Here are some of the standards and certifications that have been adopted outside of the United States in various countries around the world:

• Argentina: The Argentina Personal Data Protection Act (APDA) was put in place to protect personal data to ensure privacy of individuals and provide them with a right of access to their data that has been gathered.
• Australia: The Australian Signals Directorate (ASD) identifies cloud services that have successfully been certified in the Information Security Registered Assessors Program (IRAP) and provides a Certified Cloud Services List (CCSL) primarily used by government agencies in Australia and New Zealand. The scope of the certification includes communications and information systems.
• Canada: Canadian privacy laws cover the safeguarding of personal data gathered and the rights of citizens to access the data. Relevant laws include the Privacy Act, Personal Information Protection and Electronic Documents Act (PIPEDA), Alberta Personal Information Protection Act (PIPA), and British Columbia Freedom of Information and Protection of Privacy Act (BC FIPPA).
• China: The Trusted Cloud Service Certification (TRUCS) is a cloud service quality-evaluation system organized by the Trusted Cloud Service working group of the Data Center Alliance (DCA) under the guidance of the Ministry of Industry and Information Technology (MIIT). The Ministry of Public Security (MPS) authorizes organizations to evaluate cloud services for information system classified security protection (known as DJCP) according to classification guides (GBT 22240-2008, GBT 22239-2008).
• European Union: EU Model Clauses are contractual clauses that cloud providers must offer that are consistent with personal data-protection laws regarding the transfer of data outside of the EU.
• Germany: The Federal Office for Information Security (BSI) mandates usage of the IT-Grundschutz methodology (BSI Standards 100-1 and 100-2 consistent with ISO 27001), a risk analysis method (BSI Standard 100-3), and the IT-Grundschutz Catalogs that describe threats and safeguards.
• India: The Government of India Ministry of Electronics and Information Technology (MeitY) defines accreditation for IT-related policies and guidelines, including cloud services. These guidelines must be followed by government agencies and are often adopted in the private sector in India.
• Japan: The Cloud Security Mark (CS Mark) is accredited by the Japan Information Security Audit Association (JAS) and is based on ISO/IEC 27107 and ISO/IEC 27002 for cloud services. An audit is performed on over 1500 controls, including data and physical facility security, human resources, business continuity, disaster recovery, and incident management.
• Netherlands: Agencies operating in the government sector must comply with the Baseline Informatiebeveiliging Rijksdienst (BIR) 2012 standard. The standard is based on ISO / IEC 27001 and 27002 and includes definition of a Privacy Impact Assessment (PIA).
• New Zealand: The office of the New Zealand Government Chief Information Officer (GCIO) created a Cloud Computing and Risk Assurance Framework and Requirements for Cloud Computing document used by government agencies. The Cloud Computing: Information Security and Privacy Considerations document includes a questionnaire focused on data sovereignty, privacy, security, governance, confidentiality, data integrity, availability, and incident response and management.
• Singapore: The Information Technology Standards Committee (ITSC) of Singapore's Infocomm Development Authority (IDA) directed preparation of the Multi-Tier Cloud Security (MTCS) Standard. Based on ISO/IEC 27001 and other standards, MTCS includes 535 controls used in audits to evaluate basic security (Level 1), more stringent governance and tenancy controls (Level 2), and reliability and resiliency (Level 3).
• Spain: The Esquema Nacional de Seguridad (ENS) High Level Security Measures were designed to ensure access, integrity, availability, authenticity, confidentiality, traceability, and preservation of data and services as governed by Royal Decree. Government agencies (and their technology providers) must achieve accreditation through audits that utilize the ENS framework.
• United Kingdom: The G-Cloud is intended for utilization in UK government technology initiatives and is based on a series of framework agreements with cloud service providers. Self-attestation of compliance by the CSPs to 14 CSPs is typically followed by verification performed by the Government Digital Service (GDS). Three levels of security can be classified from attaining compliance: OFFICIAL, SECRET, and TOP SECRET.