, ISO/IEC 19086-1:2016/Amd 1:2025 — Cloud computing — service level agreement (SLA) framework — Part 1: Overview and concepts
• ISO/IEC 19086-2:2018, ISO/IEC 19086-2:2018/Amd 1:2023, ISO/IEC 19086-2:2018/Amd 2:2025  — Cloud computing — Service level agreement (SLA) framework — Part 2: Metric model
• ISO/IEC 19086-3:2017, ISO/IEC 19086-3:2017/Amd 1:2025 — Cloud computing — Service level agreement (SLA) framework — Part 3: Core conformance requirements
• ISO/IEC 19086-4:2019 — Cloud computing — Service level agreement (SLA) framework — Part 4: Components of security and of protection of PII
• ISO/IEC DIS 19941-1 — Cloud Computing — Part 1: Interoperability and portability (work in progress)
• ISO/IEC PWI 19941-2 — Cloud Computing — Part 2: Guidelines for designing solutions to reduce switching costs of applications (work in progress)
• ISO/IEC CD 22678 — Cloud Computing — Guidance for Policy Development (work in progress)
• ISO/IEC AWS TS 23187 — Cloud computing — Interacting with cloud service partners (CSNs) (work in progress)
• ISO/IEC TR 23613:2020 — Cloud computing — Cloud service metering and billing elements
• ISO/IEC 23751:2022 — Cloud computing and distributed platforms — Data sharing agreement (DSA) framework
• ISO/IEC TR 23951:2025 — Cloud computing — Best practices for cloud SLA metrics
• ISO/IEC 22624:2020 — Cloud Computing — Taxonomy based data handling for cloud services
• ISO/IEC 22123-1:2023 — Cloud computing — Part 1: Vocabulary     
• ISO/IEC 22123-2:2023 — Cloud computing — Part 2: Concepts
• ISO/IEC 22123-3:2023   — Cloud computing — Part 3: Reference architecture
• ISO/IEC DIS 23167 — Cloud Computing — Common Technologies and Techniques (work in progress)
• ISO/IEC DTR 23188.2 — Cloud computing — Edge computing landscape (work in progress)
• ISO/IEC PWI TS 3445  — Cloud computing — Audit of cloud services (work in progress)
• ISO/IEC 5140:2024 — Cloud computing — Concepts for multi-cloud and other interoperation of multiple cloud services
• ISO/IEC  TS 5928:2024 — Cloud computing and distributed platforms — Taxonomy for digital platforms
• ISO/IEC TS 7339:2024 — Cloud computing and distributed platforms — Cloud computing — Platform capabilities type and Platform as a Service (PaaS)
• ISO/IEC 19944-1:2020 — Cloud computing and distributed platforms — Data flow, data categories and data use — Part 1: Fundamentals       
• ISO/IEC 19944-2:2020 — Cloud computing and distributed platforms — Data flow, data categories and data use — Part 2: Guidance on application and extensibility
• ISO/IEC TR 10822-1:2025 — Cloud computing — Part 1: Multi-cloud management — Part 1: Overview and use cases
• ISO/IEC AWI 10822-2 — Cloud computing — Part 2: Identity management (work in progress)ISO/IEC AWI 10822-3 — Cloud computing — Part 3: Orchestration (work in progress)
• ISO/IEC AWI 10822-4 — Cloud computing — Part 4: Monitoring and reporting (work in progress)
• ISO/IEC TS 10866:2024 — Cloud computing and distributed platforms — Framework and concepts for organizational autonomy and digital sovereignty
• ISO/IEC DIS 20151 — Cloud computing and distributed platforms — Dataspace concepts and characteristics (work in progress)
• ISO/IEC CD 19274  — Cloud computing and distributed platforms — Networking in cloud computing and edge computing (work in progress)ISO/IEC CD 20996.2 — Cloud computing — Cloud service customer business continuity and resilience (work in progress)
• ISO/IEC CD 11034.2 — Cloud computing — Trustworthiness in cloud computing (work in progress)
• ISO/IEC AWI TR 25850 — Cloud computing and distributed platforms — Use cases for dataspaces (work in progress)
• ISO/IEC PWI 26189 — Cloud computing and distributed platforms — Dataspace trust frameworks (work in progress)
• ISO/IEC PWI 26191 — Cloud computing and distributed platforms — Enabling AI systems on cloud computing and distributed platforms (work in progress)
• ISO/IEC PWI 26192 — Cloud computing and distributed platforms — Developer activities for multi-cloud (work in progress)
• ISO/IEC PWI 38011 Information technology — Cloud computing and distributed platforms — Observability

