Microsoft’s EU Sovereign Cloud initiative is Complete

Microsoft claims to have finished a multi-year effort that would enable its cloud services users in Europe to store and process data within the EU. According to Microsoft Corporation, it has improved its cloud infrastructure to enable EU clients to store and handle personal data within the EU.

According to Microsoft, a statement released by the Seattle-based business on the EU Data Boundary for the Microsoft Cloud project started on January 11, 2023, continued for two more years, and was completed this February. After it is finished, European clients can store and process data for Microsoft core cloud services in the EU and European Free Trade Association (EFTA) territories, such as Dynamics 365, Power Platform, Microsoft 365, and the majority of Azure services.

Similar to the EU Data Boundary, an increasing number of cloud providers and IT giants offer European data residency plans. These assist clients in adhering to local privacy and data protection requirements in Europe, such as the GDPR, the Federal Data Protection Act of Germany, and the data protection rules of the United Kingdom. The actual location of an organization’s data as well as the local regulations and policies that apply to it are referred to as data residency.

Microsoft claims that customer information and “pseudonymized” personal information are handled and kept in data centres situated in EU or EFTA member states for cloud services covered by the EU Data Boundary. Data that is sent to Microsoft, such as specific log data, is referred to as “professional services data” and is kept at rest.

According to Microsoft, clients may need to get a professional services data storage commitment for some Azure services. The criteria are listed on this page.

issues regarding Microsoft’s handling of cloud service customers’ data have been raised by EU authorities for years. These issues include unclear language in Microsoft’s cloud service contracts and the company’s assertions of legal justification for data processing. To be fair, there are other targets besides Microsoft. Ireland’s data protection watchdog fined Meta $1.3 billion in May 2023 for transferring data to the United States.

The EU and the US agreed on a new “Data Privacy Framework” in July 2023, which permits data transfers if specific privacy assurances and measures are in place. Nevertheless, Microsoft last year declared its intention to retain all personal data belonging to European cloud users within the EU.

Regulators in the EU have been putting more and more pressure on multinational computer firms to offer so-called sovereign cloud services, which guarantee that personal data is handled and kept locally. 

Its EU Data Boundary service, according to Microsoft, goes “beyond European compliance requirements.” Businesses must adhere to a number of safeguarding obligations under the bloc’s General Data Protection Regulation, even if it permits them to transmit personal data outside of the EU.

It comes after Oracle and AWS made similar declarations about sovereign clouds.