I moved my digital stack to Europe
monokai.com890 points by monokai_nl 15 hours ago
890 points by monokai_nl 15 hours ago
For the past days I've been participating(albeit over Teams) in a conference relevant to my industry (intel), basically startups and established companies showcasing their products to a closed audience of EU gov. officials.
One thing I noticed right away, is that all companies were asked "Can we fully host this from within EU or our country" from the various people in audience. Every single one. Many of the startups had slides prepared for this.
Definitely a change, because it is not something I can recall being important just a couple of years ago.
> Definitely a change, because it is not something I can recall being important just a couple of years ago.
I work as a consultant and freelancer across a bunch of companies, some American but mostly European ones. Last ~8 months or so, the sentiment about "Hosting our data in EU or even our own country" has drastically changed, I don't think I've seen such a clear shift in public opinion so fast before. The amount of migrations I've helped moving data from US to EU already is higher this calendar year than all the other years of my career.
>I don't think I've seen such a clear shift in public opinion so fast before
Its not about public opinion, but rather data sovereignty requirements. Certain types of data must be processed within servers located in the EU, regardless of where the company's HQ is. That's why you see most SaaS platforms nowadays offer a EU-only version.
It is definitely also about public opinion and it is going to be translated into laws soon enough (i.e. governments mandate data sovereignty).
Recent erratic policies are having a profound effect on perception of US companies.
It has been brewing for a while.
https://www.euronews.com/next/2025/02/27/is-overreliance-on-...
>it is going to be translated into laws soon enough (i.e. governments mandate data sovereignty)
The laws are already there. That's my point.
His point is that those laws were basically ignored, until now.
The conversation started all the way back, with the Patriot Act, but until now the dynamic was roughly: politicians write lofty laws that pay lip service to data sovereignty, then add enough loopholes so that nothing has to change in practice, and nobody really cares.
Now people do care, and they don't want to use those loopholes. It's pretty obvious why things have changed.
There are no laws that force companies to store all (generic) data in Europe. If there were then the companies asking about migrations just now would already be in breach.
You’re probably thinking of PII (GDPR/EUDPR) and even there there are plenty of loopholes, creative interpretations, and “privacy shields”.
The push for sovereignty doesn’t just come from regulators, it comes from the companies themselves who lost trust in the US, and also from European providers who jumped on the opportunity to make a killing.
And then you've got a country like the US introducing the CLOUD Act, which "allow federal law enforcement to compel U.S.-based technology companies via warrant or subpoena to provide requested data stored on servers regardless of whether the data are stored in the U.S. or on foreign soil."
In other words: physical location isn't enough, the company's HQ being in the US is in itself already a massive risk.
The big American cloud companies are trying to get around this by offering their services via "independent" EU entities who aren't owned by the US company but still offer the exact same stack, but I bet most customers are just as unimpressed as I imagine US law enforcement is going to be.
Which is just wildly backwards. It is the same mindset of the cyberpunk "privacy advocates" of the early 2000s, move your stuff to Sealand or Switzerland.
The fundamental flaw with this plan is if your fear is genuinely of the United States, your data is far more protected inside the US. The intelligence community has no restrictions operating on foreign networks and servers.
Rather than go to a FISA court for approval, we just hack your box and take your data. Or ask a European intelligence service to use the much more lax laws to compel its disclosure.
Yes, data collection happens on US soil. But ask anyone who has worked on the inside how much of a pain it is to view or process USPER data.
>The intelligence community has no restrictions operating on foreign networks and servers.
there have been several bombshell revelations in the last 1-2 decades which indisputably show that the US intelligence community also has (effectively) no restrictions operating on US citizen networks and servers, and often does so with the direct help of US companies.
the legal standards are worthless when they can just be ignored without consequence. when the standards happen to work, just buy the data from the private sector.
secondly, these changes are also about mitigating any retaliatory decisions made when the US government gets upset at how tall another country's leader is, or whatever.
I wish I believed that they have to go to the FISA court for much of anything any more. Instead they go to Palantir and the like which simply buy the data and aggregate it. Very similar to the process of money laundering. And for the data that can't be bought there's the five eyes work around.
The fear is not "NSA is snooping on our customer data", it's "Trump has a beef with our premiere minister/president, and Jeff Bezos accepted Trumps request to turn off AWS from them" that's the fear.
We're far beyond the default assumption that NSA snoops on absolutely everything, and more about protection ourselves from trade wars, tariffs and similar blockages as what Microsoft did with the ICC.
