Topic analysis

EU weighs restricting use of US cloud platforms to process sensitive gov data

The European Union is considering rules that would restrict its member governments’ use of U.S. cloud providers to handle sensitive data, sources familiar with the talks told CNBC. The fact that this has only just become a possible reality now, and not decades ago, is beyond me, but better late than never, I suppose. The Americans voted en masse (not voting is a vote for the winner!) for Trump twice, and there’s no indication they won’t vote for such an anti-Europe basket case again. Their opinions and attitudes towards Europeans are clear: they dislike us deeply, and after the last few years, there’s no going back. Violating trust is easy; restoring it takes decades. Relying on the Americans for our digital infrastructure is, therefore, a monumentally stupid and self-defeating idea. Of course, many members states are addicted to the cloud services from Google, Microsoft, and Amazon, so there’s going to be many individual member states who simply won’t reduce their dependency on the Americans of their own volition. My own country of origin, The Netherlands, only recently signed off on the sale of its government ID services company and associated personal data to an American company, despite the vast majority of the Dutch House of Representatives telling them not to. As such, it makes sense for the EU to step in and simply making it illegal to hand over sensitive data to the Americans. Of course, we’ve got a long way to go, and I’m sure many of any possible proposed restrictions will be watered down considerably by pressure form major member states. Addiction is a harsh disease. Follow me on Mastodon @ [email protected] EU already had “data nativity” for cloud operations for maybe a decade. It started with Microsoft, and I believe others have it as well. Long story short, Microsoft does not own the Azure datacenters they use in EU, but it is a third party that is specifically built for this purpose. They later modified this… but most of the main idea stays. So… any user data that resides on those will not be subject to US jurisdiction, but the EU one. So… I’m not sure why EU is up in arms about this one. Are they wanting to also economically sever from likes of Microsoft? And then I’d say “good luck”, since they cannot get the same service, and actual privacy and security at the same cost levels from any EU native provider. If a EU company were to have its data in Microsoft Cloud, on EU soil, as per the rules; do you really think that makes them any less vulnerable to a US-operated killswitch in the software that allows access to it ? Same for Google and Amazon of course. The US says Huawei is not to be trusted but the same applies here, even if the data is on our soil. It’s long overdue for us to grow up. If a EU company were to have its data in Microsoft Cloud, on EU soil, as per the rules; do you really think that makes them any less vulnerable to a US-operated killswitch in the software that allows access to it ? “Killswitch” seems like the wrong word to use for privacy issues. Obviously MS could create a “backdoor”, but they probably don’t even need one because they already control the front door. Also, the US government “legally” snoops in other countries under the “Five Eyes” alliance. Although they would deny it, they were caught red handed violating the laws of US and other countries behind the scenes and nobody ever faced consequences. https://en.wikipedia.org/wiki/Five_Eyes The Five Eyes (FVEY) is an Anglosphere intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States.[1] These countries are party to the multilateral UKUSA Agreement, a treaty for joint cooperation in signals intelligence … The alliance’s activities, often shrouded in secrecy, have occasionally come under scrutiny for their implications on privacy and civil liberties, sparking debates and legal challenges. In the late 1990s, the existence of ECHELON was disclosed to the public, triggering a debate in the European Parliament and, to a lesser extent, the United States Congress and British Parliament. Former NSA contractor Edward Snowden described the Five Eyes as a “supra-national intelligence organisation that does not answer to the known laws of its own countries”.[10] Disclosures in the 2010s revealed FVEY was spying on one another’s citizens and sharing the collected information with each other, although the FVEY nations maintain this was done legally The government’s response tends to be “let’s cover our tracks better and make examples of the whistleblowers”. I don’t think they ever really intend to stop. Microsoft and others have taken out cloud services by not updating a certificate…. I’m sure they have smarter ways too! “So… any user data that resides on those will not be subject to US jurisdiction, but the EU one.” No. https://www.forbes.com/sites/emmawoollacott/2025/07/22/microsoft-cant-keep-eu-data-safe-from-us-authorities/ Precisely. No. This is also a concern for Canadian data on Canadian soil but housed in US-owned data centres. Thanks for including a link that I can bookmark. Relying on the Americans for our digital infrastructure is, therefore, a monumentally stupid and self-defeating idea. Not just “digital infrastructure”, but that’s another problem. The USA will invoke their “extraterritoriality” whenever it suits they/them, like they do with money if dollar is in jeopardy. Like remotely disabling the F35 bought by their “allies”. And listening/spying on the French President or German Chancellor… Just don’t think it was qny better under Obama/Biden because they are “democrats”, it was just tasting sweeter yet it was still a bitter deal. They always thought they rule the World, imposing their technologies like in the Marshall plan, so that we don’t develop ours and/or don’t rely on USSR/communist technologies. That’s our world… Meanwhile the EU requires citizens to have a Google/Apple account and certified Android/iOS device to be able to use the upcoming EU age verification and digital ID apps. Users of degoogled Android, Linux phones, or dumbphones (PC only) will not be excluded. The problem with cloud platform dependence is that the next generation if IT engineers have fallen again for vendor lockin trap and its no longer matter if raw HW availability but tangled web of various solutions built on top of services of Amazon, Microsoft and Google with no clear standard to mediate between them and any prospective EU hosted equivalent. The end game will likely be some “sealed” offering from one of those. The problem with cloud platform dependence is that the next generation if IT engineers have fallen again for vendor lockin trap I don’t think it’s the “IT engineers” so much as it is the managers and executives. Most often the sales pitch involves spending less on IT staff. IT used to involve supporting a lot more inhouse tools, but that’s changed very dramatically. The inhouse market is dying in favor of cloud service providers for everything. As someone who used to do a lot of custom software development for local companies, it’s been a difficult transition to say the least. Now there’s way more work in supporting cloud services. As a software engineer working in IT, I wouldn’t say it was by choice. and its no longer matter if raw HW availability but tangled web of various solutions built on top of services of Amazon, Microsoft and Google with no clear standard to mediate between them and any prospective EU hosted equivalent I’m with you, although data flexibility and portability are great for customers, it goes against the model vendors are pushing. Vendor locking is all about removing choice and independence. Despite my opinions though I have more work migrating data into these vendor locked service providers than out of them. You must be logged in to post a comment.