Sponsored by
Table of Contents
The Netherlands had signed a framework agreement with a German cloud provider in April.
The contract included a clause allowing immediate termination if the provider ever fell into non-European ownership.
Last week, a Dutch investigative magazine reported that Microsoft had already shared internal documents from two Dutch regulatory agencies with the United States House of Representatives. Names fully visible. Meeting minutes unredacted. Contact details intact.
The contract was signed before the leak. The leak confirmed why.
The two agencies involved were the Authority for Consumers and Markets and the Dutch Data Protection Authority. Their job is enforcing the EU's Digital Services Act, the law that requires platforms like Facebook, TikTok, and X to act against illegal content and disinformation. The US House Judiciary Committee, which has been investigating what American conservatives call tech censorship, requested the documents. Microsoft complied.
This is not a story about Microsoft acting in bad faith.
The US CLOUD Act requires American companies to hand over data when the US government demands it. It does not matter where the data is physically stored. It does not matter whose data it is. It does not matter which country's laws are supposed to be protecting the individuals involved. Microsoft had no legal mechanism to refuse.
The Dutch State Secretary for Digital Economy spoke directly with the US ambassador the following morning. Her public statement was precise: "If you have a problem, fight it out with us in Europe. Not against the backs of civil servants." The Dutch cabinet described the situation as extremely worrying and noted that the named officials could now potentially face travel bans or personal sanctions imposed by the United States. Real individual consequences for doing their jobs on European soil.
Cap table management that puts your business first
Managing your cap table doesn’t have to be complex. Pulley simplifies equity management for Founders and CFOs with intuitive workflows, accurate, audit-ready reporting, and predictable pricing—so you can plan and scale without surprises. Onboard in days, not weeks, and rely on responsive, expert support every step of the way.
From issuing grants to 409A valuations or ASC 718 reporting, Pulley gives you the clarity to manage equity, make decisions, and get back to work. Experience a platform built for business owners and finance teams: transparent, reliable, and designed to put your company first.
The mechanism here is not new. The ECB named it when excluding Amazon and Microsoft from the Digital Euro project. France cited it when banning Teams from the civil service. Germany cited it when rejecting Palantir for its military cloud. The CLOUD Act creates a structural condition: any data held by an American company is legally reachable by the American government, regardless of geography, regardless of local law, regardless of which regulator is supposed to be protecting it.
What changed last week is that the condition stopped being theoretical.
European regulators enforcing European law on European citizens had their internal communications delivered to a foreign legislature that actively opposes the law they are employed to enforce. The risk that sovereignty advocates had been describing in abstract terms now has Dutch civil servants' names permanently attached to it.
The Netherlands' response was not improvised. The Stackit contract, signed in April with the German cloud platform owned by the Schwarz Group, requires all data to be stored within the European Economic Area. The government retains full audit rights. The termination clause exists specifically to prevent the jurisdictional exposure the Microsoft leak just demonstrated. KPN and Thales are jointly building a dedicated sovereign military cloud under full domestic control. Dutch universities have formed a consortium to reduce American technology dependence across higher education. The Dutch parliament has passed eight separate motions calling for sovereign cloud infrastructure, re-examination of Amazon's contract to host the national internet domain, and preferential treatment for European firms in public procurement.
None of this was a reaction to Friday's news. All of it is now more politically urgent because of it.
Are you running your business on incomplete numbers?
Most business owners have financials. Few have financial clarity. BELAY's outsourced accounting team manages your books, tracks key metrics, and delivers timely reporting so you always know where your business stands — and what to do next.
For builders developing AI products or services for European clients, the procurement signal from this week is unambiguous.
European public sector contracts are moving toward explicit jurisdiction requirements. The question your clients' procurement teams are now asking is not whether to migrate but which European alternative meets their compliance timeline. The gap between that demand and available sovereign infrastructure is where the product opportunity sits. Compliance tooling, migration support, jurisdictional risk assessment, audit-ready data architecture. The Dutch parliament passed eight motions. None of them came with a finished product attached.
404 Found covers AI developments from a European Insider, three times a week.
Every consulting firm says brand matters.
Then the wrong slides end up in the next client deck.
SlideHub gives teams one place to work from, so approved content is easier to find, easier to trust, and easier to keep consistent across decks.