Summary

The Federal Department of Foreign Affairs (EDA) has accidentally stored internal documents in Microsoft's cloud. Insufficient security architecture enabled the transfer of files to US servers, although control mechanisms should have prevented this. The incident reveals the growing dependence of the Swiss federal administration on American cloud services and raises questions about Switzerland's digital sovereignty.

People

Topics

  • Data security and cloud governance
  • Digital sovereignty of Switzerland
  • US Cloud Act and data protection
  • Federal administration and IT infrastructure

Clarus Lead

Internal documents from the EDA have unintentionally ended up in Microsoft cloud infrastructure after security filters partially failed. An internal audit had already flagged insufficient security measures in summer 2025. The incident becomes significant through massive expansion: with the widespread introduction of Microsoft 365 across over 54,000 workplaces, the Swiss federal administration now stores a large portion of its data on US servers subject to the US Cloud Act.

Detailed Summary

The EDA confirmed to "NZZ am Sonntag" the security gap and admitted that the control technology for preventing the transmission of classified documents functions only incompletely. Affected documents carried the classification "internal," not "secret" – higher-level documents were not affected. However, even the accidental storage of internal data is sufficient under Swiss law to pose risks to foreign policy interests and national security.

The Swiss federal administration decided in December 2025 on a complete migration to Microsoft 365 – a migration project for all 54,000 workplaces. This decision systematically means relocating document collections to data centers of the US corporation. The US Cloud Act obligates US companies to hand over data to American authorities, even if the data belongs to foreign states. Microsoft asserts contractual safeguards, but the Federal Council warned in a November 2025 report that confidentiality cannot be systematically guaranteed.

In response, a feasibility study is examining alternatives to Microsoft dependency. Parliament approved nearly 250 million francs for a Swiss Government Cloud. In the short term, the federal government sees an exit as unrealistic – breaking with Microsoft would be a "high-risk undertaking" with considerable investment costs.

Key Statements

  • Systemic Security Gap: Control mechanisms for preventing unintended file transfers function only partially and were not fixed for months.

  • Known Problem: An internal audit in summer 2025 had already flagged insufficient security measures and improper storage – the incident was foreseeable.

  • Massive Cloud Dependency: The widespread introduction of Microsoft 365 exponentially amplifies the risk that additional data will end up on US servers and fall under the Cloud Act.

  • Limited Alternatives: An alternative (Swiss Government Cloud) is only in the planning stage; rapid exit is not politically or economically envisaged.

Critical Questions

  1. Evidence/Data Quality: Which specific documents were affected, and what sensitivity did they have regarding foreign or security policy? The report only mentions the classification level "internal," not the substantive content.

  2. Conflicts of Interest: Did the Federal Chancellery adequately weigh the existence of the US Cloud Act when choosing Microsoft 365, or did cost arguments and US vendor lock-in take priority?

  3. Causality – Classification Requirement: Is it sensible that every individual employee must independently classify documents? Could automated, preventive classification based on content types and sources reduce human error and prevent security gaps?

  4. Causality – Technical Alternatives: Why was a pilot project not conducted before the mass rollout of Microsoft 365 to identify security gaps during testing?

  5. Feasibility: How realistic is the feasibility study for a Swiss Government Cloud given the lack of technical and organizational experience in operating a state cloud infrastructure?

  6. Risks – Transition Period: While the alternative is being developed, additional sensitive data will land on Microsoft servers for at least 2–5 years. How will these records be retrieved or deleted after the exit?

  7. Incentives – Security Budget: Were investments in security and governance of data classification adequately dimensioned, or was prevention underfunded?

  8. Counter-Hypothesis: Is complete technical security achievable in cloud storage at all, or should the federal government fundamentally adopt hybrid models where highly sensitive data remains stored locally?

Sources

Primary Source: Incident Fuels Cloud Debate – EDA Accidentally Stores Sensitive Data in Microsoft Cloud – swisscybersecurity.net, 02.02.2026

Referenced Sources:

  • NZZ am Sonntag (Report on security gap, paywall)
  • Federal Council Report on Data Protection in Cloud Computing (November 2025)
  • Federal Chancellery Statement on Microsoft 365 Migration (December 2025)

Verification Status: ✓ 02.02.2026

This text was created with the support of an AI model.
Editorial responsibility: clarus.news | Fact-check: 02.02.2026