Big Tech’s “Sovereign Cloud” promises just collapsed — in their own words

Early 2025 U.S. hyperscalers started to ramp up their public relations efforts in Europe, aggressively promoting “sovereign cloud” offerings. Their goal was to calm growing fears around U.S. surveillance, fueled by legal uncertainty, the Trump presidency, and widespread concern about European autonomy in the digital realm.

Microsoft launched its European Cloud Principles, later renamed European Digital Sovereignty Commitments, promising to build trust through local control, transparency, and data residency. Amazon, Google, and Salesforce followed suit with their own “sovereign” branding — each assuring European governments and businesses that their clouds were safe, shielded, and separate.

In the past weeks, the “sovereign cloud” narrative has collapsed, exposing the sovereign washing attempts by big tech. And this time, it’s not critics or watchdogs exposing the contradictions — it’s the tech firms themselves.

“I can’t guarantee your data won’t be handed over”

In early June, Anton Carniaux, General Manager of Microsoft France, testified under oath before the French Senate (transcript (FR), video (FR), media coverage (DE)) that he cannot guarantee that data belonging to French citizens — even when hosted by Microsoft under a government procurement agreement (UGAP) — wouldn’t be handed over to foreign authorities without the French government’s consent.

This directly contradicts Microsoft’s European Digital Sovereignty campaign and calls into question the credibility of its public messaging. Critics already pointed out these “sovereign washing” attempts were meaningless, and clearly, under oath, Microsoft admits as much.

Meanwhile, a report by CloudComputing-Insider (DE) quotes representatives from multiple U.S. hyperscalers — AWS, Microsoft, Google, and Salesforce — saying they would hand over European customer data to U.S. authorities if required by a court order.

Kevin Miller, AWS’s VP of Global Data Centres, was particularly clear (DE): he said he could not guarantee that data from a German SME wouldn’t be disclosed to U.S. authorities.

Sovereign washing: the gap between marketing and reality

These recent disclosures expose a troubling pattern: as public concern in Europe has grown, so have the promises from U.S. cloud providers. But those promises were never backed by real guarantees.

The idea that a U.S. company could operate a cloud service in Europe, for European customers, and somehow remain immune to U.S. surveillance law was always shaky. The recent flurry of “sovereign cloud” launches was a high-stakes PR response to political pressure — not a technical or legal fix.

Now, in a matter of days, that PR effort has unraveled.

What’s said in courtrooms matters more than what’s said on stage

This is not just about policy or legal nuance. It’s about trust. U.S. tech giants are happy to promise digital sovereignty in glossy whitepapers, marketing videos, and conference keynotes. But when questioned under oath, or asked directly about real legal obligations, they admit the truth: they can’t protect your data from the U.S. government. Not even if it’s stored in Europe. Not even if they say it’s “sovereign.”

If you are a customer of these companies — whether a government agency, a regulated industry, or a private business — the implications are clear. Do not fall for their sovereign washing attempts: what Big Tech says in a courtroom tells you far more than what they say in a press release.

And what they’ve just said is this: you can’t count on their promises.