Microsoft France Director Tells Senate Under Oath He Cannot Guarantee European Cloud Data Stays Beyond US Legal Reach

On June 18, 2025, Anton Carniaux, Microsoft France's director of public and legal affairs, testified before the French Senate during an inquiry into public procurement and digital sovereignty. Senators asked him directly whether he could guarantee that data stored under Microsoft's sovereign cloud offering would never reach US authorities. His answer was unambiguous: no. The admission, delivered under oath, strikes at the heart of Washington's long arm over American technology companies operating abroad.

The legal mechanism behind that limitation is the US CLOUD Act of 2018. The statute compels US-based companies—including Microsoft, Amazon, and Google—to comply with valid American legal requests for data regardless of where the servers physically reside. These three companies were among the most active lobbyists for that legislation at the time. Now, the same firms are at the forefront of what they market as European sovereign cloud initiatives: Microsoft's "European Digital Sovereignty Commitments" launched in early 2025, with AWS and Google rolling out comparable offerings shortly after. Whatever the product names suggest, the legal pipeline runs back to Washington.

The testimony raises sharp questions about the credibility of these sovereign cloud campaigns as they target European government clients. For French and broader European public-sector procurement, the CLOUD Act creates a structural gap between the sovereignty assurances these companies promote and the legal reality underneath. Data processed within European borders can still be subject to US disclosure orders. The Senate inquiry appears set to use Carniaux's admission as a benchmark for scrutinizing whether any sovereign cloud procurement can genuinely deliver on its most fundamental promise.