Il documento (in tedesco) da cui è scaturito il tutto è questo: https://fragdenstaat.de/anfrage/gutachten-zu-zugriffsmoeglichkeiten-von-us-a... Un'articolo descrittivo (in inglese) è questo: => "Academics advise German gov: almost no way to stop US accessing cloud data" A newly-released expert opinion suggests Germany was worried just before Donald Trump took office, and with good reason. source: https://www.thestack.technology/academics-advise-german-gov-almost-no-way-to... ========================================================================= A month before Donald Trump took office, Germany's Ministry of the Interior asked experts at the University of Cologne to determine if German data on the cloud could be kept out of the reach of US intelligence agencies and law enforcement. A document released this week under a freedom of information request [1] shows, it received a fairly straightforward response back in March: not really, no. Even data stored on servers physically located on German soil and operated by a German company may be exposed to the jurisdiction of US courts, if that company so much as has a website that can be accessed in the USA. (However, this only applies to cases of specific personal jurisdiction which limits prosecution.) In the following months, Microsoft, Google, and AWS all sought to set up structures they said would satisfy the data sovereignty requirements of EU countries. With no changes in the multi-layered American legal framework to access data, though, the formal advice solicited by the German government suggests these efforts could be in vain. Extraterritorial reach According to the FOI request [2], Researcher Moritz Schneider launched a request for the expert opinion in October, after it was referred to in an academic journal, and on Tuesday the interior ministry released a lightly-redacted version the legal opinion. The document shows that, in late 2024, the German government wanted to specifically know if US intelligence agencies could legally get at cloud data – and if hyperscalers could legally preclude themselves from accessing such data, either through encryption or by way of German subsidiaries. The Cologne university's faculty of law (via experts whose identities were redacted) thought not. Between a Reagan-era executive order allowing covert operations and more modern rules requiring access to evidence, they said, a US company would likely have no legal way to resist a US government attempt to access any information it could access, or over which it has control by way a subsidiary. Being party to the encryption of data for which it does not hold the keys could technically work, the experts said, and could also see the hyperscaler face legal sanction for what amounts to evading responsibility. US extraterritorial reach could extend to not only German subsidiaries of US companies, but to German-native companies with only the barest connection to the USA, said the legal scholars. However, the researchers said these possibilities were dependent on the specific case. A German company that offers services to US customers could face access demands, they said – simply by operating a website from which Americans are not specifically excluded. Hyperscaler promises In June, Microsoft announced an update to its EU sovereign-data offering [3] to ensure that European-resident employees must authorise access to data by non-European engineers, with servers under the control of a subsidiary with only European directors. Neither of those measures would make any accessible data proof against US demands, according to the German opinion; as long as Microsoft has control over the staff, servers, or subsidiary, all would be within the reach of the US justice system. Microsoft also said data on Azure could be encrypted via external key management, with the keys hosted on hardware security modules (HSMs) that could be anywhere, including on the customer premises. In such a case, the German analysis suggests, Microsoft would still be liable to hand over any metadata it can access, while facing tough questions and possible sanction for enabling the encryption. In July, the General Counsel of Microsoft France told French courts [4] that the company could not guarantee they would not had over European data to US authorities if a legitimate request was made. However, the lawyer added that situation had never occurred. Also in June, AWS promised a "built, operated, controlled, and secured in Europe" cloud option [5] that is "subject to local laws." German-resident subsidiaries would keep both data and metadata in the EU, Amazon said, with a fully EU-citizen management and oversight board, and the ability to operate indefinitely in isolation if it should be disconnected from the rest of the AWS cloud. As with Microsoft, Amazon's operational control over those subsidiaries and their employees would still give the US theoretical access to data, according to the German opinion. In November, Google held a Digital Sovereignty Summit in Munich [6]. It has been selling "disconnected cloud services" [7] on the continent, providing air-gapped solutions for NATO [8] and the UK Ministry of Defence [9]. Those systems allow for the use of its advanced tools in an environment entirely under the control of the client, Google said – by dint of being on-premises and entirely disconnected from the internet. [1] https://fragdenstaat.de/anfrage/gutachten-zu-zugriffsmoeglichkeiten-von-us-a... [2] https://fragdenstaat.de/anfrage/gutachten-zu-zugriffsmoeglichkeiten-von-us-a... [3] https://blogs.microsoft.com/blog/2025/06/16/announcing-comprehensive-soverei... [4] https://www.senat.fr/compte-rendu-commissions/20250609/ce_commande_publique.... [5] https://www.aboutamazon.eu/news/aws/built-operated-controlled-and-secured-in... [6] https://cloud.google.com/events/digital-sovereignty-summit-munich?hl=en&ref=... [7] https://www.googlecloudpresscorner.com/2023-03-15-Proximus-and-Google-Cloud-... [8] https://www.googlecloudpresscorner.com/2025-11-24-NATO-and-Google-Cloud-Sign... [9] https://www.googlecloudpresscorner.com/2025-09-11-Google-Cloud-Awarded-Landm... ========================================================================= Bye, DV -- Damiano Verzulli e-mail: damiano@verzulli.it --- possible?ok:while(!possible){open_mindedness++} --- "...I realized that free software would not generate the kind of income that was needed. Maybe in USA or Europe, you may be able to get a well paying job as a free software developer, but not here [in Africa]..." -- Guido Sohne - 1973-2008 http://ole.kenic.or.ke/pipermail/skunkworks/2008-April/005989.html