Microsoft’s recent efforts to position itself as a provider of sovereign European cloud services have faced a significant challenge. In June 2025, during a hearing in the French Senate, a Microsoft representative admitted under oath that data stored by US companies like Microsoft could still be accessed by US authorities despite being hosted in Europe, challenging the premise of digital sovereignty for EU customers. This admission raises critical questions about the feasibility and legitimacy of claims made by cloud service providers regarding the protection of European data from extraterritorial jurisdiction.
The EU has been grappling with issues of digital sovereignty and data privacy since Trump’s presidency raised concerns about the security of European data stored in US-based clouds. The ongoing discussions on the EU-US Privacy Shield Framework highlight these tensions, as they could be invalidated by US legal precedents such as the CLOUD Act, which allows for cross-border access to data.
Microsoft’s announcement of a Sovereign Public Cloud and Sovereign Private Cloud services aims to reassure European customers that their data will remain within Europe’s borders, subject only to EU law. However, this assurance is undermined by Microsoft’s inability to guarantee protection against US government requests under the CLOUD Act. This admission challenges not only Microsoft’s credibility but also the broader aspirations of achieving genuine digital sovereignty through partnerships with American tech giants.
While third-party sources have acknowledged these concerns, many still see value in leveraging cloud services from established providers like Microsoft and AWS for their technical capabilities and global scale. However, this perspective is increasingly at odds with the desire to minimize reliance on foreign entities when it comes to storing sensitive data. The reality of legal frameworks such as the CLOUD Act means that any claim of sovereignty by US-based service providers must be viewed with skepticism.
The European Cloud: Myth or Reality
Experts debate whether claims made by major cloud providers about sovereign EU clouds hold up under scrutiny, questioning if these solutions can truly protect against extraterritorial data access.
In my opinion, while the technical prowess and global reach of US-based cloud providers are undeniable assets, their inherent ties to US legal systems pose a significant barrier to achieving genuine digital sovereignty for European customers. The admission from Microsoft highlights that any sovereign cloud initiative must address these fundamental legal challenges head-on or risk failing to meet its core promise of protecting user data sovereignty. This underscores the need for more localized and independently governed cloud solutions in Europe if true digital autonomy is to be achieved.
Similar questions
What is digital sovereignty in the context of cloud services?
How does the CLOUD Act affect data stored by US companies abroad?
Why did Microsoft face challenges with its Sovereign European Cloud Services claim?
What concerns led the EU to question the security of data stored in US clouds during Trump’s presidency?
Does the CLOUD Act invalidate the EU-US Privacy Shield Framework?
How does the CLOUD Act impact the ability of US companies to protect EU customer data from foreign access?
Why are European customers seeking assurances that their data remains within Europe’s borders under EU law?
What challenges do third-party sources see in Microsoft’s claims regarding digital sovereignty for EU customers?
Do established cloud providers like AWS still have value for technical capabilities and global scale despite concerns over data sovereignty?
How does the CLOUD Act affect the ability of US-based service providers to claim genuine digital sovereignty for European clients?