Microsoft has completed work on a project that will allow EU data to stay in Europe while using the tech giant's cloud services.
The EU Data Boundary for the Microsoft Cloud, as the system is called, holds protected data within countries that are part of the EU or the European Free Trade Association, which extends the coverage to Liechtenstein, Iceland, Norway and Switzerland.
In a blog post detailing the project, Julie Brill, corporate VP and chief privacy officer, and Paul Lorimer, corporate VP of Microsoft 365, said European commercial and public sector customers will now be able to store and process customer data and pseudonymized personal data in the region.
This will apply to a raft of key services, including Microsoft 365, Dynamics 365, Power Platform, and most Azure services.
"In addition, Microsoft will store professional services data from technical support interactions for the core cloud services within the EU and EFTA regions," they added.
Microsoft added that some customer data could be shifted outside of the EU network in order to help battle cybersecurity threats.
"In limited security instances that require a coordinated global response, essential data may be transferred with robust protections that safeguard customer data," the blog post said.
"In these circumstances, Microsoft provides transparent information and implements comprehensive security measures, including encryption, strict access controls, and other resilient protections."
Microsoft’s EU data boundary has been a long time coming
Microsoft first announced the data boundary back in 2021, aiming to give EU customers the ability to store and process their data locally instead of routing it to the US or elsewhere.
That became necessary after a 2020 court ruling invalidated a data transfer mechanism between the EU and US known as Privacy Shield on the grounds that American surveillance techniques could breach GDPR rules.
The work was initially expected to be completed by the end of 2022, but Microsoft unveiled the first phase at the beginning of 2023, starting with storage of customer data across the Microsoft Cloud suite of online services, including Microsoft 365, Dynamics 365, Power Platform, and Azure.
A year later, the second phase added pseudonymized personal data. One year on, Microsoft has extended that to include what it calls ‘professional services data’, such as logs or case notes when customers ask for tech support.
RELATED WHITEPAPER
When phase two was announced in January 2024, critics said the project had taken too long. Gartner analyst Nader Henein told ITPro at the time it had been "a long time coming", while Civo CEO Mark Boost said data should always have been held sovereign.
"The lack of commitment from hyperscaler providers to guarantee this has always been perplexing," he said.
In the blog post announcing the project's completion, Brill and Lorimer said: "At Microsoft, we believe cloud technology can be innovative, secure, and built to honor European values."
Alongside AI, the data boundary project has sparked huge investment in EU cloud infrastructure by Microsoft, including plans announced last year to invest €3.2bn in Germany, $2.1 billion in Spain and €4.3 billion in Italy.
The tech giant isn’t the only major industry player driving data sovereignty efforts, however. Other cloud giants, including Oracle and AWS, have also unveiled sovereign cloud services for customers based in the EU.
MORE FROM ITPRO
- SAP launches sovereign cloud service for UK customers
- Sovereign cloud services are now the 'bare minimum' expected by customers
- EU tech firms team up to launch 'Virt8ra' sovereign edge cloud
-
Asus ZenScreen Fold OLED MQ17QH reviewReviews A stunning foldable 17.3in OLED display – but it's too expensive to be anything more than a thrilling tech demo
-
How the UK MoJ achieved secure networks for prisons and offices with Palo Alto NetworksCase study Adopting zero trust is a necessity when your own users are trying to launch cyber attacks
-
The Wiz acquisition stakes Google's claim as the go-to hyperscaler for cloud security – now it’s up to AWS and industry vendors to reactAnalysis The Wiz acquisition could have monumental implications for the cloud security sector, with Google raising the stakes for competitors and industry vendors.
-
Microsoft hit with £1 billion lawsuit over claims it’s “punishing UK businesses” for using competitor cloud servicesNews Customers using rival cloud services are paying too much for Windows Server, the complaint alleges
-
SAP launches sovereign cloud service for UK customersNews The move makes SAP the latest to roll out a sovereign cloud service for UK customers
-
Microsoft's Azure growth isn't cause for concern, analysts sayAnalysis Azure growth has slowed slightly, but Microsoft faces bigger problems with expanding infrastructure
-
The Open Cloud Coalition wants to promote a more competitive European cloud market – but is there more to the group than meets the eye?Analysis The launch of the Open Cloud Coalition is the latest blow in a war of words between Microsoft and Google over European cloud
-
Data center constraints pinch as Microsoft reports soaring AI demandNews The firm’s CEO Satya Nadella remained confident that supply and demand would start matching up later in the fiscal year
-
Microsoft slams Google’s ‘shadow campaigns’ as feud over cloud regulation escalatesNews Google is being accused of creating an “astroturf” organization that is driven by ulterior motives
-
Microsoft just announced its biggest ever investment in ItalyNews The investment from Microsoft aims to ramp up cloud infrastructure and deliver training initiatives to upskill a million people
