Microsoft announces new European digital commitments

Includes datacenter operations in 16 countries and Digital Resilience Commitment.

Forty-two years ago, Microsoft released the very first version of Microsoft Word. It was a major milestone in the company’s journey to enhance people’s productivity through innovation. It also marked the young and growing company’s first big step in Europe with the first Microsoft product localized in multiple European languages, starting with German and French.

Since then, our economic reliance on Europe has always run deep. We recognize that our business is critically dependent on sustaining the trust of customers, countries, and governments across Europe. We respect European values, comply with European laws, and actively defend Europe’s cybersecurity. Our support for Europe has always been–and always will be–steadfast.

In a time of geopolitical volatility, we are committed to providing digital stability. That is why today Microsoft is announcing five digital commitments to Europe. These start with an expansion of our cloud and AI infrastructure in Europe, aimed at enabling every country to fully use these technologies to strengthen their economic competitiveness. And they include a promise to uphold Europe’s digital resilience regardless of geopolitical and trade volatility.

As a multinational company, we believe in trans-Atlantic ties that promote mutual economic growth and prosperity. ​We were pleased the Trump administration and the European Union recently agreed to suspend further tariff escalation while they seek to negotiate a reciprocal trade agreement. We hope that successful talks can resolve tariff issues and reduce non-tariff barriers, consistent with the recommendations in the recent Draghi report.

We will always be dedicated to creating jobs, promoting economic opportunities, and strengthening cybersecurity on both sides of the Atlantic. The five commitments below, like the very first European version of Microsoft Word, take our support for Europe another step forward.

1. We will help build a broad AI and cloud ecosystem across Europe

We recognize that European nations want and need a world class and broad AI and cloud ecosystem. Today, we are announcing plans to increase our European datacenter capacity by 40% over the next two years. We are expanding datacenter operations in 16 European countries. When combined with our recent construction, the plans we’re announcing today will more than double our European datacenter capacity between 2023 and 2027. It will result in cloud operations in more than 200 datacenters across the continent.

This expansion will play an important role in boosting Europe’s economic growth and competitiveness. We believe that broad AI diffusion will be one of the most important drivers of innovation and productivity growth over the next decade. Like electricity and other general-purpose technologies in the past, AI and cloud datacenters represent the next stage of industrialization. They are creating real-world capabilities to fuel business and manufacturing innovation, run national health systems, enable secure government services, and support digital tools in education—all while keeping data and operations close to home, subject to European laws and regulations.

Public cloud datacenters

Our public cloud datacenters are a foundation for the diversified cloud ecosystem we are committed to supporting across Europe. This includes the Microsoft Cloud for Sovereignty, a package of technologies and configurations to help governments and other customers run on Azure in our public cloud datacenters with greater control over data location, encryption, and administrative access.

Sovereign cloud datacenters

A second aspect of our diversified approach involves sovereign cloud datacenters. In France, Microsoft has partnered with Capgemini and Orange, who formed a joint venture named Bleu. Designed as a “cloud de confiance” (trusted cloud) platform, Bleu offers a broad range of Microsoft Azure cloud services and Microsoft 365 productivity tools operated under French control. In Germany, a similar sovereign cloud initiative is underway through a partnership between Microsoft, SAP, and Arvato Systems (a Bertelsmann IT subsidiary). This effort, through SAP’s subsidiary, Delos Cloud GmbH, is creating a sovereign cloud platform for the German public sector, hosted in German datacenters and operated by German personnel.

Support for European cloud providers

A third aspect of our work involves our collaboration with European cloud providers to offer Microsoft applications and services on their local cloud infrastructure. This partnership provides these European providers with the opportunity to run Microsoft applications on more favorable terms than we make available to Amazon and Google. Additionally, we are developing new technology and licensing solutions tailored for these European providers and the markets they serve.

Emerging options

Given recent geopolitical volatility, we recognize that European governments likely will consider additional options. Some of these may involve public financing to support European home-grown offerings. We recognize the importance of a diversified technology ecosystem, and we are committed to collaborating with European participants across the tech ecosystem.

