Microsoft has completed its EU Data Boundary for the Microsoft Cloud data sovereignty project.

Two years in the making, the boundary means that European commercial and public sector customers can store and process customer data and “pseudonymized” personal data for core cloud services within the EU and European Free Trade Agreement (EFTA) regions, reports TechCrunch.

GettyImages-1490730833
– Getty Images

Professional services data from technical support interactions will also be stored in the EU and EFTA regions. The boundary applies to Microsoft 365, Dynamics 365, Power Platform, and most Azure services. For some Azure services, "additional customer action may be required to obtain the professional services data storage commitment."

In a Microsoft blog post written by Julie Brill, corporate VP and chief privacy officer, and Paul Lorimer, corporate VP of Microsoft 365, the company said: "The EU Data Boundary reflects Microsoft’s commitment to delivering unmatched cloud services that support European transparency, protect privacy, and enhance customer control. It’s a reflection of our commitment to Europe and is part of a wide range of residency capabilities and solutions we provide to our customers."

The company notes, however, that "in limited security instances that require a coordinated global response, essential data may be transferred with robust protections that safeguard customer data."

According to the blog post, Microsoft has invested more than $20 billion in AI and cloud infrastructure across the continent over the last 16 months.

In December 2022, Microsoft announced plans for its EU Data Boundary, commencing work on the project the following January.

In July 2023, the EU and US agreed to a Data Privacy Framework which allowed data transfers provided they met privacy guarantees and protections were made. Despite this, Microsoft reiterated that it would keep EU cloud customers' data in the EU in January 2024, shortly after it launched its Cloud for Sovereignty in December 2023, which is available across all Azure regions.

The EU is known for its stricter data privacy and sovereignty rules than the likes of the US. The EU's Cybersecurity Act was adopted in 2019 and formed the legal basis for EU-wide certification of cloud providers. In December 2020, EU cybersecurity agency ENISA began public consultations toward a revised set of rules.

One of the earlier drafts required US hyperscalers to set up a joint venture with an EU-based company and to store and process customer data in Europe to qualify for the label, similar to the regulations imposed in France in 2021. This was dropped by the European Commission in April 2024, instead requiring cloud providers to just provide information about the location of the storage and processing of customer data.

In France, where US cloud companies are still required to partner with a local provider, Microsoft has teamed up with Capgemini and Orange.

Oracle (OCI) has two sovereign cloud regions in Europe located in Spain and Germany. AWS is also planning a European cloud region in Europe, with the first to be located in Germany. StackIT provides Google Workspace customers with a sovereign data storage option.

Subscribe to The Cloud & Hybrid Channel for regular news round-ups, market reports, and more.
Create an Account to Subscribe Now

More in Cloud & Hyperscale

More in Europe