US CLOUD Act

The US CLOUD Act (Clarifying Lawful Overseas Use of Data Act) is a US law passed in 2018 that governs international access to data stored by US companies. It authorizes US authorities to access electronic data even if it is stored in data centers outside the United States, such as in Europe. The law applies to US-based companies and their subsidiaries globally.

At its core, the US CLOUD Act requires US companies to hand over data when requested by a US authority, even if the data servers are located outside the US, such as in Europe where the General Data Protection Regulation (GDPR) applies. This creates a conflict between US national law and international data protection regulations, posing significant legal and security challenges for companies.

For organizations that use international IT services, this conflict represents a potential risk to data security. International standards like GDPR can be undermined by the CLOUD Act, intensifying criticism and uncertainty, particularly within the EU. Security concerns mainly relate to sensitive data, such as that used in mobile device management.

To avoid the risks associated with the CLOUD Act, many organizations rely on European IT service providers. Solutions developed and operated entirely within the EU are subject solely to European data protection laws and are not affected by the US CLOUD Act. This ensures better control over corporate and user data.

The US CLOUD Act underscores the importance of choosing the right IT infrastructure to ensure data protection. Organizations benefit from solutions that minimize legal risks and comply with international data protection standards such as GDPR. This strengthens trust in modern IT systems and guarantees a high degree of data sovereignty.