Microsoft, Google, and AWS recently published “sovereign clouds” - aiming to reassure European customers they have control over their data.
But this is nothing more than an illusion – one could say a Trojan Horse at Europe’s digital gates.
Despite their marketing, these providers remain US companies. That means they are subject to the CLOUD Act, which obliges them to hand over data to US authorities. It does not matter whether the servers are in Frankfurt, Paris, or Brussels – European data can be sent to the US at any time, without a court order, and without informing affected customers.
Even advanced technical safeguards can’t change this legal fact. The promised control is a dangerous illusion.
Digital sovereignty doesn’t come from shiny new product names such as these “sovereign clouds”.
Digital sovereignty comes from full legal and technical control. Everything else is nothing more than sovereign washing. Fortunately, Europe has great solutions already.
Microsoft launched its “European Cloud Principles”, later renamed “European Digital Sovereignty Commitments”, promising to build trust through local control, transparency, and data residency. Amazon, Google, and Salesforce followed suit with their own “sovereign” branding — each assuring European governments and businesses that their clouds were safe, shielded, and separate.
In early June, Anton Carniaux, General Manager of Microsoft France, testified under oath before the French Senate (transcript (FR), video (FR), media coverage (DE)) that he cannot guarantee that data belonging to French citizens, even when hosted by Microsoft under a government procurement agreement (UGAP), wouldn’t be handed over to foreign authorities without the French government’s consent.
This directly contradicts Microsoft’s “European Digital Sovereignty” campaign and calls into question the credibility of its public messaging. Critics already pointed out these “sovereign washing” attempts were meaningless, and clearly, under oath, Microsoft admits as much.
Meanwhile, a report by CloudComputing-Insider (DE) quotes representatives from multiple US hyperscalers, including AWS, Microsoft, Google, and Salesforce, saying they would hand over European customer data to US authorities if required by a court order.
Kevin Miller, AWS’s VP of Global Data Centres, was particularly clear (DE): he said he could not guarantee that data from a German SME wouldn’t be disclosed to US authorities.
US tech giants are happy to promise digital sovereignty in glossy whitepapers, marketing videos, and conference keynotes. But when questioned under oath, or asked directly about real legal obligations, they admit the truth: they can’t protect your data from the US government, not even if it’s stored in Europe, or if they say it’s “sovereign.”
But this is nothing more than an illusion – one could say a Trojan Horse at Europe’s digital gates.
Digital sovereignty doesn’t come from shiny new product names such as these “sovereign clouds”.
Digital sovereignty comes from full legal and technical control. Everything else is nothing more than sovereign washing. Fortunately, Europe has great solutions already.
Read the full article: "Sovereign cloud" or "sovereign washing"? A Trojan Horse at Europe's digital gates. | Tuta