Microsoft has admitted that it “cannot guarantee” data sovereignty for customers in France and the wider European Union, raising concerns about the US government’s ability to access customer information held on its servers.
The company’s director of public and legal affairs, Anton Carniaux, made the statement during a French Senate inquiry into public procurement and digital sovereignty. Microsoft has contractual commitments with clients to resist unfounded data requests from authorities, including those from the US government under the Cloud Act.
Carniaux said that Microsoft uses a rigorous system to analyze and reject unfounded requests, and if necessary, redirects the request to the client. In rare cases, he admitted that the company may be compelled to transmit data if it is well-framed and justified.
The Cloud Act gives the US government authority to obtain digital data held by US-based tech corporations, regardless of where it is stored. Microsoft has not received data requests from the US government for data held on its servers in Europe, but Carniaux’s statement suggests that this could change.
European cloud providers have raised concerns about the potential data sovereignty issue, with some calling for a shift towards building homegrown solutions to support true data sovereignty rather than just data residency. Microsoft and other major players are working to address these concerns, including by announcing plans to build more datacenters in Europe.
However, mistrust of the Trump administration remains in Europe, and worries persist about the impact on national security, personal privacy, and business competitiveness. The French Senate’s scrutiny of Microsoft highlights the need for greater transparency and clarity on data sovereignty issues.
Source: https://www.theregister.com/2025/07/25/microsoft_admits_it_cannot_guarantee