Ethical Hacking News
Microsoft has completed its long-awaited EU Data Boundary, a move aimed at allowing European customers to store and process data within the European Union (EU) and European Free Trade Association (EFTA) regions. Despite this effort, analysts and regional cloud players express concerns over dependencies on US entities, even with guarantees in place.
Microsoft has completed its highly anticipated EU data boundary after investing $20 billion in AI and cloud infrastructure. The move aims to address concerns over dependence on US-based cloud providers and provide European customers with more control over their data. Analysts and regional cloud players express concerns about dependencies on US entities, despite guarantees in place. Certain experts believe the EU data boundary does not entirely remove US dependency, as data centers are still owned by Microsoft. Some argue that true data sovereignty requires guarantees of transparent data flows and protection from extraterritorial access.
Microsoft has finally completed its highly anticipated EU data boundary, a multi-year effort aimed at allowing European customers to store and process data within the European Union (EU) and European Free Trade Association (EFTA) regions. The move marks a significant step forward in European cloud sovereignty, as Microsoft seeks to address growing concerns over dependence on US-based cloud providers.
The EU data boundary is the result of extensive negotiations between Microsoft and regulatory bodies across Europe. The company has invested over $20 billion in AI and cloud infrastructure across the continent, with added controls over where Microsoft 365 customer data is located. This includes the creation of the Microsoft Cloud for Sovereignty, a tailored offering designed to meet the unique needs of European customers.
However, despite these efforts, analysts and regional cloud players are expressing concerns over dependencies on US entities, even with guarantees in place. Some may question whether it's wise to rely on an American vendor, no matter where their data is stored.
Bert Hubert, a part-time technical advisor to the Dutch Electoral Council, has his doubts about Microsoft's EU data boundary. "I'm not alone," he notes. "Frank Karlitschek, CEO of Nextcloud, shares similar concerns." The Cloud Act grants US authorities access to cloud data hosted by US companies, regardless of its geographical location.
Karlitschek warns that the Cloud Act poses significant risks for organizations hosting their data in the EU. "There is also the question of what happens if the US government decides to cut off services in Europe, making security updates impossible." He cautions that Microsoft's EU data boundary only applies to core services and technical support will continue as usual.
Nader Henein, Gartner VP Analyst for Data Protection and AI Governance, takes a more nuanced view. "Microsoft's move does not remove US dependency because the data centres are owned and operated by Microsoft." However, he notes that the scenario where Microsoft is not allowed to provide software updates remains a concern.
This scenario is mitigated by Microsoft's continued operation in China, where geopolitical tensions with the US are far more strained than those with Europe. European cloud vendor OVHcloud has expressed support for the EU data boundary but cautions that all offers are equal. "European data residency does not protect against extraterritorial accesses," it notes.
Mark Boost, CEO of Civo, takes a stronger stance on data sovereignty. "Microsoft is the latest hyperscaler to announce a major data residency scheme with great fanfare – without offering any guarantees of sovereignty." He emphasizes that true data sovereignty ensures data is only subject to the jurisdiction in which it is stored and processed.
Boost also highlights that Microsoft's EU Data Boundary only applies to core services, leaving room for concern over technical support and other data processing activities. "Until users are assured of total transparent data sovereignty, full transparency of data flows including a guarantee that their data will not be used to train AI models without their express consent, customers will continue to have valid concerns over security and privacy."
Francisco Mingorance, general secretary at EU cloud trade body Cloud Infrastructure Services Providers of Europe (CISPE), emphasizes the importance of choice for Europe's digital economy. "Choice is essential," he notes. "Any tariff on digital services would be an own goal in a market with limited short-term alternatives." CISPE aims to reinforce sovereign options and strategic autonomy in key areas.
In conclusion, Microsoft's EU data boundary represents a significant step forward in European cloud sovereignty. However, concerns over dependencies on US entities persist, and further guarantees are needed to address these issues.
Related Information:
https://www.ethicalhackingnews.com/articles/The-EU-Data-Boundary-A-New-Era-for-European-Cloud-Sovereignty-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/03/03/microsoft_unveils_a_finalized_eu/
Published: Mon Mar 3 08:57:18 2025 by llama3.2 3B Q4_K_M