Respect for European laws

Microsoft is investing tens of billions of dollars annually in expanding its datacenters across Europe. These investments aren’t on wheels. They are permanent structures and subject to local laws, regulations, and governments. Like every citizen and company, we don’t always agree with every policy of every government. But even when we’ve lost cases in European courts, Microsoft has long respected and complied with European laws.

We understand that European laws apply to our business practices in Europe, just as local laws apply to local practices in the United States and similar laws apply elsewhere in the world. This includes European competition law and the Digital Markets Act, among others. We’re committed not only to building digital infrastructure for Europe, but to respecting the role that laws across Europe play in regulating our products and services.

2. We will uphold Europe’s digital resilience even when there is geopolitical volatility

By building a European cloud for Europe, Microsoft is committed to helping Europe navigate the uncertain geopolitical and trade environment and better manage risk by strengthening the continent’s digital resilience. We will always strive to be a voice of reason that promotes mutual opportunities and stable ties across the Atlantic. We in fact believe that even amidst current trade and tariff disputes, there is a strong consensus in Washington supporting the sustained flow of digital services from the United States to Europe.

We also are listening closely to the views of European governments and leaders. We recognize that European countries, like nations everywhere, need to have rock-solid confidence in the digital infrastructure on which they rely. To ensure this confidence, we will take the following three steps:

A European cloud for Europe

Microsoft is headquartered in the United States, but we provide cloud services to Europe through corporate entities headquartered in Europe. To further cement the nexus between Microsoft and Europe, going forward our European datacenter operations and their boards will be overseen by a European board of directors that consists exclusively of European nationals and operates under European law.

A Digital Resilience Commitment

In the unlikely event we are ever ordered by any government anywhere in the world to suspend or cease cloud operations in Europe, we are committing that Microsoft will promptly and vigorously contest such a measure using all legal avenues available, including by pursuing litigation in court. By including a new European Digital Resilience Commitment in all of our contracts with European national governments and the European Commission, we will make this commitment legally binding on Microsoft Corporation and all its subsidiaries.

Microsoft has a demonstrated history of pursuing litigation when that has been needed to protect the rights of our customers and other stakeholders. This includes four lawsuits we filed against the U.S. Executive Branch during President Obama’s tenure, including to protect the privacy of our customers’ data in the United States and Europe. It also included, during President Trump’s first term, a successful decision before the U.S. Supreme Court to uphold the rights of employees who are immigrants. When necessary, we’re prepared to go to court.

We are confident of our legal rights to ensure continuous operation of our datacenters in Europe. And we are prepared to back this confidence with our contractual commitments to European governments.

Business continuity partnerships

Finally, we will designate and rely upon European partners with contingency arrangements for operational continuity in the unlikely event Microsoft were ever required by a court to suspend services. We are already enabling our partners in France and Germany to do this for the Bleu and Delos datacenters, and we will pursue arrangements for our public cloud datacenters in Europe. We will store back-up copies of our code in a secure repository in Switzerland, and we will provide our European partners with the legal rights needed to access and use this code if needed for this purpose.

3. We will continue to protect the privacy of European data

Microsoft has long been at the forefront in designing and implementing technology solutions to protect customer data. We enable customers to control where their data is stored and processed, how it is encrypted and secured, and when Microsoft can access it. We offer customers robust capabilities across the entire cloud stack from infrastructure to platform to software as a service, from Azure to Microsoft 365 to Dynamics 365. We back our technical solutions with strong contractual commitments and, as noted above, a demonstrated history of going to court on behalf of our customers.

The EU data boundary project

Reflecting our continuing commitment to innovation, we recently finished implementing our EU Data Boundary project. This offers European customers the ability to have their data stored and processed in Europe. Since January 2024, our European commercial and public sector customers have been able to store and process their data and personal identifiers for Microsoft core cloud services—including Microsoft 365, Dynamics 365, Power Platform, and Azure services—within the EU and EFTA regions. Three months ago, Microsoft completed the project by extending the EU Data Boundary to include professional services data from technical support interactions. And, critically, we make these solutions available in all our European cloud regions and throughout our tech stack, from IaaS, to PaaS, to SaaS, including M365 Copilot.