ISO/IEC JTC 1/SC 7 Software and systems engineering

• ISO/IEC TS 25052-1:2022 Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE): cloud services — Part 1: Quality model
• ISO/IEC NP TS 25052-2 ISO/IEC Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE): cloud services — Part 2: Measurement of Cloud Service Quality 

ITU-T

ITU-T SG13 leads ITU’s work on standards for future networks and is the primary SG working on cloud computing and data handling. ITU-T SG13 produced Y.3500-series Recommendations and approved 45 Recommendations and 2 Supplements and has 32 ongoing work items covering different aspects of cloud computing (e.g. overview and functional requirements for data storage federation, cloud computing infrastructure requirements, functional requirements of knowledge as a service, principles of cloud native application development, functional requirements of computing resource abstraction, functional requirements of cloud resource optimisation, and cloud computing – functional requirements of function as a service).

In July 2025, SG13 organised a joint workshop with European Telecommunications Standards Institute – Industry Specification Group – Network Functions Virtualization (ETSI ISG NFV), “From virtualization to cloud native: cloud computing for the Telco and coordination with ETSI NFV”

Y.Sup49 to ITU-T Y.3500-series (11/2018) – Cloud computing standardisation roadmap, including deliverables of various SDOs:

• https://www.itu.int/rec/T-REC-Y.Sup49/en  .
• Flipbook “Cloud computing: From paradigm to operation” with a collection of many ITU-T outputs on cloud computing:
• https://www.itu.int/en/publications/Documents/tsb/2020-Cloud-computing-From-paradigm-to-operation/index.html

In the domain of Big Data for Cloud, ITU-T related work is listed in the Big Data chapter of this Rolling Plan.

More info:  SG13 – Future networks and emerging network technologies (itu.int) 

ITU-T SG11 is developing standards on cloud and edge computing with regard to signalling, monitoring and interoperability testing. SG11 developed several Recommendations which cover monitoring of cloud computing, signalling requirements of intelligent edge computing for different applications (e.g. data management interfaces for intelligent edge computing-based smart agriculture service and data management interfaces for intelligent edge computing-based flowing-water smart aquaculture system), interoperability testing of cloud computing and testing/monitoring requirements for virtual switches, cloud-based control plane and user plane of vBNG (ITU-T Q.3914, Q.3957, ITU-T Q.4040-Q.4059-series, ITU-T Q.5001, Q.5007, Q.5011, Q.5028, Q.5029, Q.5030, Technical Report ITU-T QSTR.MPM-SRv6). The ITU-T Q.Supplement 65 “Cloud computing interoperability activities”, provides the summary information for cloud computing interoperability activities of existing standards development organisations (SDOs) and the groups, forums and open sources developing the specifications that have the potential to utilize cloud computing interoperability testing tools.

The ongoing work items of SG11 focus on: signalling requirements for orchestration supporting confidential computing in multi-access edge computing, protocol for supporting computing and network convergence in fixed, mobile and satellite convergence in IMT-2020 network and beyond, signalling requirements and interfaces of edge-aided energy management agent at intelligent edge computing, signalling architecture for microservices based intelligent edge computing, data management interfaces in educational robot system with intelligent edge computing, data management interfaces for public decision-making framework on Intelligent edge computing, data management interfaces for intelligent edge computing-based smart pest and disease management service.

SG11 developed several Recommendations which define signalling architecture and requirements for Computing Power Network (CPN) – ITU-T Q.4140-Q.4159 series.

