Menu
The image shows a modern building with the Microsoft logo. The logo consists of four colored squares—red, green, blue, and yellow—forming a larger square beside the word "Microsoft" in white letters. The facade features glass windows and dark vertical panels.

Microsoft Admits U.S. Access Risk to EU Citizen Data

, , , , , , ,

Microsoft France’s legal director, Anton Carniaux, testified before the French Senate on June 10, 2025, acknowledging that the company cannot guarantee that data of French citizens stored in European Union datacenters is fully protected from access by U.S. authorities. Despite Microsoft’s technical safeguards, including encryption and data residency measures, U.S. laws such as the Cloud Act require American companies to comply with government requests for data, regardless of where it is stored. This admission challenges previous assurances given by Microsoft about the security and sovereignty of European data hosted on its platforms.

The Senate inquiry focused on the role of public procurement in advancing digital sovereignty, particularly highlighting concerns around the Health Data Hub platform, which uses Microsoft Azure to host sensitive French health data. Microsoft’s technical director for the public sector, Pierre Lagarde, explained that since January 2025, contractual guarantees have been in place to ensure European client data remains within the EU. However, the legal obligation to comply with valid U.S. government requests remains a critical vulnerability, raising questions about the effectiveness of these protections in safeguarding national sovereignty.

The hearing also revealed that French government contracts continue to favor American cloud providers despite the availability of European alternatives such as OVH and Scaleway. Procurement decisions involving contracts worth between €74 million and €152 million with Microsoft for educational software illustrate ongoing dependencies on foreign technology. These arrangements create risks related to extraterritorial legal frameworks and technological dependencies, undermining France’s digital sovereignty goals despite efforts to promote sovereign cloud solutions like the Bleu project.

This testimony highlights widespread challenges for European digital sovereignty, as other major U.S. cloud providers face similar legal obligations under the Cloud Act. European regulations, including the SREN law and GDPR, aim to mitigate these risks by encouraging migration to certified sovereign cloud providers. However, enforcement remains uneven and technical dependencies persist. The Senate inquiry signals a need for stronger implementation of existing rules and increased investment in European cloud infrastructure to reduce reliance on American technology and protect sensitive government data.

  • Save

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share via
Facebook
Twitter
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap