Microsoft Completes EU Data Sovereignty Initiative for Cloud Services

Microsoft has finalized its EU data sovereignty initiative, expanding the scope of data covered under its commitment to store and process customer and personal data exclusively within the European Union (EU) and the European Free Trade Association (EFTA). This move aims to enhance data protection and privacy for users within these regions.

The company assures that personal data, including log files and client advisory services, will be pseudonymized and encrypted. Microsoft claims that data transfer to data centers outside of the EU and EFTA will not occur, except under specific circumstances.

In the latest phase of this project, Microsoft has extended the EU data boundary to include professional service data such as logs and support data, ensuring they are retained within the EU and EFTA. The services that fall under this data boundary include Microsoft 365, Dynamics 365, Power Platform, and parts of Microsoft Azure. However, the company has outlined certain exceptions.

One notable exception allows for the transfer of data related to specific Azure services, provided that customers enter into a corresponding agreement with Microsoft. Additionally, the company reserves the right to transfer data from the EU and EFTA to any global data centers whenever deemed necessary for cybersecurity investigations, although it has not specified the criteria for such decisions.

The initiative began two years ago when Microsoft started establishing the EU data boundary, initially covering only customer data. Subsequently, the company expanded its commitment to encompass personal data as well. Other cloud service providers are also working towards establishing their own European data services. For instance, AWS plans to launch its sovereign EU cloud with a data center in Brandenburg by the end of this year.