Additional security and encryption options

In addition to the EU Data Boundary, we provide European customers with multiple options for securing and encrypting their data. Our Confidential Compute offerings in Azure eliminate the ability of third parties—including Microsoft—to access customer data by ensuring data is processed within a trusted environment the customer alone controls. We enable customers to create a “lockbox” around their data across Azure, Dynamics 365, and Microsoft 365 by giving them the ability to review and approve before Microsoft accesses their data for customer and service support operations. We also enable customers to secure their data with encryption keys that they, not Microsoft, control with Azure Key Vault and Microsoft Purview Customer Key. Our Microsoft Cloud for Sovereignty offers customers a range of other tools to secure data, protect against unauthorized access, and satisfy legal requirements.

A strong legal track record

In addition to technical measures, we will continue our fight to protect the rights of European customers. Microsoft has a strong track record of going to court in the rare instances that we need to protect European data from unauthorized access. We have consistently fought legal demands that conflict with European law and have taken our challenges all the way to the Supreme Court of the United States. In 2018, as a direct result of litigation Microsoft brought on behalf of our European customers, the U.S. Congress enacted legislation that guarantees our right to object to U.S. law enforcement demands to access European data that conflict with EU law.

We codified our promise to protect our European customers’ data with our Defending Your Data commitment, in which we agreed to challenge any government demand for EU public sector or enterprise customer data where we have a legal basis for doing so. We have included that commitment in our customer contracts and backed it up with a promise to compensate customers if we disclose their data in violation of EU law.

New opportunities for innovation

Today we commit to further strengthen and expand solutions that allow European customers to control and protect their data. We are embarking on new steps to listen to and consult with European customers to build on what already is the most complete, widest range of privacy, security, and sovereignty solutions that any cloud services provider now offers to customers in Europe. We look forward to sharing in the coming months the conclusions that emerge and the new steps we decide to take.

For more details about Microsoft’s data protection and compliance programs, see the Microsoft Trust Center.

4. We will always help protect and defend Europe’s cybersecurity

As war erupted in 2022, Microsoft immediately helped evacuate Ukraine’s critical data and technology services to our datacenters across Europe. This move ensured Ukraine’s continued digital operation outside the range of cruise missile and air attacks. In many ways, this illustrates the role that a broad network of datacenters plays in supporting not only digital but broader resilience, both for a country and a continent.

Uninterrupted, world-class cybersecurity protection

In addition to safeguarding the country’s data, we immediately helped Ukraine’s officials and citizens defend their nation from Russian cyberattacks. Since the start of the war, Microsoft has provided more than $500 million of free technology and financial assistance to Ukraine and has sustained our substantial support to this day. Without interruption, we have provided cybersecurity support to NATO, Ukraine, and other European governments, including by sharing cybersecurity threat intelligence, protecting elections, and disrupting attacks against European governments, companies, and citizens.

New measures to protect against new threats

More than three years since the start of the war in Ukraine, European governments and countries confront ongoing cyberattacks from Russia, China, Iran, and North Korea. As these threats grow in number and sophistication, strong cybersecurity protection and coordination are more important than ever, as is the ability to respond rapidly to regional demands. That is why today we are announcing the following cybersecurity steps, which will be followed by additional announcements in the coming weeks.

A new Deputy CISO for Europe

Today, our Chief Information Security Officer (CISO) Igor Tsyganskiy announced that we are appointing a new Deputy CISO for Europe as part of the Microsoft Cybersecurity Governance Council. This senior executive will be dedicated to Microsoft’s security responsibilities in Europe. Last year we created this council, consisting of our Global CISO and Deputy Chief Information Security Officers (Deputy CISOs) representing each of our technology services. This Council oversees the company’s cyber risks, defenses, and compliance across regions and domains.

