In a significant milestone of our commitment to cloud security, transparency, and regulatory alignment, ThousandEyes has achieved C5 Type 2 attestation. Conducted by Schellman, an independent certified auditor, this attestation affirms our ability to support organizations across Germany’s most regulated sectors—including the public sector, critical infrastructure, healthcare, and financial services—by aligning with one of Germany’s most widely adopted and rigorous cloud assurance frameworks.
What is C5, and Why Now?
Germany’s Federal Office for Information Security (BSI) introduced the Cloud Computing Compliance Criteria Catalogue (C5) in 2016 to support the country’s rapid adoption of cloud services. Since then, it has become a foundational benchmark for cloud assurance and regulatory compliance in Germany, and is widely recognized across Europe. Procurement teams, auditors, and regulatory bodies use C5 to evaluate cloud platforms against a defined set of technical and organizational controls, including:
- Data protection and sovereignty
- Identity and access management
- Logging, monitoring, and incident response
- Organizational transparency and governance
C5 Type 2 specifically assesses not only the design of these controls but their ongoing operational effectiveness over time to provide stronger assurance for customers with long-term security and compliance obligations.
Compliance Backed by Assurance
Enterprises today rely heavily on services they don't directly control, such as third-party Software as a Service (SaaS), public cloud infrastructure, Internet Service Providers (ISPs), Domain Name System (DNS) providers, Content Delivery Networks (CDNs), and more. Gaining visibility into this digital supply chain is essential—but it must come from a platform itself that upholds high standards of security, transparency, and governance.
At ThousandEyes, we consider security and compliance foundational to delivering exceptional digital experiences. Our platform is designed with multi-tenant security, strong encryption, strict access controls, and transparent operational practices. ThousandEyes adds C5 to our expanding security and privacy portfolio—including ISO 27701, ISO 27018, the ENS Certificate, and the EU Cloud Code of Conduct (CoC) Level 3. The C5 attestation reflects this ethos and provides another independent validation to our commitment to support secure, compliant operations.
Customer Value Across Europe
Germany has long played a leading role in shaping the EU’s data protection and compliance standards. When the BSI made C5 a requirement for government cloud adoption in 2016, it marked a shift that continues to influence how cloud services are assessed across the continent.
While C5 originated as a national standard, its principles are increasingly echoed in broader European efforts to harmonize cloud security requirements. As the EU works toward a more unified approach to cloud assurance, C5 remains a key reference point for public sector and regulated industries across member states.
For ThousandEyes customers operating throughout Europe, our C5 Type 2 attestation supports broader compliance objectives. It helps streamline compliance processes, reduce regulatory complexity, and strengthen their trust with auditors and stakeholders. By aligning with C5, ThousandEyes provides IT and security leaders to maintain global visibility–without introducing governance or assurance gaps.
Trust is the New Baseline
As Germany continues to refine its cloud compliance landscape, ThousandEyes remains committed to maintaining the highest levels of security and transparency. Our cloud visibility platform enables German organizations to see across their digital ecosystems while satisfying evolving compliance requirements.
The C5 attestation addition underscores our dedication, supporting our role as a trusted partner in regulated environments and upholding operational excellence across Europe and beyond.