How to get listed in the cloud computing directory

Michaela Holíková 19.09.2022

File Service. Document verification and extraction, HR systems, emails, remote storage. Even public administration is going digital. These are just some of the areas where digitalisation is not only necessary but also desirable. And if you, as a *aaS solution provider, want to be there, there is an administrative task ahead of you - registering in the cloud computing provider directory. How and why can you join the directory? Find out below.

"From ground to Clouds"

Public administrations process huge amounts of data in their information systems. With the advent of the possibility of providing services in the cloud (through cloud computing) instead of having to install them on their own hardware, this option has become attractive for public administration.

On the other hand, however, what is typically highlighted as an advantage of the cloud - less worries about their own hardware, flexibility of the provided performance and the ability to access data from anywhere - is also a security risk for the owners of the processed data.

The National Office for Cybersecurity and Information Security (NUCSIS) also responded to these security risks by issuing Decree No. 316/2021 Coll., on requirements for entry into the cloud computing directory, and Decree No. 315/2021 Coll., on security levels for the use of cloud computing by public authorities, which supplement Act No. 365/2000 Coll., on public administration information systems. ↗

Why be listed in the cloud computing directory?

The directory of cloud computing providers is a database maintained by the Ministry of the Interior of the Czech Republic. The creation of a unified list of secure cloud providers to the public administration is aimed at streamlining the operation of public administration bodies and ensuring that the public administration will use only providers capable of ensuring a basic level of protection of confidentiality, integrity and availability of information of the public administration body to operate its information systems.

Public administrations may only use cloud service providers that provide sufficient data protection against cyber-attacks. From 1 January 2023, public authorities may only conclude new contracts for the provision of cloud services with providers listed in the directory. 

The provider itself does not have to be a cloud computing operator, as is the case in the vast majority of cases where the cloud provider resells the services of large cloud companies such as MS, Google or AWS. 

Therefore, the Information Systems Act sets out an additional set of rules for the security of cloud computing itself. Public administrations may only use such cloud services for their information systems:

  • that enable at least a basic level of protection of the confidentiality, integrity and availability of the public authority's information to be achieved;
  • the security level of which is equal to or higher than the security level of the public administration information system or part thereof for the operation of which it is used;
  • which are, among other things, listed in the directory of cloud computing offerings.

What does cloud computing directory listing entail?

The formal step is to fill in the application form for registration of the provider in the cloud computing directory ↗, which is publicly available on the website of the Ministry of the Interior of the Czech Republic. The Ministry decides on registration in the directory within 45 days from the date of submission.

Poskytovatel musí splnit následující požadavky:

  • Být způsobilý zajistit základní úroveň bezpečnosti informací orgánu veřejné správy.
  • Být bezúhonný v rozsahu bezúhonnosti požadované po kvalifikovaném správci kvalifikovaného systému elektronické identifikace.
  • Musí být způsobilý pro poskytnutí cloud computingu orgánům veřejné správy z hlediska veřejného pořádku, bezpečnosti a dodržování práv třetích osob.

The application must also be submitted with:

  • Proof of good character (extract from the Criminal Register)
  • Proof of experience in providing cloud computing for the last 5 years (references must be provided)
    • References must include, for example, the period of provision, the financial volume of supply, customer contact details, etc.
The absence of relevant references is not in itself a reason to reject a provider's application for inclusion in the cloud computing directory.

Do you want to get registered as a cloud computing provider? We will be happy to help you with the registration. For more information, please see our service offer ↗.


Cloud is the future, even in public administration. But access to shared technical or software resources must be secure.

Providing evidence of having fulfilled the requirements for cloud computing enrolment requires a systematic approach that responds to the requirements and environment of the public administration. At the same time, it can be an administrative process that we are happy to help you with.

Drop us a line