I work as a consultant and freelancer across a bunch of companies, some American but mostly European ones. Last ~8 months or so, the sentiment about "Hosting our data in EU or even our own country" has drastically changed, I don't think I've seen such a clear shift in public opinion so fast before. The amount of migrations I've helped moving data from US to EU already is higher this calendar year than all the other years of my career.
Its not about public opinion, but rather data sovereignty requirements. Certain types of data must be processed within servers located in the EU, regardless of where the company's HQ is. That's why you see most SaaS platforms nowadays offer a EU-only version.
Recent erratic policies are having a profound effect on perception of US companies.
It has been brewing for a while.
https://www.euronews.com/next/2025/02/27/is-overreliance-on-...
The laws are already there. That's my point.
In other words: physical location isn't enough, the company's HQ being in the US is in itself already a massive risk.
The big American cloud companies are trying to get around this by offering their services via "independent" EU entities who aren't owned by the US company but still offer the exact same stack, but I bet most customers are just as unimpressed as I imagine US law enforcement is going to be.
Inside the US, the biggest concerns similarly come with China, which I consider a bigger risk. For better or worse, if you're inside the US, you're probably better off holding as much of your presence as you can inside the US as EU requirements can actually be more harmful than helpful in terms of compliance. There are also certain protections and resistance you can take to less than formal (judicial warrant) requests. Only because if you hold an online presence in the EU, and are forced to violate EU laws, then you're in trouble on both sides.
I would assume similar in most cases, though the EU confederation is something I'm far less familiar with where national laws and EU laws conflict, etc. I'm more familiar with US state to federal structures.
The fundamental flaw with this plan is if your fear is genuinely of the United States, your data is far more protected inside the US. The intelligence community has no restrictions operating on foreign networks and servers.
Rather than go to a FISA court for approval, we just hack your box and take your data. Or ask a European intelligence service to use the much more lax laws to compel its disclosure.
Yes, data collection happens on US soil. But ask anyone who has worked on the inside how much of a pain it is to view or process USPER data.
there have been several bombshell revelations in the last 1-2 decades which indisputably show that the US intelligence community also has (effectively) no restrictions operating on US citizen networks and servers, and often does so with the direct help of US companies.
the legal standards are worthless when they can just be ignored without consequence. when the standards happen to work, just buy the data from the private sector.
secondly, these changes are also about mitigating any retaliatory decisions made when the US government gets upset at how tall another country's leader is, or whatever.
I live in Denmark, a country whose primary threat at the moment is the USA, and the thought of Donald Trump effectively having a kill-switch to our highly digitalized society is absolutely frightening. Reducing our dependence on American tech means that we are less vulnerable to a hostile power using it to extort us out of our territory. We cannot remove the threat entirely, but we can make the pain less extreme.
Other EU countries are also seeing things this way, that the US no longer has a stable government and is no longer a friendly country. Who cares about American spying when the real threat is your country being turned off?
We're far beyond the default assumption that NSA snoops on absolutely everything, and more about protection ourselves from trade wars, tariffs and similar blockages as what Microsoft did with the ICC.
You are equating illegal behavior with legal behavior. We do what we can to avoid the legal ways the US government can access our data.
It’s not something that the business owners want to do, but they are being forced to from above.
It’s just that they started to execute now?
But yeah, in recent times the sentiment became more urgent. If I were to guess, with zero data in front of me and just judging by what I remember, I think the sentiment really changed first with the ICC blockade that happened last year, then it got really fueled on by the US threats to Greenland's sovereignty, I think that's when organizations and people really got stressed out about moving ASAP.
The second Trump administration moved from "overtly bullying" to "behaving like a potential threat". In the second Trump administration, the US has used the tech monopolies against the EU and has become a military threat (not to mention the commercial war with tariffs). For many Europeans, it's not that the US are abusing their dominant position in negotiations anymore: it's that they are not an ally anymore. Not that they are seen as an enemy, but rather an unreliable partner who threatened to become an enemy.
