Anyone who knows what is behind the term US CLOUD Act can understand it: A growing number of European companies are striving for more sovereignty. And that's for good reasons of data protection. The US CLOUD Act (Clarifying Lawful Overseas Use of Data Act) allows US authorities to access customer data from US companies — such as Microsoft 365 or Dropbox. The crux of the matter is that this can be done regardless of where the data is physically located. Even if the data is stored on servers in Germany, it is not safe from access by US authorities, provided that the company offering the storage service is headquartered in the USA. This applies even if it is a US parent company of a German company.
As a result of the conflict situation in the USA, even apolitical entrepreneurs and managers are currently increasingly asking themselves the question of how dependent European companies should be on the United States. And it seems like the risks are getting bigger.
However, dependence on US technologies does not only have legal consequences. In the worst case scenario, access to critical IT infrastructures could even be restricted or even blocked in times of geopolitical tensions. A prominent example is Starlink. Admittedly, an extreme case, but the US government's current foreign policy stance is causing concern among many companies. In Europe in particular, the search for alternatives arising from supposedly precarious dependency is therefore beginning in many places.
More independence makes sense, particularly in the area of cloud service providers — and not just since Donald Trump's second term in office. Because the legal situation has been questionable since 2018 due to the US Cloud Act. A sovereign cloud from Europe, or even better from Germany, can help take a big step towards independence. At the same time, it strengthens data protection and increases profitability. Let's look at the reasons why.
That is why the US CLOUD Act is highly questionable under data protection law
It makes sense not to tie yourself too heavily to US providers and instead to rely on European or even German alternatives to Dropbox, Google Drive and SharePoint. One thing is clear: The IT infrastructure in Europe is still heavily dominated by providers such as Microsoft, Google and Amazon. These companies are subject to the US CLOUD Act (Clarifying Lawful Overseas Use of Data Act), which allows American authorities to access data stored on servers from US providers. Regardless of where they are physically located.
Sovereign cloud against access by US authorities
Because the CLOUD Act states that American cloud providers such as Dropbox or Google are required to hand over data from German customers, for example, to US authorities, even if they are stored on servers in Germany. From a data protection perspective, this fact is extremely questionable. Even cloud providers based in Germany are required to surrender if the parent company is based in the USA. There is only one way out of this dependency sovereign cloud from Europe.
A sovereign cloud is independent of US jurisdiction and therefore comes from a provider whose headquarters and data centers are located in Europe. As a result, his business activities in Europe are not subject to US case law. Data stored in such a sovereign cloud follows European data protection regulations. The German and European data protection regulations are among the strictest in the world and therefore ensure predictability and legal certainty.
A sovereign cloud thus excludes any legal backdoor abroad and ensures secure and independent data exchange. Ideally, both the company headquarters and the data centers are located in Germany. By the way, this is also in line with the wishes of most German companies interested in cloud solutions. According to the Bitkom study Cloud Report 2024 99 percent of the companies surveyed prefer a German location. However, two thirds do not know what a sovereign cloud is — i.e. exactly the type of cloud that can meet their wishes and needs.
Sovereign EFSS cloud: security and control
EFSS (Enterprise File Sync & Share) is an important playing field in the area of privacy-relevant cloud services. A European productivity cloud in the area of EFSS offers a real alternative to US services such as Dropbox and box.com, is operated locally in Europe and thus fully complies with European data protection laws.
Enterprise File Sync & Share allows (ideally encrypted) data exchange with internal and external partners. Typically, advanced solutions allow extensive and easy-to-use authorization settings. Depending on the provider, additional services are also possible, such as fully integrated and legally compliant electronic signatures or even an online office suite.
Benefits of a sovereign EFSS cloud solution
Data security and sovereignty: European cloud providers are exclusively subject to local and EU-wide harmonized data protection regulations. Data is stored and processed on servers within Europe.
Independence: By using a European solution, dependency on US companies is reduced. This strengthens economic sovereignty.
Availability and resilience: European cloud infrastructures can be designed in such a way that they are crisis-resistant and protected against geopolitical risks.
Innovation funding: The development and use of a European cloud strengthens the local IT industry and creates jobs in the region.
Use cases of an EFSS productivity cloud
A sovereign EFSS productivity cloud is versatile and can be used in numerous areas:
companies: Collaboration platforms that enable secure data exchange and teamwork within and between departments without transmitting data to the USA.
Authorities: Secure exchange of sensitive information between ministries, without dependence on foreign providers.
Health care: Cloud solutions that protect patient data and at the same time promote efficient collaboration between clinics, for example.
European alternatives to US cloud providers: offerings are growing
A trustworthy and transparent data infrastructure for Europe is becoming increasingly important in corporate strategy. This is not only about technical development, but also about legal certainty and predictability.
Companies such as Scaleway from France, Deutsche Telekom and SecureCloud play an important role in providing European alternatives in various areas of cloud infrastructure. Basically, good providers compete directly with US services in terms of functionality and usability and often have a clear competitive advantage when it comes to security.
Digitalization offers enormous opportunities, but also involves risks — especially when the legal situation has an impact on critical data infrastructures. A sovereign EFSS productivity cloud is a decisive step towards strengthening the digital independence of Europe as a location. It gives companies, authorities and citizens back control of their data and ensures that European values such as data protection and privacy are maintained in the digital space.
Interessiert Sie die souveräne Cloud?
Unsere Experten erklären Ihnen gerne mehr.
