[weberer]

>I don't think I've seen such a clear shift in public opinion so fast before

Its not about public opinion, but rather data sovereignty requirements. Certain types of data must be processed within servers located in the EU, regardless of where the company's HQ is. That's why you see most SaaS platforms nowadays offer a EU-only version.

[riccardomc]

It is definitely also about public opinion and it is going to be translated into laws soon enough (i.e. governments mandate data sovereignty).

Recent erratic policies are having a profound effect on perception of US companies.

It has been brewing for a while.

https://www.euronews.com/next/2025/02/27/is-overreliance-on-...

[weberer]

>it is going to be translated into laws soon enough (i.e. governments mandate data sovereignty)

The laws are already there. That's my point.

[toyg]

His point is that those laws were basically ignored, until now.

The conversation started all the way back, with the Patriot Act, but until now the dynamic was roughly: politicians write lofty laws that pay lip service to data sovereignty, then add enough loopholes so that nothing has to change in practice, and nobody really cares.

Now people do care, and they don't want to use those loopholes. It's pretty obvious why things have changed.

[close04]

There are no laws that force companies to store all (generic) data in Europe. If there were then the companies asking about migrations just now would already be in breach.

You’re probably thinking of PII (GDPR/EUDPR) and even there there are plenty of loopholes, creative interpretations, and “privacy shields”.

The push for sovereignty doesn’t just come from regulators, it comes from the companies themselves who lost trust in the US, and also from European providers who jumped on the opportunity to make a killing.

[tpm]

Not generic data, no. But there are laws for government data afaik.

[crote]

And then you've got a country like the US introducing the CLOUD Act, which "allow federal law enforcement to compel U.S.-based technology companies via warrant or subpoena to provide requested data stored on servers regardless of whether the data are stored in the U.S. or on foreign soil."

In other words: physical location isn't enough, the company's HQ being in the US is in itself already a massive risk.

The big American cloud companies are trying to get around this by offering their services via "independent" EU entities who aren't owned by the US company but still offer the exact same stack, but I bet most customers are just as unimpressed as I imagine US law enforcement is going to be.

[Longlius]

You mean like EU Chat Control?

[GJim]

Mate, if 'whataboutism' is your only defence, you are in a desperate place.

https://en.wikipedia.org/wiki/Whataboutism

[swiftcoder]

Just because one government tried to do a fascism, doesn't mean we should excuse all the others

[englishrookie]

Well, there are also noises about the SaaS company preferably not being American. Apparently there's a US law that compels US companies to divulge data on their users even if the data is hosted outside of the US. (I'm not sure this wouldn't happen anyway, without such a law.)

[tracker1]

Most nations can coerce information from corporate entities within their nation, even information that corporation holds outside said country. To what extents that coercion can hold will of course vary by local laws, customs and the people in charge. The US has a fairly large media footprint, not to mention it's actual physical size and outsized influence even then. So it is more covered and visible.

Inside the US, the biggest concerns similarly come with China, which I consider a bigger risk. For better or worse, if you're inside the US, you're probably better off holding as much of your presence as you can inside the US as EU requirements can actually be more harmful than helpful in terms of compliance. There are also certain protections and resistance you can take to less than formal (judicial warrant) requests. Only because if you hold an online presence in the EU, and are forced to violate EU laws, then you're in trouble on both sides.

I would assume similar in most cases, though the EU confederation is something I'm far less familiar with where national laws and EU laws conflict, etc. I'm more familiar with US state to federal structures.

[doikor]

> where national laws and EU laws conflict

EU doesn’t really have laws just directives and regulations it excepts every individual member to implement.

Sometimes there are disputes on the implementations that are then fought over in the eu courts but if the member county really doesn’t want to implement or follow them there really isn’t much outside of withholding funds eu can do. (For example see Hungary under Orban)

EU just doesn’t have the monopoly of violence like the federal government effective has in the US to enforce its will on the member states with force if necessary. EU quite literally doesn’t have a police or military force at all.

[tekknik]

US states follow US federal law for much of the same reason, because the federal government will withhold funds. We do not use our military to force states to comply with federal law. There’s an entire court system to handle governors who ignore federal law.

“Threat of violence”…lmao

[doikor]

> There’s an entire court system to handle governors who ignore federal law.

And if there wasn’t a federal police force (or national guard put under federal control in the more extreme end) to enforce those decisions of such court would they matter in the more extreme cases?

EU cut Orbans funding and still he kept doing what he was doing and as there is no way to for EU to enforce its decisions beyond that he kept doing it until voted out of office.

