US CLOUD Act

The US CLOUD Act is a 2018 US law that lets US authorities access data held by US companies, regardless of where in the world that data is stored.

What is the US CLOUD Act?

The Clarifying Lawful Overseas Use of Data Act (CLOUD Act) is a US law from 2018. It obliges US companies to give US authorities access to stored data on demand, even when that data is held outside the USA.

Why is the US CLOUD Act relevant for European companies?

If a European company uses a US provider or its European subsidiary, the data can in principle fall under the CLOUD Act. An EU server location does not protect against this, because the law attaches to the provider's nationality.

The conflict with the GDPR

Access on the basis of the CLOUD Act can conflict with the GDPR, which strictly regulates the transfer of personal data to third countries. This creates a legal tension for companies.

How can companies protect themselves?

  • Choose providers that are subject exclusively to European law
  • No corporate ties to US companies
  • Encryption and clear control over the keys

SecureCloud as a sovereign alternative

SecureCloud is a German provider, operates its data centres in Germany and is subject exclusively to German and European law. As a result, the service is not subject to the US CLOUD Act and supports the data sovereignty of companies.

Frequently asked questions

Does the US CLOUD Act affect data in Europe?

Yes. If the provider is a US company, the CLOUD Act can also apply to data stored in European data centres.

Does a server location in Germany protect against the US CLOUD Act?

Not on its own. What matters is whether the provider is subject to US law. A German location under the control of a US group offers no reliable protection.

How do you avoid access under the US CLOUD Act?

By choosing providers that are subject exclusively to European law and have no corporate ties to the USA.

Erfahren Sie mehr!

Unsere Experten beantworten Ihnen gerne alle Fragen.

Elevating business.