Microsoft admits: "I cannot guarantee that European 🇪🇺 data will never be transferred to the U.S. government 🇺🇸."
- Vincent Pollet
- Jul 24, 2025
- 1 min read
During a Senate hearing, Anton CARNIAUX, Legal Director of Microsoft France, acknowledged a reality often downplayed: the Cloud Act applies even to data hosted in European datacenters.
👉 If the parent company is American, U.S. law prevails.
⚖️ Why this matters:The Cloud Act allows U.S. authorities to request data held by any American provider, even if stored outside the United States.
✅ Practical solutions, even for SMEs:
🔹 Data Privacy Framework (DPF) (since 2023) governs data transfers to certified American companies (e.g., Microsoft, Google).
➡️ Companies must comply with strict EU rules.
✔️ U.S. authorities access data only with specific justification.
✔️ Recourse is possible in case of abuse.
🔹 For sensitive or critical data:
👉🇨🇭 Create a Microsoft Tenant outside the DPF (Switzerland, Norway, UAE…).
👉🏢 Internalize your data: secure internal infrastructure or certified sovereign host (HDS, ISO 27001, SecNumCloud…).
🎯 The CIO: key actor in compliance and IT strategy
These decisions aren’t just technical. A CIO (even part-time) helps you:
1️⃣ Translate constraints into tailored IT solutions,
2️⃣ Implement choices aligned with your business,
❓ And you? Executives, CFOs, legal teams:
🔍 Do you really know where your data goes?
✅ Does your infrastructure meet your standards?
💼 At 🟣 DSIACTIVE, we are 20 CIOs across France, ready to support your local, national, or international business.📌 The topic is complex, but solutions exist.
👉 Contact us for a diagnosis or enlightening discussion.
