Digital sovereignty: Microsoft finalizes EU data border for cloud services

Microsoft has finalized the EU data border for its cloud services. This is a voluntary commitment by Microsoft to only store and process customer data and personal data within the EU and EFTA. Microsoft promises pseudonymization and encrypted storage for personal data, for example in log files or as part of consulting services. According to the company, data will not be exchanged with data centers outside these borders.

With the completion of the final project phase, professional service data, such as logs and support data, will now also remain within the EU and the European Free Trade Association (EFTA). The cloud services Microsoft 365, Dynamics 365, Power Platform and parts of Microsoft Azure are within the data boundary. However, the Group also provides for exceptions.

Data does not always remain in the EU

One exception to the EU data border includes data from individual Azure services, for which customers must first conclude a corresponding agreement with Microsoft. In addition, the company reserves the right to transfer data from the EU and EFTA to any data center worldwide if it deems it necessary for cybersecurity investigations. Microsoft merely lists individual scenarios, but does not specify any criteria that would make a transfer outside the EU data border necessary.

Microsoft began setting up the EU data border two years ago. Initially, it only included customer data. A short time later, the company also stored and processed personal data within the EU and EFTA. Other cloud providers are also currently working on purely European services. For example, AWS plans to open the first part of its sovereign EU cloud at the end of the year, with a data center in Brandenburg.

(sfe)