Author: Florian Zandt | t3n.de
Source: Original Article
Publication Date: November 1, 2025
Summary Reading Time: 3-4 minutes

Executive Summary

The Cloud Act of 2018 enables US authorities to directly access data of European companies stored with US cloud providers like Amazon, Microsoft, and Google - without informing European authorities. With Trump's return and the strengthened ties between the tech elite and the US government, this law gains new explosive relevance. "Gag orders" prevent for up to 180 days affected companies from being informed about data requests. Action recommendation: European companies should consider migrating to EU-based cloud providers, as the EU Data Act will facilitate provider switching starting September 2025.

Critical Key Questions

How strongly will geopolitical tensions between the USA and Europe intensify the application of the Cloud Act in the coming years?
What impact does the close connection between Big Tech and the Trump administration have on the enforcement of data requests?
Can European cloud providers scale quickly enough to offer a real alternative to AWS, Azure, and Google Cloud?

Core Topic & Context

The Clarifying Lawful Overseas Use of Data Act (Cloud Act) from 2018 allows US authorities worldwide access to data stored with US cloud providers. The currently intensified relationship between tech corporations and the Trump administration amplifies the relevance of this law for European data sovereignty.

Most Important Facts & Figures

• Microsoft receives approximately 30,000 government requests semi-annually, provides information in 60% of cases • Amazon AWS records about 1,500 disclosure requests per half-year • "Gag orders" can impose up to 180 days of confidentiality obligations • EU Data Act takes effect September 2025 and facilitates provider switching • 300 million USD donated by tech corporations for Trump's ballroom construction in the White House

Stakeholders & Affected Parties

Primarily affected: European companies with data stored with US cloud providers (AWS, Microsoft Azure, Google Cloud)
Industries: All sectors using cloud services, particularly critical infrastructures and financial services
Regulatory authorities: EU Commission, national data protection authorities, Federal Network Agency

Opportunities & Risks

Risks

• Uncontrolled data access without European legal review • Secrecy through "gag orders" prevents legal defense • Dependency on US political developments and categorizations

Opportunities

• EU Data Act strengthens switching possibilities to European providers • Competitive advantage for EU cloud providers like OVHcloud and Nextcloud • Digital sovereignty through local data storage

Scenario Analysis: Future Perspectives

Short-term (1 year)

Intensified enforcement of the Cloud Act under Trump administration, first company switches to EU providers after EU Data Act takes effect in September 2025.

Medium-term (5 years)

Consolidation of the European cloud market, possible EU retaliatory measures against US data access, new transatlantic data agreements as compromise solution.

Long-term (10-20 years)

Fragmentation of the global cloud market into regional blocks, complete digital sovereignty of the EU with its own tech champions, fundamental renegotiation of transatlantic data relationships.

Action Relevance

Immediate measures: Risk assessment of cloud strategy, evaluation of European alternatives
Medium-term: Migration of critical data to EU providers by EU Data Act 2025
Time-critical: Preparation for intensified US government requests under new Trump administration