Germany Dumps Microsoft Cloud Services
The German government is reportedly severing its ties with Microsoft, citing data sovereignty concerns and the potential for U.S. government overreach. The move is a major signal of Europe's accelerating push toward cloud localization to comply with DMA and GDPR, creating significant headwinds for U.S. hyperscalers.
This specific move away from Microsoft is being driven by the northern German state of Schleswig-Holstein, which is transitioning its 30,000 public employees to open-source software. The stated goal is to achieve "digital sovereignty," ensuring the state controls its own IT solutions and that citizen data remains secure within its own jurisdiction. The core of the issue is a fundamental conflict between the U.S. CLOUD Act and the EU's GDPR. The CLOUD Act allows U.S. authorities to compel American tech companies to provide data, regardless of where it is stored globally. This creates a compliance paradox for entities in Europe, as transferring data under such a request could violate GDPR's strict data protection rules. Schleswig-Holstein is replacing the Microsoft stack with a suite of open-source alternatives. LibreOffice is set to replace Word and Excel, while Open-Xchange and Thunderbird will take over from Outlook and Exchange for email and calendars. The long-term plan includes a complete migration from Windows to a Linux-based operating system. This migration is part of a broader European strategy for digital sovereignty, embodied by initiatives like Gaia-X. Launched by Germany and France, Gaia-X aims to create a federated, secure data infrastructure with common standards, providing an alternative to the dominance of U.S. hyperscalers while ensuring GDPR compliance. In response to these sovereignty concerns, Microsoft has launched its "Microsoft Sovereign Cloud" for Europe. This offering promises that customer data will remain in Europe under European law, with operations and access controlled by European personnel. In Germany, Microsoft is partnering with SAP subsidiary Delos Cloud to provide a sovereign cloud specifically for the public sector. However, critics argue that as long as the parent company is subject to U.S. jurisdiction, no technical or organizational measure can fully eliminate the legal risks posed by the CLOUD Act. The fundamental conflict of laws means that true data sovereignty may be unattainable from U.S.-based providers, pushing some European governments to seek full independence with open-source solutions.
