![\"\"](\"https:\/\/www.europesays.com\/ai\/wp-content\/uploads\/2026\/04\/landing-page-image-1-1024x576.png\")
<\/p>\nDiscussions on digital sovereignty\u2014the capability to participate in the digital economy securely, independently and with self-determined controls\u2014is often centered on a consistent set of questions: Where is my data stored? Who can access it? Will I have access to the latest capability? Below, we\u2019ve answered these questions, and highlighted the commitments we\u2019ve made and the technologies available in Switzerland.<\/p>\n
Catrin Hinkel, CEO of Microsoft Switzerland, and Marc Holitscher, National Technology Officer, in a discussion about digital sovereignty in Switzerland<\/p>\n
1: Why is digital sovereignty such an important topic right now?<\/p>\n
\nClick here to load media\n<\/p>\n
2: What does digital sovereignty mean in practice?<\/p>\n
\nClick here to load media\n<\/p>\n
3: What is Microsoft\u2019s level of engagement in Switzerland? <\/p>\n
\nClick here to load media\n<\/p>\n
4: What about Microsoft\u2019s comprehensive European commitments? <\/p>\n
\nClick here to load media\n<\/p>\n
5: How does Microsoft protect customer data?<\/p>\n
\nClick here to load media\n<\/p>\n
6: What about business continuity \u2013 what happens if something unexpected occurs?<\/p>\n
\nClick here to load media\n<\/p>\n
7: What about laws like the CLOUD act \u2013 can the U.S. government access European data?<\/p>\n
\nClick here to load media\n<\/p>\n
8: What does this mean in practical terms for Swiss companies? <\/p>\n
\nClick here to load media\n<\/p>\n
9: Our commitment to Switzerland<\/p>\n
\nClick here to load media\n<\/p>\n
Questions and answers on digital sovereignty<\/p>\n
<\/p>\n
1. What are Microsoft\u2019s sovereign cloud solutions in Switzerland?<\/p>\n
Microsoft offers a comprehensive portfolio to meet the full spectrum of sovereignty needs in Switzerland and across Europe:<\/p>\n
![\"\"](\"https:\/\/www.europesays.com\/ai\/wp-content\/uploads\/2026\/04\/landing-page-image-2-1024x576.png\")
<\/p>\n
Sovereign Public Cloud:\u00a0Full sovereignty features\u2014including data residency, encryption controls, and regulated environment management\u2014are available in all European regions, including Switzerland. No migration to separate datacenters is\u00a0required.\u00a0<\/p>\n
Sovereign Private Cloud:\u00a0For organizations needing maximum operational autonomy, Azure Local and Microsoft 365 Local enable workloads to run in customer\u00a0controlled\u00a0and on-premises hosted\u00a0environments, with consistent management and security.\u00a0<\/p>\n
Key Capabilities:\u00a0Data Guardian (Europe-based access approval and monitoring), External Key Management (customer-held encryption keys), and Regulated Environment Management (centralized sovereignty controls).\u00a0<\/p>\n
Open and Hybrid by Design:\u00a0Azure Arc enables unified management across\u00a0multi-cloud\u00a0and\u00a0on-premise\u00a0environments, supporting hybrid and multi-vendor\u00a0strategies.\u00a0<\/p>\n
Learn more:\u00a0Comprehensive Sovereign Solutions<\/a>\u00a0<\/p>\n 2. Where is data stored and who can access it?<\/p>\n For Swiss customers, data location and maximum control over where their data resides, how it is accessed and processed is non-negotiable. Microsoft provides multiple, layered safeguards:<\/p>\n Swiss cloud regions since 2019. We operate cloud regions near Zurich and Geneva so customers can keep data within national borders when needed, while also supporting disaster recovery regulatories.<\/p>\n EU Data Boundary means public\u2011sector and commercial customers in the EU\/EFTA (including Switzerland) can store and process customer data, pseudonymized personal data, and professional services data including Microsoft 365, Dynamics 365, Power Platform, and most Azure services within the EU\/EFTA regions. For some Azure services, customers follow documented configuration to obtain the professional services storage commitment. The EU Data Boundary now includes end-to-end AI data-processing in Europe.<\/p>\n Microsoft 365 Copilot expands in-country processing for Copilot Interactions to 15 countries by the end of 2026, including Switzerland.<\/p>\n No direct or unfettered government access. Microsoft reviews each government data request, discloses only when legally compelled, and limits any disclosure to specific accounts identified in a valid order. Our policies are detailed in our Government Requests for Customer Data Report.<\/a><\/p>\n We do not provide any government with encryption keys or the ability to break our encryption.