That is a massive difference between the 2 systems. In EU the individual states are truly independent in that EU can’t force them to do anything.

For the record EU also has the courts etc but when they rule against a country it is pretty much reliant on the courty going “ok I will pay” as the court doesn’t have any means to actually enforce its decision.

Also there is 9 member states in EU that pay more then they receive from the EU so withholding funds from them will just lead to them not paying their fees. Obviously US has states like this too.

[embedding-shape]

> We do not use our military to force states to comply with federal law.

Isn't the National Guard in the US considered to be a part of the military? I seem to recall that they were federalized/deployed at least twice recently, because supposedly state-actors/police didn't do enough to combat violence, or to protect federal workers or something like that?

Also, hasn't the current administration threaten to deploy the National Guard even more times, because the states are not following what the administration believes are the federal laws? Or what was the reason for those "threats"?

[tracker1]

A National Guard's chain of command has the Governor of the state as the head of each State's National Guard. There are conditions where command can temporarily be redirected under federal control, but those are somewhat limited in practice. Usually even under certain emergencies, the technical command structure is still at a state level.

There are a lot of reasons behind some of these distinctions, and some interesting history. But the National Guard kind of serves as the official Militia for each given state... But is far from the coverage meant for what a militia should be when compared to say the first militia act under US law.

Edit: regarding any requests/threats of use... it's generally voluntary use of guardsmen from a state whose governor is friendly to the federal/presidential administration. Hence seeing national guard deployed from one state in order to handle what the president considers an emergency in another state when that state refuses a request.

[dsl]

Which is just wildly backwards. It is the same mindset of the cyberpunk "privacy advocates" of the early 2000s, move your stuff to Sealand or Switzerland.

The fundamental flaw with this plan is if your fear is genuinely of the United States, your data is far more protected inside the US. The intelligence community has no restrictions operating on foreign networks and servers.

Rather than go to a FISA court for approval, we just hack your box and take your data. Or ask a European intelligence service to use the much more lax laws to compel its disclosure.

Yes, data collection happens on US soil. But ask anyone who has worked on the inside how much of a pain it is to view or process USPER data.

[john_strinlai]

>The intelligence community has no restrictions operating on foreign networks and servers.

there have been several bombshell revelations in the last 1-2 decades which indisputably show that the US intelligence community also has (effectively) no restrictions operating on US citizen networks and servers, and often does so with the direct help of US companies.

the legal standards are worthless when they can just be ignored without consequence. when the standards happen to work, just buy the data from the private sector.

secondly, these changes are also about mitigating any retaliatory decisions made when the US government gets upset at how tall another country's leader is, or whatever.

[vajrabum]

I wish I believed that they have to go to the FISA court for much of anything any more. Instead they go to Palantir and the like which simply buy the data and aggregate it. Very similar to the process of money laundering. And for the data that can't be bought there's the five eyes work around.

[deaux]

Huh? They buy the data themselves from data brokers, no need to go through a middleman.

[Unfunkyufo]

As an advocate (and practitioner) of European digital sovereignty, let me tell you, at least from my perspective, it has absolutely nothing to do with fear of US intelligence agencies spying on us, and everything to do with the catastrophic consequences of an unreliable and unstable American government pulling the plug on our vital infrastructure, or at least the very least weaponizing our dependency on American companies.

I live in Denmark, a country whose primary threat at the moment is the USA, and the thought of Donald Trump effectively having a kill-switch to our highly digitalized society is absolutely frightening. Reducing our dependence on American tech means that we are less vulnerable to a hostile power using it to extort us out of our territory. We cannot remove the threat entirely, but we can make the pain less extreme.

Other EU countries are also seeing things this way, that the US no longer has a stable government and is no longer a friendly country. Who cares about American spying when the real threat is your country being turned off?

[TheCapn]

As a Canadian who has been listening to the "51st state" wordvomit coming out of US administration your comment is very apt.

For some reason I can't fully grasp, a LOT of US citizens are ignorant to how the rest of the world is perceiving them at the current moment. There's countless US articles talking about US/Canada relations as if it is a trade dispute and that they think Canadians are eager to re-unite and go back to the way things were without ever addressing the threats to our sovereignty. Then you have comments like the parent to your post who is....wildly off the mark thinking that in a point of contention we'd prefer to keep our data on US controlled systems because their government would need to follow their own legal processes to acquire data of a foreign/hostile state??????

