The REFEDS Code of Conduct (version 2) sets the rules that Service Provider Organisations can commit to when they want to receive End Users Attributes from Home Organisations or their Agent for enabling the End Users to access their Services. Home Organisations will feel more comfortable to release affiliated End Users Attributes to the Service Provider Organisation if they can see that the Service Provider Organisation has taken measures to properly protect the Attributes in line with regulatory requirements.

This specification is an update of the GÉANT Code of Conduct to align with the existing General Data Protection Regulation rather than the previous Directive.