Atlassian Cloud Compliance

Protect your data

Atlassian has made the EU Financial Services Addendum ("EU FSA") available to European financial services customers making a qualified enterprise cloud purchase. By signing an EU FSA, Atlassian is able to ensure compliance with EBA and BaFin outsourcing regulations.

This is good news for BaFin-regulated organizations as Atlassian now ensures that BaFin and EBA requirements regarding outsourcing of cloud services are met.

Extended rights of financial services clients

The EU FSA is a supplementary contract along with the Atlassian Subscription Agreement which provides customers with additional terms and conditions to guarantee compliance with EBA and BaFin guidelines. Atlassian provides the following additional rights:

- Comprehensive audit rights for the customer and their auditors and regulators at the Atlassian level and downstream for AWS.
- Enhanced record keeping and reporting obligations for Atlassian.
- Commitment by Atlassian to cooperate with customer's regulators.
- Continue to provide services after bankruptcy or termination

Compliance-compliant migration to Atlassian Cloud

The EU FSA applies to the following solutions in the Atlassian Cloud product suite:

- Confluence Cloud
- Jira Align Cloud
- Jira Service Management Cloud
- Jira Software Cloud

This further facilitates Atlassian customers in the financial industry to migrate from their on-premise systems to Atlassian Cloud in a compliant manner.

Further details on BaFin and EBA

BaFin: Here are the Atlassian Outsourcing Guidelines. The table provided is intended to help financial services institutions under the supervision of BaFin to map how the terms of the Guide to Outsourcing to Cloud Service Providers (BaFin Guide) correspond to Atlassian's customer contract documentation. The guidelines include information on audit rights, instruction rights, data security, termination and chain outsourcing.

EBA: Atlassian's EBA Outsourcing Guidelines contain specific mappings to each requirement and outline on how Atlassian supports clients in complying with regulations. The guidelines include details on audit rights, data system security, location of data processing, chain outsourcing and termination.

The legal contents listed by Seibert Media GmbH, e.g. judgments, tips and contributions, are carefully compiled to the best of our knowledge and belief. No claim is made to the completeness and exclusivity of the content. The information provided is for informational purposes only and does not replace individual legal advice. Seibert Media GmbH does not guarantee the judgments and opinions presented here will be followed in the case of a dispute.

Therefore Seibert Media GmbH does not assume liability for the published content. The published content contain references and links to other websites, which we cannot guarantee is correct or complete. The information is outside of our area of responsibility. If any content violates applicable law or are inappropriate, please let us know.

Shortlink to this page: | View this page in German


Luisenstraße 37-39, 65185 Wiesbaden

  • No labels

This content was last updated on 12/05/2022.

This content hasn't been updated in a while. That doesn't have to be a problem. Some of our pages live for years without becoming obsolete. Please click this link if you want us to update this page. Old content can be incorrect, misleading or outdated. Please get in contact with us via a form on this page, our live chat or via email with if you are in doubt, have a question, suggestion, or want changes from us.