More info: https://itu.int/go/tsg11 

ITU-T SG20 develops standards and guidelines on Internet of Things, digital twins and smart sustainable cities and communities. It also studies aspects related to edge computing for the Internet of Things (IoT), which allows IoT deployments to be enhanced through data processing closer to the end device. ITU-T SG20 has approved the following Recommendations:

• Recommendation ITU-T Y.4122 “Requirements and capability framework of edge computing-enabled gateway in the IoT”
• Recommendation ITU-T Y.4208 “IoT requirements for support of edge computing”
• Recommendation ITU-T Y.4486 “Framework of cross edge decentralized service by using DLT and edge computing technologies for IoT devices”
• SG20 has approved Supplement 86 on “Supplement to ITU-T Y.4471-Functional architecture of connected vehicle formation supporting based on edge computing”.

Additionally, ITU-T SG20 is also progressing draft Recommendations and draft Supplements in this field, including:

• Draft Recommendation ITU-T Y.IoT-IIEC “Framework of the integrated intelligent IoT service based on multi edge computing”
• Draft Supplement ITU-T Y.Sup.EdgeIoT-usecases “Supplement to ITU-T Y.4208 – Use cases of edge computing based Internet of Things”

More info: https://itu.int/go/tsg20

ITU-T SG17 (security) studies security requirements, architectures, guidelines and best practices for cloud computing and big data infrastructures. It has published 20+ Recommendations in ITU-T X.1600-series for cloud security and 4 Recommendations in ITU-T X.1 for big data security. Currently there is a strong need for securing cloud computing enabled critical voice, multi-media, identity-based services, information assurance services, identity and data services, and emergency-based services. As AI’s rapid advancement reshapes cloud infrastructure, SG17 is prioritizing security for cloud infrastructures, X-aaS models, and intelligent countermeasures and continues to develop 10+ .

More info: https://itu.int/go/tsg1

ITU-R SG 6 approved Report ITU-R BT.2539 on “Use of cloud computing for programme production”.

ITU-R SG 1 approved Report ITU-R SM.2423 on “Technical and operational aspects of low-power wide-area networks for machine-type communication and the Internet of Things in frequency ranges harmonised for short-range devices (SRD) operation” and Report ITU-R SM.2503 on “Evaluation of radiated electromagnetic disturbances of household appliances and their interferences over an Internet of Things network in the 915 MHz frequency band”.

IEEE

Cloud computing:

IEEE 2302, IEEE Standard for Intercloud Interoperability and Federation (SIIF), provides a model that allows a range of deployment topologies and governance, and can be applied to many application domains using different implementation approaches; IEEE P2303 Standard for Adaptive Management of Cloud Computing Environments.

Fog/Edge Computing:

Work is going on in IEEE P1934.1, “Nomenclature and Taxonomy for Distributing Computing, Communications and Networking along the Things-to-Cloud Continuum” and IEEE P1935 “Standard for Edge/Fog Manageability and Orchestration.”

More recently, IEEE SA initiated a new family of standards on a cloud-edge collaborative framework through:

• IEEE 2805.1, Self-Management Protocols for Edge Computing Node
• IEEE P2805.2,  Data Acquisition, Filtering, and Buffering Protocols for Edge Computing Node
• IEEE P2805.3, Cloud- Edge Collaboration Protocol for Machine Learning
• IEEE P2961, Guide for an Architectural Framework and Application for Collaborative Edge Computing

For more information, see: https://ieee-sa.imeetcentral.com/eurollingplan/

IETF

The IETF has multiple groups working on standards for virtualization techniques, including techniques used in cloud computing and datacenters.

The Layer 2 Virtual Private Networks (L2VPN) Working Group produced specifications defining and specifying solutions for supporting provider-provisioned Layer-2 Virtual Private Networks (L2VPNs). They also addressed requirements driven by cloud computing services and data centers as they apply to Layer-2 VPN services. The L2VPN Service Model (L2SM) Working Group is tasked to created a data model that describes an L2VPN service.

The Layer 3 Virtual Private Networks (L3VPN) Working Group was responsible for defining, specifying and extending solutions for supporting provider-provisioned Layer-3 (routed) Virtual Private Networks (L3VPNs). These solutions provide IPv4, IPv6, and MPLS services including multicast.