<\/p>\n In addition to the EU Data Boundary, we provide European customers with multiple options for securing and encrypting their data. Our Confidential Compute <\/a>offerings in Azure eliminate the ability of third parties\u2014including Microsoft\u2014to access customer data by ensuring data is processed within a trusted environment the customer alone controls. We enable customers to create a \u201clockbox\u201d around their data across Azure, Dynamics 365, and Microsoft 365 by giving them the ability to review and approve before Microsoft accesses their data for customer and service support operations. We also enable customers to secure their data with encryption keys that they, not Microsoft, control with Azure Key Vault <\/a>and Purview Customer Key<\/a>. Our Microsoft Cloud for Sovereignty offers customers a range of other tools to secure data, protect against unauthorized access, and satisfy legal requirements.<\/p>\n European\u2011controlled operations. With Data Guardian, we will add an additional level of assurance by ensuring that only Microsoft personnel residing in Europe control remote access to these systems. Data Guardian adds additional human and technical oversight whenever engineers outside of Europe need access. All remote access by Microsoft engineers to the systems that store and process your data in Europe is approved and monitored by European resident personnel in real time and will be logged in a tamper-evident ledger.<\/p>\n For Microsoft 365 and select services, Customer Lockbox lets you review and approve engineer data\u2011access requests and audit related activities. For encryption keys, Azure Key Vault provides audit logs and insights so you can monitor key operations and set near real\u2011time alerts via Azure Monitor. Customers that require immutable, tamper\u2011proof audit trails for their own workloads can use Azure Confidential Ledger.<\/p>\n Defending Your Data commitment: We will challenge every government request for public sector or enterprise customer data where there is a lawful basis for doing so. We are committed to transparency regarding government data requests and publish regular, detailed reports on such requests.<\/a><\/p>\n 3. Do sovereignty controls require migration or reduce functionality?<\/p>\n With Microsoft Sovereign Public Cloud, you enable sovereignty controls across existing European regions\u2014no migration to separate datacenters required\u2014while keeping the full innovation pace of the public cloud. Sovereign Private Cloud gives customers even more control, but certain limitations apply.<\/p>\n Key capabilities designed for sovereignty:<\/p>\n Data Guardian for European\u2011controlled operations and access approvals.<\/p>\n External Key Management so you can keep encryption keys in your own HSMs (on\u2011premises or with a trusted third party).<\/p>\n Regulated Environment Management to configure and monitor all sovereignty controls in one place.<\/p>\n 4. What if full operational autonomy is required?<\/p>\n Some sectors need workloads to run in a physically controlled environment\u2014including connected, hybrid, or disconnected scenarios.<\/p>\n Azure Local brings Azure services into your locations for in\u2011country, on\u2011premises, or partner\u2011operated datacenters.<\/p>\n Microsoft 365 Local provides a validated architecture to run productivity workloads like Exchange Server and SharePoint Server on Azure Local with consistent management via Azure tools. Microsoft 365 Local is now generally available, bringing core productivity workloads\u2014Exchange Server, SharePoint Server, and Skype for Business Server\u2014natively to Azure Local. Azure Local now supports increased maximum scale to hundreds of servers, external SAN storage, and the latest NVIDIA GPUs.<\/p>\n 5.\u00a0Can we move our data?\u00a0<\/p>\n Sovereignty and data portability go hand in hand.<\/p>\n Open by design: Azure supports open standards, open\u2011source runtimes, and a broad partner ecosystem.<\/p>\n Microsoft\u2019s cloud services are designed for openness and flexibility. Customers can export their data at any time using well-documented processes and widely supported, industry-standard formats. There are no proprietary barriers that prevent you from moving your data or workloads to other platforms. This commitment to portability ensures you retain full control and freedom of choice\u2014without risk of vendor lock-in.<\/p>\n 6. Does Microsoft support open-source solutions?<\/p>\n Open Source enables Microsoft products and services to bring choice, technology and community to our customers. Sovereignty requires openness, and open standards and open-source technologies can be used throughout our infrastructure. According to the Open-Source Contributor Index (OSCI), Microsoft ranks #2 globally with 5,079 active contributors to date, and 11,217 total community members, with Microsoft as a foundational pillar of open-source innovation.<\/p>\n VS Code, one of the world\u2019s most popular developer tools with millions of users, is developed in Zurich\u2019s Wollishofen.<\/p>\n Learn more:\u00a0Microsoft Open Source<\/a>\u00a0<\/p>\n 7. What about resilience, governance, and security oversight in Europe?