Microsoft has completed work on a project that will allow EU data to stay in Europe while using the tech giant's cloud services.
The EU Data Boundary for the Microsoft Cloud, as the system is called, holds protected data within countries that are part of the EU or the European Free Trade Association, which extends the coverage to Liechtenstein, Iceland, Norway and Switzerland.
In a blog post detailing the project, Julie Brill, corporate VP and chief privacy officer, and Paul Lorimer, corporate VP of Microsoft 365, said European commercial and public sector customers will now be able to store and process customer data and pseudonymized personal data in the region.
This will apply to a raft of key services, including Microsoft 365, Dynamics 365, Power Platform, and most Azure services.
"In addition, Microsoft will store professional services data from technical support interactions for the core cloud services within the EU and EFTA regions," they added.
Microsoft added that some customer data could be shifted outside of the EU network in order to help battle cybersecurity threats.
"In limited security instances that require a coordinated global response, essential data may be transferred with robust protections that safeguard customer data," the blog post said.
"In these circumstances, Microsoft provides transparent information and implements comprehensive security measures, including encryption, strict access controls, and other resilient protections."
Microsoft’s EU data boundary has been a long time coming
Microsoft first announced the data boundary back in 2021, aiming to give EU customers the ability to store and process their data locally instead of routing it to the US or elsewhere.
That became necessary after a 2020 court ruling invalidated a data transfer mechanism between the EU and US known as Privacy Shield on the grounds that American surveillance techniques could breach GDPR rules.
The work was initially expected to be completed by the end of 2022, but Microsoft unveiled the first phase at the beginning of 2023, starting with storage of customer data across the Microsoft Cloud suite of online services, including Microsoft 365, Dynamics 365, Power Platform, and Azure.
A year later, the second phase added pseudonymized personal data. One year on, Microsoft has extended that to include what it calls ‘professional services data’, such as logs or case notes when customers ask for tech support.
When phase two was announced in January 2024, critics said the project had taken too long. Gartner analyst Nader Henein told ITPro at the time it had been "a long time coming", while Civo CEO Mark Boost said data should always have been held sovereign.
"The lack of commitment from hyperscaler providers to guarantee this has always been perplexing," he said.
In the blog post announcing the project's completion, Brill and Lorimer said: "At Microsoft, we believe cloud technology can be innovative, secure, and built to honor European values."
Alongside AI, the data boundary project has sparked huge investment in EU cloud infrastructure by Microsoft, including plans announced last year to invest €3.2bn in Germany, $2.1 billion in Spain and €4.3 billion in Italy.
The tech giant isn’t the only major industry player driving data sovereignty efforts, however. Other cloud giants, including Oracle and AWS, have also unveiled sovereign cloud services for customers based in the EU.
MORE FROM ITPRO