The Layer Three Virtual Private Network Service Model (L3SM) Working Group was tasked to create a YANG data model that describes an L3VPN service (an L3VPN service model) that can be used for communication between customers and network operators, and to provide input to automated control and configuration applications.

The Network Virtualization Overlays (NVO3) Working Group develops a set of protocols and extensions that enable network virtualization within a datacenter environment that assumes an IP-based underlay. An NVO3 solution provides layer 2 and/or layer 3 services for virtual networks enabling multi-tenancy and workload mobility, addressing management and security issues.

The System for Cross-domain Identity Management (SCIM) Working Group worked on standardising methods for creating, reading, searching, modifying, and deleting user identities and identity-related objects across administrative domains, with the goal of simplifying common tasks related to user identity management in services and applications.

The Computing in the Network Research Group (coinrg) of the IRTF explores existing research and fosters investigation of “Compute In the Network” and resultant impacts to the data plane. The goal is to investigate how to harness and to benefit from this emerging disruption to the Internet architecture to improve network and application performance as well as user experience.

The  Workload Identity in Multi System Environments (wimse)  Working Group is chartered to address the challenges associated with implementing fine-grained, least privilege access control for workloads deployed across multiple service platforms, spanning both public and private clouds. The work will build on existing standards, open source projects, and community practices, focusing on combining them in a coherent manner to address multi-service workload identity use cases such as those identified in the  Workload Identity Use Cases Internet Draft.  The goal of the WIMSE working group is to identify, articulate, and bridge the gaps and ambiguities in workload identity problems and define solutions across a diverse set of platforms and deployments, building on various protocols used in workload environments. The WG will standardise solutions (as proposed standard) and document existing or best practices (as informational or BCP) per the Program of Work.

https://wiki.ietf.org/en/group/iab/Multi-Stake-Holder-Platform#h-312-cloud-and-edge-computing

Fraunhofer Institute and OFE

The Fraunhoffer Institute and Open Forum Europe (OFE) carried out a study in 2021 on behalf of the European Commission, entitled “The impact of Open Source Software and Hardware on technological independence, competitiveness and innovation in the EU economy”.  The analysis estimated a cost-benefit ratio of above 1:4 and predicted that an increase of 10% of OSS contributions would annually generate an additional 0.4% to 0.6% GDP as well as more than 600 additional ICT start-ups in the EU. Case studies revealed that by procuring OSS instead of proprietary software, the public sector could reduce the total cost of ownership, avoid vendor lock-in and thus increase its digital autonomy. The study also contained policy recommendations including the promotion OSS in addition to standardisation as a further channel of knowledge and technology transfer, e.g., as an explicit dissemination channel for Horizon Europe projects.

OGF

Open Grid Forum (OGF) is a leading standards development organisation operating in the areas of grid, cloud and related forms of advanced distributed computing. The OGF community pursues these topics through an open process for development, creation and promotion of relevant specifications and use-cases.

http://www.ogf.org/

OMG

Object Management Group (OMG): the OMG’s focus is always on modelling, and the   first specific cloud-related specification efforts have only just begun, focusing on modelling deployment of applications & services on the clouds for portability, interoperability & reuse.  http://www.omg.org/

Hosted by the OMG is the Cloud Standards Customer Council, which has produced a series of customer-oriented white papers on diverse topics related to cloud computing, all of which are publicly accessible at:  http://www.cloud-council.org/resource-hub.htm  

OneM2M

The oneM2M architecture is based on distributed computing capabilities, data management and storage, and it supports interworking with non-oneM2M entities and integrates with communication infrastructures. The oneM2M system operates in the cloud when the data are centralized. At the same time, separate oneM2M based cloud services may be federated as an alternative to the direct integration of dedicated data bases. The oneM2M standards also address edge related technologies for Automotive and Industry 4.0 domains. In 2018 oneM2M started a dedicated work item on Edge and Fog Computing (WI-0080). Different solutions have been developed, such as Edge/Fog offloading, dynamic service management, common service description /service-awareness, loosely/tightly coupled Edge/Fog Computing. The study of those solutions resulted in related normative work that contains advanced features and enhancements for oneM2M specifications TS-0001, TS-0004 and TS-0026. Specific studies are available as Technical reports as well as all specifications being made publicly accessible at: <https://onem2m.org/technical/published-specifications>.

