On June 10, 2025, Microsoft France's legal director, Anton Carniaux, testified before the French Senate inquiry commission on public procurement and digital sovereignty. When asked if he could guarantee that French citizens' data stored in Microsoft's EU data centers would not be accessed by U.S. authorities without explicit French consent, Carniaux responded: "No, I cannot guarantee it." (senat.fr)
This admission underscores the implications of the U.S. CLOUD Act, enacted in 2018, which allows American authorities to compel U.S.-based companies to provide data stored anywhere globally, regardless of local privacy laws. Despite Microsoft's efforts to implement technical safeguards and data localization strategies, the company remains legally obligated to comply with valid U.S. government requests. (csis.org)
The testimony has intensified concerns about Europe's digital sovereignty and the reliance on U.S. tech giants for critical infrastructure. European policymakers are now reevaluating their data protection strategies and considering the development of indigenous cloud solutions to mitigate the risks associated with extraterritorial data access. (ft.com)
In response to these challenges, Microsoft has announced new commitments to Europe, including contesting any non-European government orders that would interfere with cloud services and expanding its data center capacity within the continent. However, the effectiveness of these measures in ensuring data sovereignty remains a subject of ongoing debate. (ft.com)
The situation highlights the complex interplay between global tech companies, national laws, and international data privacy concerns, prompting a broader discussion on the future of data governance and the need for robust, sovereign digital infrastructures in Europe.
Source: ActuIA Sensitive Data and Cloud Act: Microsoft France Admits It Cannot Oppose an American Injunction
