Microsoft's enterprise cloud passes EU privacy standards
The company's services have been approved by 28 of the EU’s data protection authorities
Microsoft's enterprise cloud contracts have been certified by 28 EU data protection authorities as meeting privacy regulations.
The approval means Microsoft's customers can move data through its cloud from Europe to the rest of the world when using Microsoft Azure, Office 365, Microsoft Dynamics CRM and Windows Intune.
Brad Smith, General Counsel and Executive Vice President of Legal and Corporate Affairs at Microsoft said: "Europe's privacy regulators have said, in effect, that personal data stored in Microsoft's enterprise cloud is subject to Europe's rigorous privacy standards no matter where that data is located."
According to Microsoft, the company is the first in the world to receive recognition from all EU authorities.
Smith said: "Other companies talk about their commitment to comply with EU privacy law but we've enshrined that commitment in our contracts."
He explained that the new approval means if the EU suspends the Safe Harbor Agreement with the US, customer's services will not be disrupted and also, Microsoft will continue to develop its services to ensure they abide by EU regulations.
The Safe Harbor Agreement ensures data transferred between the EU and non-EU countries is happens safely, abiding to EU directives.
Smith explained: "Microsoft has done the technical and legal work to ensure our customers with European operations can legally move their data through our services. For customers who care about privacy and compliance, there is no more committed partner than Microsoft."
To ensure companies can make use of Microsoft's recently approval, the EU requires that customers complete an addendum to their current agreements and Microsoft has promised to roll this out quickly and efficiently so all its customers can make the most of the new recognition.
-
Why patching velocity matters as Claude Mythos supercharges vulnerability discoveryFrontier AI models such as Claude Mythos and GPT-5.5 make patching more urgent than ever. How can firms increase the velocity at which they apply fixes and mitigations?
-
The UK is running on fumes as data center build-outs can’t keep pace with demandNews The country's vacancy rate has dropped sharply, with much of the pipeline early-stage and uncertain
-
‘Reducing reliance on foreign tech infrastructure is key’ to European tech success – and its survivalNews MEPs have once again called for decreased reliance on foreign tech infrastructure
-
EU lawmakers want to limit the use of ‘algorithmic management’ systems at workNews All workplace decisions should have human oversight and be transparent, fair, and safe, MEPs insist
-
European Commission calls for cyber security proposalsNews With a special focus on healthcare, the Commission is looking to allocate €145.5 million
-
Forcing Apple to allow alternative app stores might cause major security risksAnalysis Apple will be forced to allow third-party marketplaces on its devices, but some experts have raised serious security concerns
-
Why bolstering your security capabilities is critical ahead of NIS2NIS2 regulations will bolster cyber resilience in key industries as well as improving multi-agency responses to data breaches
-
New EU vulnerability disclosure rules deemed an "unnecessary risk"News The vulnerability disclosure rules in the Cyber Resilience Act could also cause a “chilling effect” on security researchers
-
Are you ready for NIS2?WEBINAR Find out what you should be doing to prepare for the EU’s latest data protection regulation and UK equivalent with our free webinar
-
EU regulators are digging their heels in despite big tech’s Data Act pushbackAnalysis EU regulators are no strangers to big tech regulatory push back, so why do companies still persist?
