Europe's Quiet Revolt Against US Cloud: Governments Phase Out Microsoft and AWS Over Data Sovereignty Concerns

Summary

European governments are systematically rejecting US cloud services over data sovereignty concerns amplified by geopolitical tensions and the US CLOUD Act. Switzerland's data protection authorities declared Microsoft 365 unlawful for most public sector sensitive data, Schleswig-Holstein is removing Microsoft from 30,000 civil servants' workstations, Denmark announced plans to be Microsoft-free by autumn, and Copenhagen and Aarhus have already begun migrations. The shift represents a fundamental recalculation of risk: while US cloud services like Microsoft 365 and AWS offer superior functionality and low training costs, the CLOUD Act's legal mechanism—allowing US authorities to compel access to data regardless of server location—has become politically unacceptable amid deteriorating US-EU relations and explicit espionage concerns. The migration poses a painful dilemma: robust alternatives like LibreOffice lack seamless compatibility with Microsoft products, causing previous migration attempts (Munich, 2017) to reverse due to user resistance and interoperability problems. Additionally, end-to-end encryption cannot resolve the CLOUD Act problem since cloud services require server-side data access for essential features like search, collaboration, and AI processing.

• True end-to-end encryption cannot solve the CLOUD Act problem because cloud services require plaintext data access to provide search, collaboration, and AI-powered functionality