Microsoft's European Digital Commitments

Brad Smith gave a much-noticed keynote speech today. In this speech, Microsoft's Vice Chairman emphasized his company's commitment to its partners in the European Union.

This was particularly the case in light of the fact that the first hundred days of the Trump administration have led to a number of uncertainties regarding cooperation with US partners. Using five "new Digital European Commitments", he explains how the software manufacturer from Redmond guarantees its customers both performance and control. An interesting side note is that the keynote speech took place as part of an Atlantic Council event. The Atlantic Council is a non-profit organization that, among other things, promotes intensive cooperation between Europe and the USA.

In this article, we would like to present Microsoft's commitments and make an initial assessment.

Microsoft has announced plans to increase its data center capacity in Europe by 40% over the next two years and more than double it by 2027. This will take place in 16 European countries and will include over 200 data centers. The expansion aims to boost Europe's economic growth and competitiveness by using AI and cloud services to drive innovation and productivity growth.

Microsoft is promoting a diversified cloud ecosystem, including the "Microsoft Cloud for Sovereignty", which offers governments more control over data locations and access. In partnerships with companies such as Capgemini and SAP or Arvato Systems, Microsoft is developing sovereign cloud solutions in France and Germany to ensure local control and operation.
In addition, Microsoft supports European cloud providers through partnerships to enable the use of Microsoft applications on their infrastructure. Microsoft will design both its technologies and its licenses in such a way that subsequent use is possible.

Microsoft invests several billion dollars annually in the expansion of its data centers in Europe. These permanent structures are subject to national laws. Although Microsoft does not always agree with the political decisions of governments, the company has always respected and complied with European laws - even in cases that have been decided in European courts. Microsoft recognizes that European laws, including competition law and the Digital Markets Act, apply to its business practices in Europe. The company is committed to both developing the digital infrastructure in Europe and respecting the applicable standards.

Microsoft is planning to build a European cloud to support Europe in a time of geopolitical uncertainty and strengthen the continent's digital resilience. The company plans to offer the cloud services through subsidiaries based in Europe. The management activities will be controlled by a committee composed exclusively of European representatives and subject only to European jurisdiction.

Microsoft has introduced a "Digital Resilience Commitment" to take legal action against potential orders to close cloud services in Europe. The company has a history of taking legal action to protect customer rights. According to Smith, Microsoft is not only fighting these cases, but also winning them. In addition, Microsoft will work with European partners to maintain operations in the event of court orders and store backup copies of the code in Switzerland. This would be available to partners in the event of a continuity issue.

Microsoft has long been committed to protecting customer data and enabling customers to have control over their data. The company has completed the EU Boundary project, which enables European customers to store and process their data within the EU. From January 2024, Microsoft customers will be able to store and process their data in specific core cloud services. This data will remain in the EU. Find out more about EU Boundary.

At a technical level, Microsoft intends to further expand its data protection capabilities. In addition to established concepts such as BYOK (Bring Your Own Key), activities relating to confidential computing will be further expanded. Microsoft also offers so-called "lockboxes" for customers of Microsoft 365, Microsoft Azure and Microsoft Dynamics 365. This capsule enables dedicated control of access by Microsoft, including in support cases.

In addition, Microsoft is committed to further strengthening its data control and protection solutions for European customers. The company refers to its "Defending Your Data Commitment". In this commitment, Microsoft undertakes to take legal action against any access to European data by the US government.

After the outbreak of war in Ukraine in 2022, Microsoft immediately helped to evacuate the country's critical data and technology services to its data centers in Europe. This secured Ukraine's digital operations from attack. Microsoft has already provided over 500 million dollars in technological and financial assistance to protect Ukraine and other European governments from cyberattacks. This will continue to be a central guideline for action.

In order to respond to ongoing cyber threats from countries such as Russia, China, Iran and North Korea, Microsoft has appointed a new Deputy CISO for Europe, responsible for EU cyber security compliance. Microsoft plans to implement new security measures under the Cyber Resilience Act (CRA) to establish its cybersecurity as the new standard. The company will also appoint an independent auditor to review and validate compliance with its obligations in Europe.

To further expand the use of the availability of AI services, Microsoft published its "AI Access Principles" last year. To further strengthen the commitment, Microsoft has now extended these principles once again.

The Microsoft AI Access Principles ensure that the Azure AI platform and infrastructure is accessible for various business models, both open source and proprietary. Microsoft hosts over 1,800 AI models. Most of these come mainly from European developers such as Mistral and Hugging Face. Customers can choose which models they want to use and where they want to implement their AI solutions, be it on Microsoft Azure, in another cloud or in their own data center. Customers can also export their data to another cloud provider without transfer fees.

Over the past year, European start-ups and companies have benefited from this open access to innovate and grow in the new AI economy. Examples include companies such as Factorial in Spain, iGenius in Italy and Visma in Norway, as well as institutions such as the Institut Curie in France and UBS in Switzerland. Microsoft sees this as evidence of its interest in European performance.

It is exciting that Microsoft is offering solutions for two phases of cooperation. On the one hand, Microsoft shows how sovereignty can be further optimized in regular Microsoft operations, and on the other hand, Microsoft offers emergency scenarios in the event of a cooling of relations between the EU and the USA.

For the "actual operation" of the platform, Smith once again emphasizes the use of technical solutions such as confidential computing and BYOK systems. These are tried and tested and provide a high level of data sovereignty. The technical possibilities are flanked by Microsoft's commitment to take legal action against data access.

However, Microsoft also believes it is prepared in the event of an ice age between the USA and the EU. By establishing an escrow system and operating the data centers through European companies, data centers could continue to be operated without support from the US if necessary. However, this needs to be examined carefully if the worst comes to the worst, because in addition to the legal skills, the right personnel must of course also be available to operate the cloud on a daily basis.

Many of the principles that have now been announced for the use of the Azure Public Cloud have long applied to the Delos Cloud. Operation by a German company, under German jurisdiction with a handover point for the platform technology.

Microsoft appears to have based itself on this solution design and adapted many parts of it. This once again shows potential Delos Cloud users how resilient the architecture of the sovereign cloud is.

After this major announcement from Microsoft, the question now naturally arises as to what extent the statements made by Deputy Chairman Brad Smith can be trusted. It should be noted at this point that Microsoft has long been on a quest to meet the perceived and actual requirements of the digital sovereignty of its European customers in the long term. This was an ongoing issue even before the Trump II administration, but it has become even more acute as a result of developments over the last hundred days.

At first glance, it is clear that the urgency of the problem has now finally reached those responsible in Redmond. Both the position of the speaker and the location and content of the keynote show that Microsoft sees a sustained need for action here. However, it remains to be seen to what extent the announcements will be followed by actual action.

The European Digital Commitments do not change the fact that Microsoft Azure is and remains a valid option for setting up your cloud environment. Together with our experts, you can leverage the benefits of Microsoft Hyperscaler technology - only in the future with even more confidence!