Why true data sovereignty does not depend on the server location
Many companies choose large cloud providers because they operate data centers "in Switzerland" or "in Europe." The impression: if you store your data locally, you are also legally on the safe side.
However, this assumption is deceptive – and can bring significant legal and reputational risks for Swiss companies.
A clear statement before the French Senate
On June 10, 2025, Anton Carniaux, General Counsel of Microsoft France, confirmed before the French Senate what data protection experts have been emphasizing for years:
The physical location of a US provider's data center does not protect against access by US authorities.
When asked directly whether French state data held by Microsoft was safe from being passed to US authorities, the answer was unmistakable: No.
This statement is not a political opinion, but the logical consequence of current US law.
The US CLOUD Act: The provider is the deciding factor
US companies like Microsoft, Amazon Web Services (AWS), or Google Cloud are subject to the US CLOUD Act. This obliges US companies to disclose data to US authorities – regardless of where the data is physically located.
- Data disclosure can be requested even if stored outside the USA
- Information or consent from the affected customer is not necessarily required
- The decisive factor is the legal affiliation and control of the provider, not the flag on the data center
The difference at CURIAWEB
Customer data at CURIAWEB is not subject to the US CLOUD Act because our company is based exclusively in Switzerland with no US parent company.
Next steps with CURIAWEB
- Web hosting in Switzerland: curiaweb.ch/webhosting
- Domains (CH & international): curiaweb.ch/domains
- WordPress Hosting: curiaweb.ch/wordpress-hosting
