The cloud service provider MUST be effectively controlled by one or more EU corporations. The cloud service provider MUST ensure that effective controls are transparent to cloud service customers.

The cloud service provider MUST be under the effective control of one or more German undertakings. The cloud service provider MUST ensure that effective controls are transparent to cloud service customers.

Effective control in this context means the possibility to exert direct or indirect influence, or determine the key strategic, financial, or operational decisions from non-EU undertakings. If restrictions are imposed by cloud service customers for EU or Germany, they should be justified, and it should be ensured that their implementation, for example, in procurement procedures, is legally permissible on the basis of reasons such as public safety.