Instructions for Self-Certified Organizations
on the Use of the U.S.–EU Safe Harbor Framework Certification Mark

Thank you for your organization’s interest in self-certifying compliance with the U.S.-EU Safe Harbor Framework. Your organization’s self-certification is renewable annually on or before the anniversary of the date that the original self-certification was finalized. In order to continue to take advantage of the benefits that self-certification affords, your organization must maintain its official Safe Harbor filing and inform the U.S. Department of Commerce any changes in the scope of your organization’s activities with regard to personal information received from the European Union (EU).

The Department provides its “Safe Harbor” certification mark (referred to hereafter as “mark”) exclusively to those organizations that maintain a “current” certification status by self-certifying their practices in an official, annual Safe Harbor filing with the Department.

  • Note: The Department owns the U.S. certification mark registration on the Safe Harbor® logo (U.S. Registration #4,711,135) as part of a program certifying “protection of personal data that is received from the EU as required by the EU Data Protection Directive”. Only those organizations that are properly and currently self-certified under the U.S.-EU Safe Harbor program are permitted to use the Safe Harbor® logo. If an organization is eligible to use the mark and is interested in doing so, then it must contact the Department at to obtain an authorized copy of the mark.

The mark must be used in accordance with the instructions provided below.

  • Note: Failure to comply with the instructions may result in enforcement of the mark through an action for infringement of the mark, and/or a referral to the Federal Trade Commission (FTC) for investigation of unfair or deceptive acts or practices under section 5 of the Federal Trade Commission Act. The FTC has the power to take action against unfair or deceptive practices by seeking administrative orders and civil penalties of up to $16,000 per day for violations of those.

Safe Harbor Certification Mark Instructions

1. The mark is a visual manifestation of the commitment your organization makes when it self-certifies that it will comply with the U.S.-EU Safe Harbor Framework.

2. Your organization may announce its self-certification in a press release and include the mark as evidence that it has met the self-certification requirements established by the Department for the U.S.-EU Safe Harbor Framework.

3. Your organization may use the mark for one year from the initial self-certification date. Authorization to use the mark is renewable each year subject to the organization’s reaffirmation to comply with the Safe Harbor Framework.

4. The mark may not be used for marketing or advertisements, and/or to imply any endorsement, authorization, or affiliation that does not exist with respect to the U.S. Department of Commerce or the United States Government.

5. The mark may not be used in a manner that embarrasses the Department or the United States Government.

6. The mark may be placed on the organization’s website on its home page or on the page where the privacy policy is found.

7. In each instance in which you post the mark on your organization’s website, you must:

(a) Immediately above the top edge of the mark, display the following language, in a clear and conspicuous manner not to exceed the width of the mark in a minimum 8 point font, “We self-certify compliance with”. With the words “We self-certify compliance with”, provide a link to:

(b) With the mark, provide a link to:

8. The mark must be removed from the organization’s website under the appropriate circumstances including, but not limited to:

(a) the organization withdraws from participation or is removed as a participant in the U.S.-EU Safe Harbor Framework;

(b) the organization fails to comply with a final ruling of a private sector dispute resolution body, a self-regulatory body, or government body, as applicable, in connection with allegations of Safe Harbor non-compliance;

(c) the organization fails to renew its commitment to the Framework in a reasonable time and in accordance with the reaffirmation requirements;

(d) the organization is acquired by another entity that either is not in the Framework or chooses to opt-out of the program; or

(e) the organization ceases commercial operations.