Breaking news

Digital sovereignty - a trend in Europe, sparked by Microsoft.

In the EU, digital sovereignty is trending. Businesses and authorities are starting to adopt sovereign solutions from Europe.

Digital sovereignty in Europe is trending - now more than ever!

Digital sovereignty in Europe can't be bought from American services - not even if businesses choose to use so called "sovereign clouds" from Microsoft, Google or Amazon. Now, Microsoft's lawyer in France confirmed that their datacenters in Europe can be accessed by the U.S. government - without notifying European authorities. It's time for any business committed to data protection to stop falling for the marketing lies of Big Tech and choose European services.

This questioning of the Microsoft lawyer in the French Senate took place on June 11th, 2025. Under oath, Microsoft’s legal chief for France, M. Anton Carniaux, admitted he cannot guarantee that data of French citizens and businesses stored in Microsoft datacenters - even if located in Europe - is safe from the U.S. silently accessing the data. This statement confirms that American tech providers with their “sovereign cloud” offerings are doing nothing but “Sovereign Washing”.

Watch the statement of M. Anton Carniaux on YouTube (French).

Interestingly enough, this statement came shortly after another sovereignty wake-up call: The Chief Prosecutor of the International Criminal Court (ICC), a court based in The Hague and central to Europe’s upholding of human rights, suddenly found that his email account was shut down. The service provider? Microsoft. The reason? Mr. Trump. In February, Trump sanctioned International Criminal Court (ICC) for issuing arrest warrants for Israeli Prime Minister Benjamin Netanyahu and his former defense minister, Yoav Gallant. The court argued that the Israeli politicians have committed war crimes by restricting humanitarian aid in Gaza amid the war against Hamas, thus, harming civilians.

Israeli officials denied all charges, and, consequently, US President Donald Trump issued sanctions against the ICC saying that the court had committed “illegitimate and baseless actions targeting America and our close ally Israel”. Trump also called the warrants “baseless arrest warrants”.

Following these sanctions, the ICC has found itself faced with several issues:

  • The chief prosecutor, Karim Khan, has lost access to his email; his bank accounts were frozen.
  • American employees of the court risk arrest when traveling to the U.S.

Due to the blocking of Khan’s Microsoft email account, the court is facing severe issues in its day-to-day work.

Microsoft blocked email account based on U.S. sanction

Microsoft sperrte Khans E-Mail-Konto. Microsoft sperrte Khans E-Mail-Konto. Microsoft shut down Khan’s email account.

The blocking of Khan’s Microsoft email account took place because of an executive order signed by Trump which the U.S.-based company – Microsoft – fulfilled. This gets even more explosive when one considers that Microsoft - even if it wanted to - had to obey this order because of the legal and political situation.

The Open-Source Business Alliance (OSBA) told Heise that it considers Microsoft’s actions to be “unprecedented in this context and with this impact”, and that this incident proves that Europe needs digital sovereignty by choosing European-based tech services over U.S.-based Big Tech.

”This must be a wake-up call for all those responsible for the secure availability of state and private IT and communication infrastructures. … We cannot rely on companies that are not under our jurisdiction.”

Wake-up call for digital sovereignty

These incidents, indeed, are a wake-up call for digital sovereignty.

U.S. sanctions – unrelated to Europe and imposed by a foreign power – led to the shutdown of the digital communication of a leading public figure, the Chief Prosecutor of the International Criminal Court. Plus, a Microsoft lawyer swore under oath that data of Europeans can not be protected from U.S. access, even if Microsoft stores the data in its European data centers.

This marks a clear turning point in Europe’s relationship with foreign technology providers. If key figures in international law can be digitally silenced by a company subject to U.S. law, what does that say about our control – or lack thereof – over the very digital foundations we rely on? If U.S.-based services can not protect European data from access by U.S. authorities, what does that say about our security and data protection?

For years, European institutions have relied on a false promise of security and data protection by Silicon Valley tech giants. Cloud providers like Microsoft, Amazon, and Google have repeatedly assured us that they respect European law, have built data centers within EU borders, and have pledged to comply with the GDPR. While at the same time Microsoft’s New Outlook uploads all data, including passwords, into the cloud, Microsoft’s Office 365 has been declared illegal for German schools because of data protection issues, and Denmark has banned Gmail from schools due to privacy concerns based on the GDPR. And these are just a few examples.

Jurisdiction trumps everything

Die Zuständigkeit ist wichtiger, als wir bisher dachten: Europäische Behörden sollten sich an europäische technische Dienste halten. Die Zuständigkeit ist wichtiger, als wir bisher dachten: Europäische Behörden sollten sich an europäische technische Dienste halten. Jurisdiction matters more than we used to think: European authorities should stick to European tech services.

In the light of all this, the confession by the Microsoft lawyer and the ICC incident have just put the final nail in the coffin. It reveals a deeper truth, one that Europeans must start acting upon!