I think that this is a very big shift, and that is why things are actually moving. And I don't think that this will change, because the risk of depending on the US monopolies has now materialised. That cannot be undone.
We in Europe are enjoying roughly 15-20% insane/stupid ratings at this point, which is not great but still a bit better.
I haven't heard of anyone moving to this, though.
> The CLOUD Act primarily amends the Stored Communications Act (SCA) of 1986 to allow federal law enforcement to compel U.S.-based technology companies via warrant or subpoena to provide requested data stored on servers regardless of whether the data are stored in the U.S. or on foreign soil.
Once that was in place, AWS could host their "EU" servers on the moon for all I and others care, still not a solution to avoid the claws of the US.
On the other hand it is also lame to shift the blame on the US. A bit like Jim stole your car after you left the doors open, the key in the ignition and the engine running. Jim is a bad man.
The US, China, Russia, EU (as a whole) and maybe Brazil are the countries in the best position to be able to do that more than most others just by their size and positions. And even that has limitations.
For example, IMO, the US should be manufacturing at least half of it's prescription medications domestically... it should also be producing a significant portion of it's communications devices domestically as well. We're too dependent on Taiwan and South Korea for technology currently.
I would encourage every nation to consider and take steps towards ensuring their own infrastructure... this does not mean isolation, just security footing.
Database runs in France, front end in Belgium, Operations in Spain...
EU Fairness dictates they all need to get a slice of the pie so this will be interesting (and by that I mean absurdly hilarious).
You snark, but is this not EXACTLY how a sizeable majority of modern apps are made?
Substitute in some random tech stacks, cloud providers, or buzzwords.
Database runs in AWS, front end in Nuxt, Operations in Claude.
You put your Headquarters in seattle, your data center in alabama, you have your dev team in SF... every state gets a slice
Like gov contracts and how they are divided is basically the largest conversation in defense contracts, they give more of a shit who will make the nails for a tank than the security parameters of the crew members
In any case, there are plenty of EU giants (ASML, SAP, Siemens, Alstom, Rheinmetall, etc) that are rather concentrated geographically speaking. EU fairness is more a government agency distribution thing, not for private companies.
That is a very myopic way of looking at it. Right-wing neoliberal parties were globalists and pro-EU for business reasons. Left-wing social-liberals were pro-EU for social and ideological reasons but were much more ambivalent about globalisation. Hard-right nationalists hate the EU but don’t see much of a problem with globalisation except when people are involved (exploiting them abroad, however, is fine as long as there is a buck to be made). If you’re a bit careful you’ll find opinions all over the place on both globalisation and the EU across the whole spectrum.
Globalisation is more something that affect individual member states than a EU issue.
How is that worse than headquarters in New York, incorporation in Delaware, operations in California, and datacenters in Texas?
And I'm not even bashing EU. The closest example still working today is probably the US's Jones Act.
But especially that Microsoft blocked the work email of the ICC lead prosecutor for political reasons, that has all alarm bells ringing.
Sure, LLMs help a bit with the actual typing, but the hard part is still planning, alignment and actual execution, all which are best done by humans talking and working with other humans.
I don't think we're in the days of "Hey Codex migrate our AWS stack 100% to Hetzner VPS stat" yet, without issues along the way. Wouldn't claim it's impossible either, but again the easy parts were already easy, and the hard parts are still hard.
What used to be a half year transition project that will be half-assed due to resource constraints, can now be properly done in a month by a skilled engineering team works on it with LLM leverage.
Of course, if America was still a trusted ally (like if Harris was president), we still wouldn't be doing it. Even if it was easy now.
It is a manifestation of the commoditization of Cloud Computing Interfaces.
Every provider offers a blob storage, kubernetes clusters, queues and what not.
I'd argue that covers 90% of SaaS needs.
It has been a headache for our vendors.