<\/p>\n We have formalized commitments so customers can plan for the long term.<\/p>\n Digital Resilience Commitment. We commit to contest any order to suspend or cease cloud operations in Europe using all legal avenues available, including pursuing litigation in court. This commitment is legally binding on Microsoft Corporation and all subsidiaries. Our digital resiliency commitments have been embedded into all relevant government contracts.<\/p>\n We will store back-up copies of our code in a secure repository in Switzerland, and we will provide our European partners with the legal rights needed to access and use this code if needed for this purpose.<\/p>\n European board oversight. We have established a European board of directors, composed of European nationals, exclusively overseeing all datacenter operations in compliance with European law.<\/p>\n European Security Program. We are expanding AI\u2011powered threat intelligence sharing, capacity\u2011building, and partnerships (including with Europol) for governments across the EU, EFTA, the UK, and others\u2014free of charge. We have also created a Deputy CISO role for Europe focused on evolving regulations such as DORA, NIS2, and the Cyber Resilience Act.<\/p>\n Global cybersecurity capabilities. Microsoft\u2019s security platform analyzes over 84 trillion threat signals daily, one of the largest and most diverse threat intelligence datasets in the world, to help protect customers in Switzerland and globally from evolving cyber threats. In 2024, Microsoft blocks over 7,000 password attacks per second and tracks more than 1,500 threat actors worldwide.<\/p>\n Learn more:\u00a0European Digital Commitments<\/a>\u00a0<\/p>\n 8. How can transparency and verification be ensured by default?<\/p>\n Trust Center. Our Trust Center centralizes certifications, audit reports, data\u2011protection documentation (including the DPA), and product\u2011specific compliance content.<\/p>\n Customers have the right to conduct an audit, provided the necessary conditions are met.<\/p>\n Government Security Program. For governments, qualified authorities can review Microsoft source code in secure Transparency Centers (including in Ireland).<\/p>\n Biannual transparency reporting. We publish detailed, global reports on government requests for customer data<\/a> and our responses.<\/p>\n We use industry-standard secure transport protocols like IPsec and TLS between datacenters and user devices. Data at rest benefits from double encryption, service-level encryption, and disk encryption. Azure Confidential Computing enables encryption even while data is being processed.<\/p>\n Microsoft commits to comply with all laws and regulations applicable to its providing of the products and services, including security breach notification law and data protection laws (including GDPR and Swiss data protection law).<\/p>\n 9. What is the CLOUD Act?<\/p>\n The CLOUD Act clarifies the circumstances under which US law enforcement may seek access to data, regardless of where it is stored. Microsoft\u2019s Law Enforcement and National Security team has published a CLOUD Act document<\/a> that clearly explains, what the act does \u2013 and does not \u2013 allow, grounded in law and Microsoft\u2019s transparency reporting. Here are some facts:<\/p>\n The CLOUD Act does NOT permit unfettered, bulk, or automatic government access to data. US law enforcement must meet strict legal requirements and obtain a warrant or court order subject to judicial approval. The law does not allow indiscriminate or bulk access to domestic or foreign data. To obtain a warrant or court order under US law, the government must prove to independent courts that there is reason to believe that evidence of crimes will be present in specified account data.<\/p>\n The CLOUD Act does NOT ignore foreign law. The law specifically recognizes a provider\u2019s right to bring a challenge based on conflicts with foreign law and the international principle of comity. The concept of comity, or deference to foreign law, is based on principles of courtesy, reciprocity, and mutual respect for the sovereignty of nations. Microsoft is committed to challenging any US requests that fail to respect digital sovereignty and conflict with foreign laws.<\/p>\n CLOUD Act requests for foreign enterprise data are NOT common\u2014and indeed are exceptionally rare. Microsoft\u2019s transparency reports<\/a> show that disclosures of foreign enterprise content data to US law enforcement constitute a mere 0.008% of the total number of demands that Microsoft has received eachaf year since the CLOUD Act was enacted, representing fewer than one out of every 10,000 demands.<\/p>\n The CLOUD Act does NOT permit the US to conduct economic espionage or access trade secrets of foreign companies. The US has a long-standing position of opposing any use of law enforcement or intelligence authorities to support the theft of intellectual property, including trade secrets or other confidential business information. Under US law, theft of trade secrets is subject to criminal prosecution with penalties of up to ten years in prison.