The appointment of a Deputy CISO for Europe reflects the importance and global influence of EU cybersecurity regulations and the company’s commitment to meeting and exceeding those expectations to prioritize cybersecurity across the region. This new position will report directly to Microsoft’s CISO. The Deputy CISO for Europe will be accountable for compliance with current and emerging cybersecurity regulations in Europe, including the Digital Operational Resilience Act (DORA), the NIS 2 Directive, and the Cyber Resilience Act (CRA). These laws will prove transformative not only in EU markets, but worldwide, and Microsoft is actively engaged in preparing for what lies ahead.

New security steps under the Cyber Resilience Act

We believe the CRA will reshape the regulatory landscape as a new gold standard for cybersecurity, much as the GDPR did for privacy. We will build on the work of our Secure Future Initiative and dedicate additional resources to comply with the CRA. As its deadlines approach, we look forward to continuing our years of engagement with the European Commission, industry partners, and customers on CRA implementation efforts. We are committed to our role as a member of the European Commission’s Expert Group on Cybersecurity of Products with Digital Elements.

To that end, Microsoft will continue to engage with stakeholders across a range of CRA topics. These will include incident and vulnerability reporting, security by design and default, cybersecurity best practices and improving open-source security and attestation. We will share our innovations that support implementing the CRA essential security requirements to help European economic operators also prepare for CRA compliance.

Security is the foundation of trust. To sustain that trust, we will engage an independent auditor to verify and validate our commitments to Europe. We know that people will only use technology that they trust, which is why we are dedicating resources to accelerate our compliance with the CRA and committing to independent validation.

5. We will help strengthen Europe’s economic competitiveness, including for open source

Our AI Access Principles

We recognize the importance of ensuring open access to our AI and cloud platform and infrastructure across Europe, including for open-source development. That is why we announced last year a set of AI Access Principles and we will introduce new enhancements to these commitments in the coming months.

Open access across Europe

These principles have ensured that our Azure AI platform and infrastructure is open to a variety of business models—both open-source and proprietary. We now host more than 1,800 AI models. Most of these models are open-source models, such as those from European-based AI developers Mistral and Hugging Face. And they are all available via public APIs to facilitate interoperability. This means that customers can choose which models to use and where to build their AI-powered solutions: on Azure, in another public cloud, or in their own datacenter. Finally, we enable customers to export and transfer their data. Last year we eliminated fees for the transfer of data when customers choose to switch to another cloud provider.

A foundation for European competitiveness

Over the past year, we have seen European startups, established businesses, and other organizations take advantage of the open access to models and tools that we provide to innovate, grow, and compete in the new AI economy. This includes technology startups such as Factorial in Spain to build AI-driven automation for HR professionals, iGenius in Italy to develop AI solutions for regulated industries, and Visma in Norway to provide AI solutions for companies in accounting, payroll, invoicing, and beyond. And it includes the Institute Curie in France to research new therapies for cancer, UBS in Switzerland to create the future of banking, and Heineken in The Netherlands to boost employee productivity.

Building European infrastructure for Europe’s future

We recognize that Microsoft must constantly remain focused on earning and sustaining our “license to operate” in each country across Europe. With datacenters and digital technology, this starts with each local community and country and includes officials with continental-wide responsibilities.

Since we first brought the first version of Microsoft Word to Europe 42 years ago, digital technology has changed the ways people work many times over. Yet as we look forward, we believe the second quarter of the 21st century may bring even bigger changes ahead. Artificial intelligence offers what may become the most powerful tool for people in the history of humanity. And like all tools, there will be some who will seek to turn it into a weapon.

More than ever, it will be critical for us to help Europe harness the power of this new technology to strengthen its competitiveness. We will need to partner with smaller and larger companies alike. We will need to support governments, non-profit organizations, and open-source developers across the continent. And we will need to listen closely to European leaders, respect European values, and adhere to European laws. We are committed to doing all these things well.

As we celebrated Microsoft’s 50th birthday earlier this month, we recognized that our longstanding presence in Europe has been a lynchpin of our success. Europe has treated us well. Our support for Europe has always been—and always will be—steadfast.