In the first phase, all cloud service data is encrypted by T-Systems, and, at the same time, extended checks ensure that this data is only decrypted for authorized end-user requests. In addition, the data center is audited to ensure that there is no unauthorized access to hardware and that physical threats can be ruled out. In the second phase from 2023, T-Systems will take over the management of user identities and thus ensure that any PII data in the form of user accounts no longer must be stored in the Google Cloud itself. This also includes audits and logging of access to all customer data, including authorization changes. In the third step after 2024, T-Systems will take over end-to-end operations, including the Root Certificate Authority (RCA) for encrypting data in transit and at rest.