<\/p>\n The CLOUD Act does NOT override technical controls like end-to-end encryption that protect digital sovereignty. Microsoft offers advanced encryption, data residency options, and customer-controlled encryption keys that provide customers with control of their data. Features like Azure Confidential Compute ensure that Microsoft is incapable of accessing data without customer assistance and consent. Microsoft does not provide any government with the ability to break our encryption.<\/p>\n Extraterritorial law enforcement access to data is NOT unique to the US. Many countries have laws and precedents that authorize their access to data stored in other jurisdictions. The Budapest Convention on Cybercrime and the UN Convention Against Cybercrime require parties to adopt laws to compel access to electronic records without regard to their location. This principle is also reflected in the EU e-Evidence Regulation, the laws of numerous EU Member States, Canadian law, UK law, and elsewhere.<\/p>\n The reach of the CLOUD Act is NOT limited to US companies. The law applies to any company that has \u201cminimum\u201d contacts with the US economy. Foreign cloud providers with any US presence, including those simply offering services over the internet in the US, may be subject to the CLOUD Act and required to turn over data to US authorities \u2013 regardless of where that data is stored. Eliminating exposure to US law would require relying on companies with no ties to the US economy, which would likely lack the global resources and expertise necessary to build and maintain world-class technology services.<\/p>\n 10. How is Microsoft investing in Switzerland?<\/p>\n We are scaling to meet Swiss demand while supporting skills, innovation, and sustainability.<\/p>\n USD 400 million investment (a<\/a>nnounced June 2, 2025)<\/a>\u00a0to expand AI and cloud infrastructure in Switzerland, including advanced GPUs.\u00a0<\/p>\n Serving 50,000+ customers,\u00a0including those\u00a0across regulated sectors such as finance and healthcare.\u00a0<\/p>\n Helping skill\u00a01 million people\u00a0by 2027 in AI and digital competencies.\u00a0<\/p>\n Renewable energy. To date, all electricity consumption in Switzerland has been covered by renewable energy purchases.\u00a0<\/p>\n Our 36-year presence has created a thriving ecosystem. 4,600+ Swiss partner companies employ tens of thousands of professionals.\u00a0<\/p>\n For every CHF Microsoft generates, our partner ecosystem creates\u00a08+\u00a0CHF of additional value<\/a>.\u00a0\u00a0<\/p>\n We\u00a0operate\u00a0the Spatial\u00a0AI Lab\u00a0in Zurich,\u00a0partner with ETH Zurich\u00a0(including a collaboration on AI Red-Teaming),\u00a0EPFL, Switzerland Innovation Parks, and Deep Tech Nation,\u00a0representing\u00a0real Swiss jobs, Swiss\u00a0expertise, and Swiss innovation capacity that strengthen economic competitiveness.\u00a0\u00a0<\/p>\n Read more:\u00a0Switzerland\u2019s Digital Future: Microsoft\u2019s Commitment<\/a><\/p>\n Learn more\u00a0\u00a0<\/p>\n Sovereign Cloud Capabilities (November 2025)\u00a0\u2192\u00a0Microsoft strengthens sovereign cloud capabilities with new services | Microsoft Azure Blog<\/a><\/p>\n European Digital Commitments\u00a0\u2192\u00a0https:\/\/blogs.microsoft.com\/on-the-issues\/2025\/04\/30\/european-digital-commitments\/<\/a>\u00a0<\/p>\n Sovereign solutions for Europe \u2192\u00a0https:\/\/blogs.microsoft.com\/blog\/2025\/06\/16\/announcing-comprehensive-sovereign-solutions-empowering-european-organizations\/<\/a>\u00a0<\/p>\n EU Data Boundary (completion)\u00a0\u2192\u00a0https:\/\/blogs.microsoft.com\/on-the-issues\/2025\/02\/26\/microsoft-completes-landmark-eu-data-boundary-offering-enhanced-data-residency-and-transparency<\/a>\u00a0\u00a0<\/p>\n Government Requests for Customer Data Report \u2192\u00a0https:\/\/www.microsoft.com\/en-us\/corporate-responsibility\/reports\/government-requests\/customer-data<\/a>\u00a0<\/p>\n Switzerland investment (June 2, 2025)\u00a0\u2192\u00a0https:\/\/news.microsoft.com\/de-ch\/2025\/06\/02\/microsoft-deepens-switzerlands-digital-future-with-strategic-investment-in-cloud-and-ai-infrastructure-startups-skilling-and-innovation\/<\/a>\u00a0<\/p>\n Defending your Data\u00a0\u2192\u00a0https:\/\/blogs.microsoft.com\/on-the-issues\/2020\/11\/19\/defending-your-data-edpb-gdpr\/<\/a>\u00a0<\/p>\n Advance European Commerce and Culture\u00a0\u2192\u00a0Unlocking data to advance European commerce and culture \u2013 Microsoft On the Issues<\/a>\u00a0<\/p>\n![\"\"](\"https:\/\/www.europesays.com\/ai\/wp-content\/uploads\/2026\/04\/landing-page-image-4-1024x576.png\")
<\/p>\n![\"\"](\"https:\/\/www.europesays.com\/ai\/wp-content\/uploads\/2026\/04\/MSFT_AI_Announcement_06-2-866x683.png\")
<\/p>\n