Qonto relies on the infrastructure hosting provider Amazon Web Services (AWS) for hosting services. AWS’ services are certified ISO 27001 annually.
Proof of their certification is available via this link.
The ISO 27001 certification allows companies to demonstrate their security level. However, as a payment institution regulated by the ACPR, Qonto is already subject to various equally strict security requirements which are regularly monitored by the ACPR:
Decree of 3 November 2014 and notice on IT risk management of 7 July 2021 published by the ACPR,
Compliance with PCI DSS security rules
Digital Operational Resilience Act (DORA) Regulation 2022/2554, which will enter into force in 2025.