The European Union is considering rules that would restrict its member governments’ use of U.S. cloud providers to handle sensitive data, sources familiar with the talks told CNBC.
↫ Kai Nicol-Schwarz at CNBC
The fact that this has only just become a possible reality now, and not decades ago, is beyond me, but better late than never, I suppose. The Americans voted en masse (not voting is a vote for the winner!) for Trump twice, and there’s no indication they won’t vote for such an anti-Europe basket case again. Their opinions and attitudes towards Europeans are clear: they dislike us deeply, and after the last few years, there’s no going back. Violating trust is easy; restoring it takes decades. Relying on the Americans for our digital infrastructure is, therefore, a monumentally stupid and self-defeating idea.
Of course, many members states are addicted to the cloud services from Google, Microsoft, and Amazon, so there’s going to be many individual member states who simply won’t reduce their dependency on the Americans of their own volition. My own country of origin, The Netherlands, only recently signed off on the sale of its government ID services company and associated personal data to an American company, despite the vast majority of the Dutch House of Representatives telling them not to. As such, it makes sense for the EU to step in and simply making it illegal to hand over sensitive data to the Americans.
Of course, we’ve got a long way to go, and I’m sure many of any possible proposed restrictions will be watered down considerably by pressure form major member states. Addiction is a harsh disease.
Well…
EU already had “data nativity” for cloud operations for maybe a decade. It started with Microsoft, and I believe others have it as well.
Long story short, Microsoft does not own the Azure datacenters they use in EU, but it is a third party that is specifically built for this purpose. They later modified this… but most of the main idea stays.
So… any user data that resides on those will not be subject to US jurisdiction, but the EU one.
So… I’m not sure why EU is up in arms about this one. Are they wanting to also economically sever from likes of Microsoft?
And then I’d say “good luck”, since they cannot get the same service, and actual privacy and security at the same cost levels from any EU native provider.
If a EU company were to have its data in Microsoft Cloud, on EU soil, as per the rules; do you really think that makes them any less vulnerable to a US-operated killswitch in the software that allows access to it ?
Same for Google and Amazon of course.
The US says Huawei is not to be trusted but the same applies here, even if the data is on our soil.
It’s long overdue for us to grow up.
DannyBackx,
“Killswitch” seems like the wrong word to use for privacy issues. Obviously MS could create a “backdoor”, but they probably don’t even need one because they already control the front door. Also, the US government “legally” snoops in other countries under the “Five Eyes” alliance. Although they would deny it, they were caught red handed violating the laws of US and other countries behind the scenes and nobody ever faced consequences.
https://en.wikipedia.org/wiki/Five_Eyes
The government’s response tends to be “let’s cover our tracks better and make examples of the whistleblowers”. I don’t think they ever really intend to stop.
Microsoft and others have taken out cloud services by not updating a certificate…. I’m sure they have smarter ways too!
“So… any user data that resides on those will not be subject to US jurisdiction, but the EU one.”
No.
https://www.forbes.com/sites/emmawoollacott/2025/07/22/microsoft-cant-keep-eu-data-safe-from-us-authorities/
Precisely. No.
This is also a concern for Canadian data on Canadian soil but housed in US-owned data centres.
Thanks for including a link that I can bookmark.
Not just “digital infrastructure”, but that’s another problem. The USA will invoke their “extraterritoriality” whenever it suits they/them, like they do with money if dollar is in jeopardy. Like remotely disabling the F35 bought by their “allies”. And listening/spying on the French President or German Chancellor…
Just don’t think it was qny better under Obama/Biden because they are “democrats”, it was just tasting sweeter yet it was still a bitter deal. They always thought they rule the World, imposing their technologies like in the Marshall plan, so that we don’t develop ours and/or don’t rely on USSR/communist technologies. That’s our world…
Meanwhile the EU requires citizens to have a Google/Apple account and certified Android/iOS device to be able to use the upcoming EU age verification and digital ID apps. Users of degoogled Android, Linux phones, or dumbphones (PC only) will not be excluded.
The problem with cloud platform dependence is that the next generation if IT engineers have fallen again for vendor lockin trap and its no longer matter if raw HW availability but tangled web of various solutions built on top of services of Amazon, Microsoft and Google with no clear standard to mediate between them and any prospective EU hosted equivalent. The end game will likely be some “sealed” offering from one of those.
dsmogor,
I don’t think it’s the “IT engineers” so much as it is the managers and executives. Most often the sales pitch involves spending less on IT staff. IT used to involve supporting a lot more inhouse tools, but that’s changed very dramatically. The inhouse market is dying in favor of cloud service providers for everything. As someone who used to do a lot of custom software development for local companies, it’s been a difficult transition to say the least. Now there’s way more work in supporting cloud services. As a software engineer working in IT, I wouldn’t say it was by choice.
I’m with you, although data flexibility and portability are great for customers, it goes against the model vendors are pushing. Vendor locking is all about removing choice and independence. Despite my opinions though I have more work migrating data into these vendor locked service providers than out of them.