Jurisdiction trumps geography. It doesn’t matter if your servers are in Frankfurt, Rome, or Paris – if your provider is subject to foreign law, so is your data.

And this must be included in every worst case scenarios of every business and every authority. The question is obvious: Is my data secure and protected – not just from external threats like malicious attackers, but also from internal threats stemming from the company hosting your data?

If political decisions made thousands of kilometers away can have immediate and severe consequences on European digital communications and European data, this poses a huge risk. One that you should not be taking. And with the recent Microsoft incident, it’s no longer a theoretical threat. That is exactly what just happened.

Dependency is a threat

Let’s imagine this was not about email, but about the energy sector.

Would Europe ever hand over control of its national power grids to foreign companies bound by non-European law? Would we trust a foreign supplier’s guarantee for 99.999% uptime (which is the standard uptime SLA agreement of cloud providers) while at the same time a foreign power could force them anytime to cut Europe’s power?

Of course not.

Yet this is how we’re managing our digital infrastructure in Europe.

We are blind to the risks, and much too trusting of American tech providers. Cloud platforms, communication tools, and email providers are core services that run our governments, schools, hospitals, and courts. And in most cases, European institutions have chosen American providers - while great email alternatives for businesses exist.

Europe has the services – let’s start using them!

What makes all this even more frustrating is that Europe doesn’t lack innovation; Europe has great tech services that are better than their U.S. equivalents. Particularly when it comes to tech services, Europe has much more on offer than some would expect – especially if you value privacy and security.

Across the continent, privacy-first, security-focused, and truly sovereign digital solutions are being developed. One of the best examples is Tuta, which offers secure, encrypted email and calendar tools, even with quantum-safe encryption. The email provider not only operates under German data protection laws with all servers based in German data centers, but it also uses the most advanced encryption technologies to protect businesses’ data.

So why don’t we see services like this one powering ministries, parliaments, and courts?

Because despite all the speeches about “strategic autonomy”, European tech is still often treated as a backup plan by the authorities – and most of them have not even started putting this plan into action. For decades, European authorities have relied on Microsoft’s products. Stemming from Microsoft’s integration into Windows, the most widely used OS since its launch in the 1980s, most businesses and authorities still use Microsoft Outlook for email, Microsoft Word, Excel, etc. While switching from Microsoft to European-based alternatives can’t be done in a day, authorities must start planning the switch.

Now it’s time to break free from the dependency on American tech!

Turn ON Privacy in one click.

The sovereign cloud

There’s a saying in tech that goes as follows: There is no cloud, just other people’s computers.

When taking this concept into action, one has to ask themselves: On whose computer would I like to store my data? With an American tech provider – to which the U.S. (government, NSA, CIA, FBI, etc.) can potentially have full access? Even if the data stays in Europe, the control – the ability to operate, deny, or transfer access – remains elsewhere. As long as American tech providers hold the key, Europe does not own its data.

We need true sovereignty – by choosing European services that are built and operated under European law and that store the data solely in Europe, best with end-to-end encryption.

We are already seeing positive examples of Europeans achieving digital sovereignty, for instance the French city of Lyon is about to stop using Microsoft, the Ministry of Digitilization in Denmark wants to reduce its dependency on Microsoft, and the German state of Schleswig Holstein is in the process of replacing Microsoft Office with open source solutions.

Looking into a brighter future

Das Tuta-Team freut sich auf eine bessere Zukunft! Das Tuta-Team freut sich auf eine bessere Zukunft! The Tuta Team welcoming a brighter future!

If Europe wants to regain control of its digital infrastructure, we need a structural change; and an immense effort from all parties involved. But in the end, the effort will pay off. Not only by gaining sovereignty, but also by supporting and building a European tech industry – one that can easily compete with American and Chinese tech companies.

To achieve this, we don’t even need new laws, all we need is a commitment by the public sector. When Trump says “America first”, Europe must say “Europe first” – and in tech the gain is double:

  1. A big share of what the public sector spends on European tech, they get back in the form of company taxes.
  2. The public sector could help boost an already vibrating and innovative European tech industry to gain a competitive edge, not just in Europe but also abroad.

Make “European” a requirement for public procurement of tech products: EU institutions, governments and local authorities should make being “European” a requirement for procuring tech products. This way they can make sure that the services they purchase follow European data protection laws and are not under the influence of foreign governments.

Going forward, European and local authorities can make a real difference. All they have to do is get active!

Let’s build systems that adhere to European laws and regulations, protect European citizens and their data, and strengthen European independence.

Let’s stop borrowing digital power – and start generating our own. Together we can make the web a better place!

Illustration of a phone with Tuta logo on its screen, next to the phone is an enlarged shield with a check mark in it symbolizing the high level of security due to Tuta's encryption.