The DOME compliance policy

Being the DOME scope to create a framework supporting the market requirements, the definition of the policy starts from the definition of a baseline, defining the minimum compliance level to ensure acceptability by the majority of the market sectors. This definition is excluding by design any vertical requirement of a market sector or any enhanced qualification. Those second-level qualifications will be used to furtherly raise the qualification level of the offering but not to exclude something from the listing.

The scope is to ensure a reasonable level of compliance while minimizing the exclusions.

Aligning with the market the minimum compliance level is defined by Customers, while Providers have to commit to reach such compliance. The role of the DOME ~~platform~~organization in this process is to balance the requirements of the Customer Base with the sustainability of the Providers. Too high requirements will ~~provide~~land ~~means~~in poor offering because the Providers will not be able to ~~qualify products in~~sustain the ~~Marketplace~~costs ~~with respect to their fulfillment against relevant reference standards.~~

~~Initial clarifications:~~

~~DOME won't certify services.~~

~~DOME will verify that services that want to be endorsed to DOME are compliant~~related to the ~~selected~~acquisition ~~relevant schemes, from~~and the EUmaintenance ~~Cloud~~of ~~Rulebook.~~such Tohigh docompliance ~~so,~~levels.

On the other side several other organizations are already working on the definition of a compliance level for cloud offering, and DOME will ~~verify~~try to keep as much compatibility as possible with most of them in order to create the ~~validity~~conditions for a future sharing of such visibilities between organizations.

In line with other established initiatives (i.e., Gaia-X) the ~~certificates~~DOME compliance policy is mapping the different criteria in different compliance levels according to the evidence provided by the ~~CSPs~~offering vendor during or after the onboarding process.

Being DOME not committed to assess the delivery platform of every provider claiming to be listed on the DOME catalogue, the compliance policy is relying on complying with the criteria that have been selected as the main relevant ones for ~~each~~the trustability of the ~~services.~~

~~DOME will assess the "continuous validity of the certificate" during the lifecycle of the cloud service~~services in ~~DOME,~~DOME. ~~monitoring possible expirations.~~

~~The certification qualification process is composed of 4 steps:~~

~~Step 1- Certification initialisation: The DOME operator sets up~~Thus, the certification level for the services, selecting which certifications/frameworks need to be provided when a service is endorsed into the DOME/federated marketplace. Each marketplace federated in DOME can have specific additional configurations for compliance: EUCR , Others: AI related ones, financial specific, health specific, environmental specific, etc.

~~Step 2- Certification accreditation~~:

A CSP that wants to be part of DOME provides the certificates, uploading the corresponding evidence (signed or not signed pdf files of the certificate ). As depicted in Figure 1, depending on the type of the provided evidence different methods need to be applied to validate it. DOME will accept the different certification types issued by the different agencies and authenticity will be assessed both in all the cases. When the evidence provided is a signed or unsigned pdf the authenticity will be assessed by the DOME Trust Service Provider for Certification, and the corresponding VC will be created for the CSP to be included in their DOME compliance profile.

DOME compliance approach is ~~prepared~~designed to ~~support~~ensure ~~the~~that ~~acceptance~~service ofproviders ~~VCs~~meet ofrigorous ~~the~~quality ~~certificates~~standards, ~~issued~~encompassing byregulatory ~~certification~~respect, ~~agencies~~data ~~as depicted in Figure 1.~~

~~Fig 1. Certification accreditation cases in DOME.~~

~~Step 3- Certification assessment~~: ~~DOME assesses the validity of the certificate~~security, and ifservice ~~valid~~management ~~generates~~best ~~the~~practices. ~~related~~This ~~Verified Credential for the CSP to be stored in the wallet. The validation~~framework is ~~done through the assessment of the provided certification by Trust Services for Certificactions Provider (TSCP). The certification assessment activity will be done in a continuous basis process.~~

~~Step 4- Service qualification and onboarding:~~ ~~The service is qualified in the DOME marketplace~~ based on ~~the~~a ~~valid~~set ~~certificates~~of ~~and~~reference quality criteria that serve as the information is updated in the catalog. Once the product receives the validation it will be visible in the marketplace pages including the Certification profile achieved through the validation.There are 3 compliance levels based on the types of evidence providedfoundation for ~~the~~evaluating ~~supported certifications. These are the different compliance levels a service can be qualified to:~~

~~DOME Level 1 - No certifications provided/achieved~~.

~~DOME Level 2 - Some supported certifications have been verified~~.

~~DOME Level 3 - All the supported certifications have been verified by DOME~~.

compliance.