The EU project “EMERALD” is developing a framework with new approaches for cloud security compliance with a focus on the user.
As cyberattacks, data breaches, and regulatory requirements continue to intensify, European cloud providers face mounting pressure to demonstrate security and compliance. EMERALD addresses this challenge by creating a framework that strengthens digital sovereignty across the EU.
Reducing Complexity, Enabling Compliance
“The framework brings high-level certification standards to companies that don’t have dozens of employees dedicated to this topic,” explains Björn Fanta, Managing Director of Fabasoft Research GmbH. The initiative aims to reduce complexity, support cybersecurity certifications, unify technical mechanisms, and ensure all European providers can participate. EMERALD establishes a user-friendly framework for continuous auditing while enhancing both security and efficiency in cloud service deployment. The project engages all stakeholders—compliance officers, certification managers, and auditors—throughout the entire audit process.
Automated Audits and Continuous Compliance
Fabasoft and Know Center team up on research within the international consortium to focus on practical implementation questions: How should responsibilities be distributed? Who handles which certification steps? “This extends all the way to the proper implementation of technical controls,” Fanta notes.
The framework also serves as a trust seal for end users by making processes traceable and transparent. Risk assessment and understanding become possible through digitally mapped audit processes, creating the foundation for genuine trust. EMERALD represents Europe’s strategic response to the massive investment volumes of American hyperscalers. “It takes all stakeholders to realize such a project,” Fanta emphasizes. Fabasoft contributes both as a use case provider and as an active technology partner.
Transforming Regulatory Compliance
EMERALD’s impact extends beyond certification frameworks – it fundamentally transforms how organizations approach regulatory compliance. The automated audit capabilities align directly with emerging EU regulations like the Digital Operational Resilience Act (DORA), which mandates strict ICT risk management for financial institutions, and existing frameworks such as BSI C5 (the German Cloud Computing Compliance Criteria Catalogue). Consider a mid-sized European bank navigating DORA compliance: instead of conducting periodic manual audits across multiple cloud providers, EMERALD enables continuous, automated verification of security controls and operational resilience measures. The framework can automatically map cloud service features to specific DORA requirements, flag non-compliance in real-time, and provide auditors with comprehensive, up-to-date evidence trails.
This shift from periodic snapshots to continuous compliance monitoring represents a paradigm change for both service providers and auditors. Traditional audit approaches, which are resource-intensive, time-bound assessments that quickly become outdated, will evolve into dynamic, technology-enabled processes that provide ongoing assurance. For European organizations operating under increasingly stringent regulations, this means reduced compliance costs, faster response to regulatory changes, and significantly enhanced security postures across their cloud infrastructure.