[frm88]

For some reason I can't fully grasp, a LOT of US citizens are ignorant to how the rest of the world is perceiving them at the current moment.

Lets help them via visualisation: from rank 30 to 48 in just one year

https://www.visualcapitalist.com/ranked-countries-with-the-b...

[deaux]

This becomes even more striking if you look at who they surveyed:

> They asked citizens across the G7 (Canada, France, Germany, Italy, Japan, the U.K., and the U.S.)

They're not even asking those from the half of the world that has been bombed or coup d'etated by the US in the last half century. They're asking those who should on paper dislike the US the least.

People from those countries ranking the US below India, Mexico, South Africa and Turkey is quite something. Israel coming in at 55th out of 60, below Saudi Arabia, is also fantastic proof of how incredibly unrepresentative these "representative democracies" are of their populace. The US and Germany are even 2 of the 7 surveyed countries! Without them I wouldn't be surprised if they came in last, under Iran and China.

[tekknik]

For some reason I cannot grasp Canadians think the US citizens think about them at all. We may as well not have a northern neighbor, all that most of us think exist between Michigan and Alaska is snowy wilderness.

[1123581321]

The parent to their post was saying your risk assessment of which country should host is incorrect, given who you believe to be your biggest threat, i.e. your preferences are not aligned with reducing your risk.

[_carbyau_]

Can you sponsor GrapheneOS or fork Android similarly please? Maybe HMD should be working with GrapheneOS.

[embedding-shape]

The fear is not "NSA is snooping on our customer data", it's "Trump has a beef with our premiere minister/president, and Jeff Bezos accepted Trumps request to turn off AWS from them" that's the fear.

We're far beyond the default assumption that NSA snoops on absolutely everything, and more about protection ourselves from trade wars, tariffs and similar blockages as what Microsoft did with the ICC.

[tekknik]

So you’re scared of losing AWS? What about the ability to have global IP space? That’s still firmly in US control.

[embedding-shape]

Businesses are scared to lose access to data hosted at US entities, because this recently happened, so they have good reason to fear something like that.

AFAIK, the US has never done that with IP space, but if we did see evidence of that, then you'd see similar worries about that for sure. But I think most of us see it as pretty implausible to happen, since the consequences of such move would be huge, and would probably end the internet as we know it today.

[deaux]

The US won't want to do that because China will have an alternative ready within a day and every China-friendly country will migrate to it. Now US leadership is demented, luckily they've never heard of IPs and I really don't believe it would happen. I think the likelihood of them starting WW3 is more likely than using IPs for power games.

[dsl]

Compelling Microsoft to turn off your Office 365 at least requires Microsoft to be complicit. Sovereign infrastructure didn't protect Venezuela or Iran.

[MadxX79]

Karım Kahn at the International Criminal Court would like a word about that.

[jurgenburgen]

> Sovereign infrastructure didn't protect Venezuela or Iran.

Imagine if the control plane of the Shahed drones were hosted on AWS.

What are you even talking about?

[surgical_fire]

If you rely on services provided by the US, you are one signature away from the current president forbidding US companies to provide service to you. This could be extremely disruptive.

[eCa]

> Rather than go to a FISA court for approval, we just hack your box and take your data.

You are equating illegal behavior with legal behavior. We do what we can to avoid the legal ways the US government can access our data.

[antonvs]

I think their point is that that behaviour is legal from a US perspective, when the target of a US government investigation is outside the US.

[tarun_anand]

So probably makes sense to host on EU headquartered companies

[garaetjjte]

I remember when iCloud arrangements required by China was seen as draconian. Now it seems we're not far from people cheering for such laws elsewhere...

[deaux]

The people calling those draconian had always been very naive - and 99% of them American, as such incentivized to take that stance. It was the right thing to do since day 1 and the people with more of a long-term vision outside the US have always been advocating for such things. While China is the most extreme, there are other countries which have also understood this importance of sovereignty and been smart enough to at least demand/construct meaningful degrees of it. Mostly in Asia and the Middle East. Not a single EU country was among them, which is why they're now scrambling.

[bcye]

I disagree, enforcement on data laws in the EU is extremely lacklustre.

[embedding-shape]

Compared to what other enforcements of any data laws?

[ftmootnomoat]

It is highly correlated to Trump, who has threatened to invade denmark not too long ago.

[eowln]

Exactly. I know of many public grants that you can’t get if you aren’t doing everything in the EU, and so many companies in the EU would cease to exist without these handouts.

It’s not something that the business owners want to do, but they are being forced to from above.