ISO/IEC 27701

Nebius has been certified as both a PII controller and a PII processor, reflecting our responsibility to protect personal data across different service and operational contexts.

This dual certification demonstrates that Nebius can securely manage its own data processing activities as a controller and also process customer data responsibly on their behalf as a processor.

To meet the requirements of ISO/IEC 27701, Nebius:

• Extends its Information Security Management System (ISMS) into a Privacy Information Management System (PIMS).
• Applies privacy-specific controls to the collection, processing, storage, and deletion of PII.
• Defines clear responsibilities and accountability measures when acting as both a controller and a processor.
• Implements processes to support compliance with global privacy regulations, including the GDPR and similar frameworks.
• Ensures transparency, data subject rights support, and customer trust through independently audited privacy practices.

This certification highlights Nebius’s dedication to embedding privacy into its operations and providing assurance to customers and regulators that PII is managed securely and in compliance with international standards.