Compelling Microsoft to turn off your Office 365 at least requires Microsoft to be complicit. Sovereign infrastructure didn't protect Venezuela or Iran.
> Sovereign infrastructure didn't protect Venezuela or Iran.
Imagine if the control plane of the Shahed drones were hosted on AWS.
What are you even talking about?
As an advocate (and practitioner) of European digital sovereignty, let me tell you, at least from my perspective, it has absolutely nothing to do with fear of US intelligence agencies spying on us, and everything to do with the catastrophic consequences of an unreliable and unstable American government pulling the plug on our vital infrastructure, or at least the very least weaponizing our dependency on American companies.
I live in Denmark, a country whose primary threat at the moment is the USA, and the thought of Donald Trump effectively having a kill-switch to our highly digitalized society is absolutely frightening. Reducing our dependence on American tech means that we are less vulnerable to a hostile power using it to extort us out of our territory. We cannot remove the threat entirely, but we can make the pain less extreme.
Other EU countries are also seeing things this way, that the US no longer has a stable government and is no longer a friendly country. Who cares about American spying when the real threat is your country being turned off?
As a Canadian who has been listening to the "51st state" wordvomit coming out of US administration your comment is very apt.
For some reason I can't fully grasp, a LOT of US citizens are ignorant to how the rest of the world is perceiving them at the current moment. There's countless US articles talking about US/Canada relations as if it is a trade dispute and that they think Canadians are eager to re-unite and go back to the way things were without ever addressing the threats to our sovereignty. Then you have comments like the parent to your post who is....wildly off the mark thinking that in a point of contention we'd prefer to keep our data on US controlled systems because their government would need to follow their own legal processes to acquire data of a foreign/hostile state??????
Is the rest of the world going to stop trying to immigrate here, though? ICE is still finding plenty of foreigners to detain and deport, who voluntarily set foot on US soil; there are still plenty of foreigners who are complaining about how hard it is to get a visa to work in the US where the pay or other conditions are better than where they live.
Indeed, the angrier the rest of the world is about the US, the more US citizens have to worry that that foreigners attempting to immigrate here for the long-term have a plan involving exercising influence on US politics from their position inside the country, in order to punish existing US citizens.
>the more US citizens have to worry that that foreigners attempting to immigrate here for the long-term have a plan involving exercising influence on US politics from their position inside the country, in order to punish existing US citizens.
I am not aware of any, but I would love to hear any and all plans to punish US citizens.
i find it amusing how you shoehorned US immigration issues/conspiracy into the above conversation
Can you sponsor GrapheneOS or fork Android similarly please? Maybe HMD should be working with GrapheneOS.
> Rather than go to a FISA court for approval, we just hack your box and take your data.
You are equating illegal behavior with legal behavior. We do what we can to avoid the legal ways the US government can access our data.
If you rely on services provided by the US, you are one signature away from the current president forbidding US companies to provide service to you. This could be extremely disruptive.
Well, there are also noises about the SaaS company preferably not being American. Apparently there's a US law that compels US companies to divulge data on their users even if the data is hosted outside of the US. (I'm not sure this wouldn't happen anyway, without such a law.)
Most nations can coerce information from corporate entities within their nation, even information that corporation holds outside said country. To what extents that coercion can hold will of course vary by local laws, customs and the people in charge. The US has a fairly large media footprint, not to mention it's actual physical size and outsized influence even then. So it is more covered and visible.
Inside the US, the biggest concerns similarly come with China, which I consider a bigger risk. For better or worse, if you're inside the US, you're probably better off holding as much of your presence as you can inside the US as EU requirements can actually be more harmful than helpful in terms of compliance. There are also certain protections and resistance you can take to less than formal (judicial warrant) requests. Only because if you hold an online presence in the EU, and are forced to violate EU laws, then you're in trouble on both sides.
I would assume similar in most cases, though the EU confederation is something I'm far less familiar with where national laws and EU laws conflict, etc. I'm more familiar with US state to federal structures.
> where national laws and EU laws conflict
EU doesn’t really have laws just directives and regulations it excepts every individual member to implement.
Sometimes there are disputes on the implementations that are then fought over in the eu courts but if the member county really doesn’t want to implement or follow them there really isn’t much outside of withholding funds eu can do. (For example see Hungary under Orban)
EU just doesn’t have the monopoly of violence like the federal government effective has in the US to enforce its will on the member states with force if necessary. EU quite literally doesn’t have a police or military force at all.
