Sovereign Washing, Now Also Confirmed Under Oath.
Katrin Peter 4 Minuten Lesezeit

Sovereign Washing, Now Also Confirmed Under Oath.

We’ve suspected it for a long time, it was downplayed, relativized, dissected in whitepapers, and wrapped in PR language. Now the truth is on the table – legally unassailable, crystal clear, irrefutable.

An Oath of Disclosure – in the Truest Sense of the Word

We’ve suspected it for a long time, it was downplayed, relativized, dissected in whitepapers, and wrapped in PR language. Now the truth is on the table – legally unassailable, crystal clear, irrefutable.

In a hearing before the French Senate in June 2025, Anton Carniaux, Head of Corporate, External & Legal Affairs at Microsoft France, was questioned under oath. The central question:

Can Microsoft guarantee that no data of European users will be disclosed to the US government without the consent of national authorities?

His answer:

“No, I cannot guarantee that.”

That’s really all one needs to know. But let’s take a moment to dwell on it.

Microsoft, the Cloud Act, and the Tale of the Safe Harbor

For years, Microsoft has portrayed itself as a pioneer of digital sovereignty in Europe. There are dedicated business units, massive investments in European data centers, a European Board of Directors, contracts with government agencies in Germany, France, and elsewhere. They particularly like to advertise with so-called “Sovereign Clouds” – isolated cloud instances that are supposedly particularly secure and compliant.

But all this is of little help when the legal reality is ultimately different.

The CLOUD Act (Clarifying Lawful Overseas Use of Data Act) allows US authorities to access data, even if it is physically stored outside the USA, as long as it is controlled by a US company. This is not a new insight – but it has rarely been confirmed so unequivocally from within a corporation as in this case.

Microsoft’s communication has so far been cautiously worded. They resist requests, they have so far not disclosed any data, they do everything in the interest of their customers. But these statements were never legally binding. And now we officially know: Microsoft cannot provide any guarantee.

This is explosive. Because:

  • Microsoft is one of the largest IT partners of the federal government.
  • Microsoft products are used in almost all ministries, authorities, and state administrations.
  • Even in particularly sensitive areas such as the Bundeswehr, the judiciary, or healthcare, central services run on Microsoft infrastructure.

And at the same time, it is now clear:

If the US government wants access to this data, Microsoft cannot prevent it – and does not even have to inform about it.

Sovereignty Begins with Infrastructure

Anyone who knows these facts and still continues to rely on hyperscalers like Microsoft, Amazon, or Google must face uncomfortable questions:

  • Are we aware that in an emergency, we do not have control over our own data?
  • Are we willing to accept that a foreign government can have a say in our IT infrastructure?
  • Can we justify operating critical public services on platforms that can be controlled by others at any time?

From the perspective of digital resilience, the answer can only be: No.

Because sovereignty does not mean that someone promises not to do something. Sovereignty means that it is not even possible for them to do it.

Time for a Change of Course – in Public and Private IT

This clarification under oath should be a turning point. Not for scandalization, but for self-reflection.

We finally need a realistic, strategic debate about digital infrastructure in Europe. One that does not only revolve around features, prices, and licensing models, but around control, availability, responsibility.

Because sovereignty is not an add-on. It is not a checkbox in a contract. It is a fundamental condition for democratic action in the digital age.

What Needs to Happen Now

  • Public authorities must evaluate whether their current IT strategy is still viable – not technically, but politically.
  • Decision-makers in companies must question whether their supposedly secure cloud is really secure – also legally.
  • We all must stop buying into the illusion of a “European Microsoft” just because servers are located in Ireland or Germany.

Because data sovereignty does not begin with location, but with legal control – and that simply does not lie with US hyperscalers in Europe.

Our Contribution as a Provider: We Build Alternatives

At ayedo, we work every day with companies and public institutions to regain precisely this digital control. With sovereign hosting architectures, with European partners, with containerized applications that can be operated independently of US platforms. Not because we are against innovation – but because we understand that innovation is worthless without trust.

And trust is not created by advertising slogans, but by verifiable frameworks.

Conclusion: The Decision Lies with Us

It is no longer a question of whether Sovereign Washing is a problem. It is documented. Under oath.

The question now is: What do we do with it?

Do we remain dependent – or do we finally choose solutions that meet our values, our law, and our responsibility?

Those who want sovereignty must take it. Not have it promised.

Vorheriger Post Alle Posts Nächster Post