Sunday, November 9, 2025
Latest:

Threatshub.org sponsored-Post

The Register

Microsoft’s data sovereignty: Now with extra sovereignty!

TH Author

Microsoft is again banging the data sovereignty drum in Europe, months after admitting in a French court it couldn’t guarantee that data will not be transmitted to the US government when it is legally required to do so.

Under the CLOUD Act, US authorities can compel access to information held by American cloud providers irrespective of where in the world that data is housed. Although Microsoft says it has published transparency reports and no European customers, private or public, were yet the subject of any requests, the threat of the law remains and this is making some nervous.

Shutterstock pickpocket

When hyperscalers can’t safeguard one nation’s data from another, dark clouds are ahead

READ MORE

Since President Donald Trump came to power for a second time in January, Microsoft has itself admitted that geopolitical relations between the US and Europe have become volatile, and it has sought to calm jittery customers by outlining measures to harden data sovereignty.

Google has also adopted this strategy, and AWS is getting ready to launch services by year end.

Against this backdrop, Microsoft this week talked up new features. The latest play is unsurprisingly heavy on AI – end-to-end AI data processing can happen in Europe as part of the EU Data Boundary, and in-country processing for Microsoft 365 Copilot interactions is set for 15 countries, although only four – the UK, Australia, India, and Japan – will have the option by the end of 2025.

The rest, including Germany, Sweden, the United Arab Emirates, and South Africa, will follow in 2026.

In addition, Microsoft is increasing the scale of Azure Local (formerly Azure Stack HCI) from 16 physical servers to “hundreds” and adding Storage Area Network (SAN) support. The latter means that organizations can use existing on-premises storage. This also acknowledges that 16 physical servers are insufficient to meet the growing needs of a sovereign private cloud.

General Availability of Microsoft 365 Local was confirmed, which brings Exchange Server, SharePoint Server, and Skype for Business Server to Azure Local. However, these have to be deployed in a connected mode because a disconnected option for full isolation won’t be available until early 2026.

The growing mistrust of US hyperscalers in Europe is palpable. Sources told The Reg that data sovereignty is now among primary questions salespeople at the big three – Microsoft, AWS and Google – receive when in conversation with European customers. Lobbyists and members of the tech community in the region continue to press the European Commission to fund a sovereign infrastructure.

Data sovereignty is not new. For years organizations have managed compliance issues which meant their data should not leave a country or the EU. However, it has been amplified across the wider market since Trump 2.0.

The latest effort by Microsoft follows the launch of the EU Data Boundary. In June, Microsoft revealed a set of “sovereignty solutions” comprising options in the public cloud, private cloud, or national partner clouds (operators independent from Microsoft).

Microsoft isn’t alone. Google has updated its sovereign cloud services, including a Cloud Airgapped solution. And AWS attempted to assuage customer fears by announcing the establishment of an EU-based cloud unit.

Thierry Carrez, general manager, OpenInfra Foundation, told The Register: “Right now the digital sovereignty concerns are at an all-time-high in Europe. As a result, US hyperscalers like Microsoft are trying to find a mix of technical solutions and legal engineering to isolate their EU products from potential demands from the US government (including but not limited to the CLOUD act).

“This is a positive development, but whether that mix will prove sufficient is unsure and untested.”

Mark Boost, CEO of UK-based cloud provider, Civo, told The Register, “Microsoft’s latest sovereign cloud announcement highlights how blurred the language around ‘sovereignty’ has become. While adding local processing and new regional AI capabilities sounds positive, this is really about data residency, not true sovereignty.

“You can put a data centre in Paris or London,” he said, “but if the company is still governed by US law, the data ultimately sits under US jurisdiction.”

Frank Karlitschek, CEO and founder of Nextcloud, branded Microsoft’s latest efforts as “sovereignty washing.” He said, “In Europe, sovereignty means the absence of strong dependencies on overseas third parties. The sovereign cloud from Microsoft does not deliver that.

“Only open source software,” he said, “prevents dependencies on individual providers and allows independent security audits.”

European tech firms have obvious skin in the game, and want to loosen the stranglehold that Microsoft and AWS have on the region’s cloud market. With Trump in power for many more years, they have time yet to convince customers of the benefits of buying local. ®

READ MORE HERE