Related guidelines are also provided in ETSI TR 103 527 V1.1.1 (2018-07) SmartM2M; Virtualized IoT Architectures with Cloud Back-ends.

OASIS

The Topology and Orchestration Specification for Cloud Applications (TOSCA)   specification is a cross-vendor, cross-platform language and model for description and requests to enable interoperable and portable cloud services, and one of the “most used standards projects” in  Cloudwatchhub.eu’s study . It was most recently updated in 2025 as   TOSCA v2.0 , generalized for integration of heterogeneous systems beyond simple cloud computing. TOSCA also issued a   YAML profile   for data exchange, most recently v1.3 in 2020. The OASIS TOSCA TC and ETSI NFV ISG cooperate to align their Network Functions Virtualisation (NFV) service models and specifications.

The Cloud Application Management for Platforms (CAMP) TC advances an interoperable protocol that cloud implementers can use to package and deploy their applications. CAMP defines interfaces for self-service provisioning, monitoring, and control. Common CAMP use cases include: moving on-premise applications to the cloud (private or public) or redeploying applications across cloud platforms from multiple vendors.

The OASIS Open Data Protocol (Odata) TC works to simplify the querying and sharing of data across disparate applications and multiple stakeholders for re-use in the enterprise, Cloud, and mobile devices. A REST-based protocol, OData builds on HTTP and JSON using URIs to address and access data feed resources. OASIS OData standards have been approved as ISO/IEC 20802-1:2016 and ISO/IEC 20802-2:2016.

The goal of the OASIS Virtual I/O Device (VIRTIO) TC  is to simplify virtual devices, making them more extensible and more recognizable. It ensures that virtual environments and guests have a straightforward, efficient, standard, and extensible mechanism for virtual devices. Guest can use similar standard PCI drivers and discovery mechanisms for PCI devices of the VIRTIO family as for physical PCI devices.

The OASIS Infrastructure Data-Plane Function (IDPF) committee defines interoperable multi-vendor interfaces for devices, on physical or virtualised systems, based on the PCI Express (Peripheral Component Interconnect Express) high-speed serial expansion bus standard used in both virtualised data centers and physical motherboards.  Standardised composition and sharing of networked devices allows for live migration and decoupling of data center tenants as well as operator infrastructure, significantly improving the portability of data and data center installations.

OFE

In 2021 Open Forum Europe (OFE) carried out a study on behalf of the European Commission, entitled “Standards and Open Source: bringing them together”. The aim of this study was to analyse and make practical progress on the collaboration models between SDOs and cloud open source software development initiatives, and to develop a roadmap of actions to improve the integration of open source communities in the standard setting process.

https://ec.europa.eu/digital-single-market/en/news/standards-and-open-source-bringing-them-together

W3C

ERCIM, the European Partner of W3C is a member of AIOTI. In the center of attention is the work on the Web of Things (WoT) that has already produced important Specifications like the Thing Description. To identify and document use cases and requirements, the Web-based Digital Twins for Smart Cities Interest Group was created. The web of things and their description will funnel structured Linked Data into the cloud, thus contributing significantly to the data economy. The Web & Networks Interest Group produced the Client-Edge-Cloud coordination Use Cases and Requirements. 

(C.2) Other activities related to standardisation

AIOTI

The Alliance for AI, IoT and Edge Continuum (AIOTI) has an active Working Group that focuses on standardisation, covering topics such as high-level architectures, landscape and gap analysis and semantic interoperability. In the area of cloud and edge computing, several reports were published on identifying high-priority standardisation gaps, standardisation contributions from EU-funded projects and various computing continuum scenarios. All deliverables can be found here: https://aioti.eu/resources-standardisation/

