[yub]

If the law is believed to be unconstitutional, a US company can fight it in court. Otherwise, the company is required to comply with all laws applicable in the jurisdictions they operate. If there is a conflict, the US law has highest authority.

In this case, if GitHub EU is owned by Microsoft, a US company, GitHub EU still must follow US rules. On the flip side, while GitHub EU must follow GDPR, GitHub US would not be required to do so.

[sebazzz]

Are you sure? Isn't the point of Azure in Ireland that the US government won't be able to request data under the patriot act?

[yub]

Nope, the point of Azure in Ireland is to increase availability and decrease latency for EU clients. Microsoft challenged a warrant in 2013 to hand over emails stored in Ireland, but the SCOTUS vacated the rulings since it was moot by the CLOUD act of 2018, which allows the government to get data from US companies, no matter where the data physically is.

https://en.m.wikipedia.org/wiki/Microsoft_Corp._v._United_St...

https://en.m.wikipedia.org/wiki/CLOUD_Act

[def_true_false]

Huh. Azure used to have a special region in Germany (joint operation with Deutsche Telekom) but it seems they've killed it last year.