Key Components of the DOME Compliance framework:

The DOME marketplacecompliance willframework fosteris structured around three fundamental pillars, which have collectively shaped its foundation and definition

1. Self-assessment: Providers are required to issue a declaration attesting their compliance with the reference quality criteria after they have assessed themselves that they comply with them. This process encourages providers to take ownership of their compliance and ensures transparency.
2. Certification Overlay: Providers can supplement their self-declarations with official certifications that automatically assess compliance with specific subsets of the reference criteria. Multiple certifications can collectively cover the full range of requirements, reinforcing the validity of the compliance claims.
3. Compliance Categorization: Based on the level of compliance with the reference criteria, DOME assigns a Compliance Category to each offering. This categorization reflects the provider's adherence to the upcomingquality Cloudstandards Rule Book. The EU Cloud Rulebookand is envisionedessential asfor the offering's visibility and status within the catalogue.

COMPLIANCE LEVELS

Currently, DOME has established three distinct compliance profile levels. These levels serve a "light"dual regulation with no strict obligationpurpose: (based1) onthey voluntary adoption) and issued as a "Recommendation" butset the Memberminimum Statesrequirements willfor have the poweroffers to enforcebe itpublished in their jurisdictions, if they wish, or even make compulsory a subset or a superset of it . For more details please refer to the   Cloud Rule Book.

Consistent to this approach, the DOME certificationcatalogue and (2) they establish a trust framework for providers, enabling them to transparently display their compliance functionality will allow the services providers to check which certification they ownposture, and to allow theallowing customers to search/filtermake informed decisions when selecting cloud services that meet their trust requirements. To this end, DOME compliance levels have been defined as follows: 

• Baseline Compliance Level : Offerings with self-assessed compliance that lacks formal certification are eligible for this level. They can be published in the catalogcatalogue uponwith a baseline status, indicating a foundational level of compliance.
  
• Professional and Professional + Compliance Levels : Offerings with certified compliance evidence (valid certifications) are eligible for these levels. These levels signify a higher degree of compliance and trustworthiness, enhancing the kindoffering's ofstanding qualification they aim to achieve. Inwithin the EUcatalogue. Cloud Rulebook it is expected to have different compliance levels, i.e. Level 1, Level 2, Level 3. Similarly, DOME will also support the labeling strategy initially into 3 categories basedBased on the type and number of verifiedvalid certifications (Professional or Professional + level can be achieved. 
  
• Non-Compliant Classification : Offerings that fail to meet one or more mandatory compliance criteria, as determined through self-attestation or certification, are classified as non-compliant. Such offerings are excluded from the supportedofficial ones).catalogue, Theensuring that only compliant services willare bepresented taggedto (byusers.
  
different

colors) accordingly into these categories: Red - Level 1 (No verified certifications),

YellowCONTRACTUAL LevelAND 2LEGAL IMPLICATIONS

-

The (Somecompliance supportedself-attestation certifications verified), and Green - Level 3 (All the  certifications have been verifiedmade by a Certificationprovider Bodyis acceptedboth inlegally DOME).

and

Forcontractually binding with the firstDOME versionorganization and is also a representation issued to potential buyers of the platformservices. Any false or misleading declaration will result in immediate reclassification to a Non-Compliant status, disqualifying the certificationsprovider supportedand related areofferings from catalogue visibility. From a legal perspective, this would amount to a misrepresentation that would expose the greenprovider onesto potential legal claims from customers. This measure upholds the integrity of the compliance process and maintains the trustworthiness of the catalogue. The self-attestation mechanism is offering-specific, meaning that the declarations must be filled in from the perspective of each specific offering, not from the standpoint of the whole company. For instance, a cloud offering of a cloud service provider can provide portability and interoperability while another offering from the same provider does not. In that case the former would be eligible for publication in the followingDOME tablecatalogue, :while the latter would not.

The availability of
one or more official certifications

,

Characteristic / Tag to be included for each service: process.

DOME Level 1 - No verified certifications provided/achieved

DOME Level 2 - Some supported certifications have been verified

DOME Level 3 - All the supportedcertification certificationsdocuments havemust beenclearly verified by  DOME

state:

• VERIFIEDThe (Certificationlegal validationentity passed)owning the certification

• IN VALIDATION (Evidences provided to the DOME Trusted

  The Certification Authority whichthat is inissued the process of validating them) 

• SELF-DECLARED (self-declaration of certification compliance, there is no assurance from DOME about the validity)

• EXPIREDThe orvalidity NOTperiod VALIDof (expiredthe certification

• A statement allowing the capability to understand if the published service is covered by such certification or not valid(also certificate)

  known
as
• “the

  NOTscope” REQUIREDof (nothe evidences provided)certification).

The lack of one or more of the above requirements may classify that evidence as unacceptable.