Microsoft disclaims European sovereign cloud under oath

1. Opening position

Microsoft’s France legal affairs director told the French Senate under oath that he cannot guarantee European sovereign cloud data remains out of US reach. That is the fact. It was stated by the vendor, under oath, to a national legislature. It is not a leak, a rumour, or an external assessment. It is the operator of the service confirming, on record, that the primary marketed property of the service cannot be guaranteed.

Sovereignty, in the cloud context, is a jurisdictional control. The claim sold to European customers is that data stored in a sovereign cloud sits inside a defined legal boundary and stays inside it. If the vendor will not, under oath, affirm that boundary holds, then the boundary is not enforced. It is asserted in marketing and disclaimed in testimony. Those two states cannot coexist as a control.

Treat the position as follows. European data stored under a Microsoft sovereign cloud arrangement must be assessed as reachable by US authorities. Not probably. Not under narrow conditions. Reachable, because the entity responsible for the data has stated it cannot guarantee otherwise. Any threat model, data classification decision, or regulatory mapping that relied on the sovereignty claim now operates on an unconfirmed control.

2. What actually failed

The failure is observable in the testimony itself. The vendor’s legal officer was asked, in a formal setting, whether European sovereign cloud data could be kept out of US reach. The answer was that he could not guarantee it. That answer is the system behaviour. The control was named, queried, and the operator declined to confirm it. There is no second interpretation of that exchange.

The marketed property of the service is jurisdictional isolation. The contracted, branded, and sold characteristic is that data placed in the sovereign offering sits under European legal control. The testimony states that this characteristic cannot be guaranteed. The gap between the marketed property and the sworn position is the failure point. A control that the vendor will not affirm under oath is not a control. It is a description.

Nothing in the public record from this testimony confirms that any technical, contractual, or operational mechanism prevents US access. Specific mitigations, key custody arrangements, or compartmentalisation structures that would close the gap are not confirmed. The absence is itself the condition. Customers were operating on the assumption that the boundary existed. The vendor has now stated, on record, that it cannot be guaranteed.

3. Why it failed

The operator of the service is a US-incorporated entity. US-incorporated entities are subject to US legal process regardless of where their infrastructure is physically located or how the offering is branded. Identity, in jurisdictional terms, is the entity that holds the data. The entity holding the data is reachable by US authority. Geography of the data centre is downstream of that fact and does not change it.

This is why the vendor’s lawyer could not give the guarantee. A guarantee would require the legal entity holding the data to be outside US jurisdiction, or for the data to be held under a structure where the US-incorporated entity has no compellable access. Whether such a structure exists in this specific arrangement is not confirmed. What is confirmed is that the responsible officer, asked directly, declined to affirm the boundary.

Encryption controlled by the vendor does not close this gap. If the entity that holds the keys is the same entity that is legally compellable, the keys are reachable through the same process as the data. Branding the service as sovereign does not close the gap either. Sovereign is a label. Jurisdiction is a structure. The testimony made the distinction explicit. The control labelled sovereignty was, in the operator’s own sworn account, not a control he could stand behind.

4. What this exposes - mechanism of failure

The mechanism is identity, not infrastructure. The entity that holds the data determines who can compel access to it. When that entity is incorporated under US law, US legal process reaches the data through the entity. Physical location of the storage, the regional label on the tenant, and the branding of the service sit downstream of that fact. The testimony does not describe a technical failure. It describes a structural one. The party responsible for the data is the party reachable by the requesting jurisdiction, and no statement in the record contradicts that.

The drift is the gap between the marketed property and the structural reality. Sovereignty was sold as a boundary. The boundary, in legal terms, requires the holder of the data to sit outside the reach of the foreign jurisdiction, or for the holder to have no compellable access to the data it stores. Neither condition is confirmed in this arrangement. What is confirmed is that the legal officer, asked under oath, declined to assert the boundary. The drift is therefore not a future risk. It is the current state of the control as described by the operator.

This is the failure mechanism that matters. A control held by a party who can be compelled to break it is not a control. It is a preference. Customers who treated the sovereign offering as a jurisdictional barrier were operating on a description, not an enforced structure. The testimony collapses the description. Anything built on top of it, data classification, regulatory mapping, residency commitments to downstream users, now rests on an unconfirmed boundary. The mechanism failed at the point where the responsible officer was asked to stand behind it and would not.

5. What this exposes - parallel pattern

The same mechanism applies wherever a service is sold as jurisdictionally isolated while being operated by an entity that remains compellable in another jurisdiction. The label on the service does not change the identity of the holder. If the holder is reachable by foreign legal process, the data is reachable by foreign legal process. This is not specific to one vendor or one offering. It is the structural consequence of placing data with a compellable party and describing the result as sovereign. The testimony made this visible for one specific service. The mechanism is not confined to that service.

The pattern repeats in any arrangement where the control is asserted by the party who can be compelled to break it. Vendor-held encryption keys are the clearest parallel. If the same entity that stores the ciphertext also holds the keys, the keys travel through the same compellable channel as the data. The control labelled encryption becomes a control labelled trust in the holder. The label and the structure diverge. The testimony in this case made the divergence explicit for sovereignty. The same test applied to vendor-held key custody produces the same result.

For any control sold as a jurisdictional or access boundary, the operative question is the identity of the party who can be compelled to lift it. If that party is the vendor, the boundary is the vendor’s discretion under legal pressure. If the vendor will not affirm, under oath, that the boundary holds, the boundary is not enforced. The pattern is therefore: marketed isolation, operator compellability, declined guarantee. Wherever those three conditions appear together, the control is a description. This case is one instance of that pattern, confirmed by the operator’s own sworn position.

6. Operator position

Treat European sovereign cloud data under this arrangement as reachable by US authorities. That is the position the vendor’s testimony forces. Threat models, data classification, and regulatory commitments built on the assumption of jurisdictional isolation must be rewritten to reflect an unconfirmed boundary. Any obligation to a downstream regulator, customer, or data subject that depended on the sovereignty claim now depends on a control the operator will not affirm. The exposure is not theoretical. It is the operator’s own statement under oath.

The broader position is harder. A control held by a compellable party is not a control. This applies to sovereignty, to vendor-held encryption, to access boundaries asserted by the same entity that operates the platform. Each of these must be assessed by the identity of the party who can be compelled, not by the label on the offering. Where that party is reachable by a jurisdiction the data is meant to be isolated from, the isolation is a description. The testimony in this case is useful because it removes the ambiguity for one specific service. The same test must now be applied to every adjacent claim.

What must now be true is structural, not contractual. Data that genuinely requires jurisdictional isolation must be held by an entity that is not compellable by the excluded jurisdiction, or under a key custody and access structure where the operator has no technical means to comply with such a request. Whether any current offering meets that bar is not confirmed and must be assessed per arrangement, on evidence, not on branding. Until that assessment is done and documented, the sovereign label is a marketing artefact. The vendor said as much, under oath. Plan accordingly.