Microsoft Promises to Keep European Cloud Data in Europe – Source: www.infosecurity-magazine.com

Microsoft has vowed to ensure that European cloud data will be stored and processed in Europe after announcing a package of ‘Sovereign Cloud’ solutions.

These solutions will ensure European customer data stays in Europe, helping with compliance and security requirements, the tech giant said.

Only Microsoft personnel based in Europe will have remote access to these systems.

The offering is designed to mitigate concerns that European cloud data and services may be subject to access or shut down demands from other regions, including the US.

In February 2025, US President Trump signed a memorandum pledging to prevent foreign governments and companies from “discriminating” against US companies.

The memorandum highlighted practices such as fines, practices and policies affecting US companies, with the UK and EU specifically referenced.

The latest announcement follows Microsoft unveiling plans in April to increase its European data center capacity by 40% over the next two years, including the introduction of sovereign and public cloud models tailored to European needs.

In a blog post about the April announcement, Microsoft President Brad Smith highlighted his commitment to protecting Europe from demands from foreign governments.

“In the unlikely event we are ever ordered by any government anywhere in the world to suspend or cease cloud operations in Europe, we are committing that Microsoft will promptly and vigorously contest such a measure using all legal avenues available, including by pursuing litigation in court,” Smith said.

What the New Microsoft Package Encompasses

The Microsoft Sovereign Cloud solution package, announced on June 16, covers both public and private cloud infrastructure.

It contains three pillars: Sovereign Public Cloud, Sovereign Private Cloud and National Partner Clouds.

Sovereign Public Cloud will be configured to meet specific regional needs without requiring migration to specialized data centers. It is set to be made generally available in all European cloud regions later in 2025.

Sovereign Public Cloud also adds a feature called Data Guardian, which will ensure all remote access by Microsoft engineers to systems that store and process data in Europe is approved and monitored by European resident personnel in real time.

The solution also offers customers control of encryption, by allowing them to connect Azure to keys stored on their own Hardware Security Module (HSM) on-premises or hosted by a trusted third party.

The Sovereign Private Cloud solution will deliver Microsoft cloud services in customer locations, enabling organizations to meet specific data residency and sovereignty requirements.

This will include core Azure capabilities, such as compute, storage, networking and virtualization services.

This solution will also be available later this year.

National Partner Clouds have been made available in France and Germany, providing local ownership isolated infrastructure for public sector and critical services.

European Sovereignty Commitment Questioned

Commenting on the new Microsoft announcement, Benjamin Schilz, CEO of European digital workspace platform Wire, questioned whether the solutions would be able to protect European cloud data and services from foreign governments.

“It’s not a question of intentions but the hard reality that any US software company can and will be legally compelled to surveil or even perform arbitrary denial of service. Microsoft’s source code is not open. Given the legal realities, there is nothing preventing the US government from, for example, demanding that Microsoft insert backdoors that capture encryption keys, customer data and metadata,” he noted.