EU May Limit US Cloud Providers’ Access to Classified Government Data
The European Commission’s upcoming Tech Sovereignty Package on May 27 would impose strict limits on US-based cloud providers handling EU classified public-sector data. Microsoft Azure, AWS and Google Cloud could face new certification requirements and data localization mandates driven by Cloud Act concerns and US-EU political tensions.
1. EU Tech Sovereignty Package Details
The European Commission will present the Tech Sovereignty Package on May 27, aiming to bolster digital autonomy across member states. Among the proposals are rules to restrict foreign cloud providers from processing sensitive or classified public-sector information without specific EU certification and compliance with data localization mandates.
2. Proposed Restrictions on US Cloud Providers
The plan targets US-based services such as Microsoft Azure, AWS and Google Cloud by imposing certification requirements and local data storage obligations for EU government workloads. These measures respond to concerns over the US Cloud Act and heightened US-EU political tensions, ensuring that sensitive data remains under tighter EU control.
3. Implications for Microsoft Azure and Competitors
Microsoft’s cloud business could face increased operational costs and delays as Azure seeks EU certifications and adapts infrastructure for localized data centers. AWS and Google Cloud may also adjust pricing and service offerings for public-sector clients, potentially reshaping competitive dynamics within the European cloud market.