The AIOTI Focus Group on High-Level Architectures is working on guidance for IoT and Edge Computing Integration in Data Spaces. This report provides an analysis of the integration of IoT and edge computing in data spaces. It explains the context, provides a definition of data spaces, and enumerates the challenges of data spaces, as well as the positioning of data spaces in the AIOTI high-level architecture (HLA). It describes the relation to existing solutions: a construction approach relying on reference architecture standards and patterns; the use of reference architectures proposal from IDSA, oneM2M, ETSI MEC; the work carried out by several large-scale projects: PLATOON, INTERCONNECT, SmartBear, ASSIST-IoT. It provides recommendations for data space standards. The second report this group prepared is about Guidance for the Integration of Digital Twins in Data Spaces. This report focuses on the integration of digital twins in data spaces: it provides a context on data spaces, digital twins, IoT and edge computing and standardisation: it provides an analysis of the integration of digital twins in data spaces taking an architecture approach; it describes a large number of digital twin use cases in domains such as agriculture, connected vehicles, smart cities, energy, smart manufacturing; The document can be used to provide insights and sources for future standardisation work related to the integration of digital twins in data spaces. This document also leverages the following reports: The EU Observatory for ICT Standardisation (EUOS) published in June 2022 a report prepared by the StandICT technical work group (TWG) entitled Landscape of Digital Twins and BDVA report published in February 2024 prepared by the task force on data spaces and task force on standards entitled Data Sharing Spaces and Interoperability.

The EU Observatory for ICT Standardisation (EUOS) published in February and June 2025 two  reports prepared by the StandICT technical work group (TWG) IoT & Edge, entitled  Landscape of Internet of Things v.2  and  Landscape of Edge Computing Standards v.2. AIOTI published in May the joint report developed with EUCloudEdgeIoT.eu and Open Continuum projects entitled  Towards a computing continuum reference architecture. 

BSI

Cloud Computing Compliance Controls Catalogue (C5)

The C5 defines a baseline for cloud security, divided into thematic sections (e.g. organisation of information security, physical security), using mostly recognised security standards. C5 outlines prerequisites for a conformity assessment using international standards (ISAE 3000, ISAE 3402), adding cloud specific requirements, especially for transparency.

GICTF

Global Inter-Cloud Technology Forum (GICTF) is promoting standardisation of network protocols and the interfaces through which cloud systems inter-work with each other, to promote international interworking of cloud systems, to enable global provision of highly reliable, secure and high-quality cloud services, and to contribute to the development Japan’s ICT industry and to the strengthening of its international competitiveness.

http://www.gictf.jp/index_e.html .

GAIA-X

Gaia-X aims at developing common requirements for a European data infrastructure based on standards which ensure transparency and interoperability. GAIA-X addresses this requirement by aligning network and interconnection providers, Cloud Solution Providers (CSP), High Performance Computing (HPC) as well as sector specific clouds and edge systems. https://www.data-infrastructure.eu/ ”

OCC

The Open Cloud Consortium (OCC) supports the development of standards for cloud computing and frameworks for interoperating between clouds; develops benchmarks for cloud computing; and supports reference implementations for cloud computing, preferably open source reference implementations. The OCC has a particular focus in large data clouds. It has developed the MalStone Benchmark for large data clouds and is working on a reference model for large data clouds.

https://www.occ-data.org

TM Forum

TM Forum: The primary objective of TM Forum’s Cloud Services Initiative is to help the industry overcome these barriers and assist in the growth of a vibrant commercial marketplace for cloud-based services. The centrepiece of this initiative is an ecosystem of major buyers and sellers who will collaborate to define a range of common approaches, processes, metrics and other key service enablers.

https://www.tmforum.org/ioe

SNIA

Storage Networking Industry Association (SNIA): The Cloud Work Group exists to create a common understanding among buyers and suppliers of how enterprises of all sizes and scales of operation can include cloud computing technology in a safe and secure way in their architectures to realise its significant cost, scalability and agility benefits. It includes some of the industry’s leading cloud providers and end-user organisations, collaborating on standard models and frameworks aimed at eliminating vendor lock-in for enterprises looking to benefit from cloud products and services.

http://www.snia.org/cloud

(C.3) additional information

Open source projects address particular aspects of cloud computing (e.g. OpenStack (IaaS), the Open Networking Foundation (ONF), Cloud Foundry (PaaS), Docker (Container technology) and kubernetes) and as such, open source communities should be encouraged to collaborate with standardisation and submit their APIs for standardisation.