I remember when iCloud arrangements required by China was seen as draconian. Now it seems we're not far from people cheering for such laws elsewhere...
Exactly. I know of many public grants that you can’t get if you aren’t doing everything in the EU, and so many companies in the EU would cease to exist without these handouts.
It’s not something that the business owners want to do, but they are being forced to from above.
It is highly correlated to Trump, who has threatened to invade denmark not too long ago.
In Australia we have legislated it on multiple places, and it has become tied to things like privacy legislation and for that which isnt privacy related we defer to industry best practice - which is often discussed and published by national agencies in the tech and security space, which of course turns into "must do" actions by every government CISO and CDO/CIO.
It has been a headache for our vendors.
Surely there would have been mumblings in certain sectors of the EU since the first Trump administration?
It’s just that they started to execute now?
There been mumblings for as long as I've been a developer, I remember hearing about "EU data independence" first when the ePrivacy Directive came around, which must have been multiple decades ago at this point.
But yeah, in recent times the sentiment became more urgent. If I were to guess, with zero data in front of me and just judging by what I remember, I think the sentiment really changed first with the ICC blockade that happened last year, then it got really fueled on by the US threats to Greenland's sovereignty, I think that's when organizations and people really got stressed out about moving ASAP.
Around me, the threat to Greenland is what kicked the plans from “okay what mitigations should we envision?” to “alright, let’s go as far to actually run shadow ops to get acquainted with …” to full on move after the invasion.
Trump may genuinely end up being the best salesman European hosting companies ever had. I run one of the tools mentioned in this post (Bugsink) and I literally had an uptick of Danish people/companies (specifically) reaching out to me after Davos.
As someone who've basically started being known as "The guy who helps you move data out of US to Europe" in certain circles, I'm not complaining either :)
Yes, that was the thing that set off all the alarms. Trump 1 said a lot of things but had not completed the Hungary-fication of the US. Trump 1 was also before the Ukraine war!
I feel like the concern started getting popularised during the first Trump administration, because the US were overtly bullying the EU (and others of course). But the main change was that it was done overtly: before that the US has always been a big power trying to... say "defend the interests of the US" abroad. E.g. the US have been spying their allies forever. So I think it was more of a "they should stop bullying us in a few years", and indeed it went back to normal with Biden (again, "defending the interests of the US" and "leveraging their dominant position", which was kind of accepted).
The second Trump administration moved from "overtly bullying" to "behaving like a potential threat". In the second Trump administration, the US has used the tech monopolies against the EU and has become a military threat (not to mention the commercial war with tariffs). For many Europeans, it's not that the US are abusing their dominant position in negotiations anymore: it's that they are not an ally anymore. Not that they are seen as an enemy, but rather an unreliable partner who threatened to become an enemy.
I think that this is a very big shift, and that is why things are actually moving. And I don't think that this will change, because the risk of depending on the US monopolies has now materialised. That cannot be undone.
If even all the shenanigans from the US administration and essentially it threatening to invade European territory did not result in European companies and governments finally doing something about their digital sovereignty, then nothing but a declaration of war would.
Possibly, yeah. The thing is, there is a lot of inertia in Europe, because it is a union of 27 countries. It's not that one election can change it all.
Trump 2 is worse than Trump 1 by far from EU perspective. And it also proved that it wasn't a once-off that Americans will vote in someone who threatens to dismantle NATO, invade Greenland, or start trade wars with allies for no reason.
Let's face it. Trump 2 is about dismantling democracy. The administration radiates hostility and aggression to anything democratic. In the new national security policy the EU is the adversary of the US. If that isn't a wake-up call.
> Trump 2 is about dismantling democracy
Seems strange to me that not everyone, including republicans, aren't aware of this, when he's pretty outspoken about not wanting any more elections, and how "if you vote for me this time, it'll be the last time you have to vote".
If a presidential candidate anywhere else was openly talking about wanting to remove elections and democracy in the country (not to mention triggered an insurrection [?!]), I'm fairly sure they'd almost be automatically disqualified. Really strange situation all around.
>Seems strange to me that not everyone, including republicans, aren't aware of >this, when he's pretty outspoken about not wanting any more elections, and how >"if you vote for me this time, it'll be the last time you have to vote".
1) Puerto Ricans were called publicly on a Trump rally in New York, an "island of garbage" and they massively voted for Trump.
- Second generation Latinos, whose many parents, and grand parents and other close family are illegal immigrants, were repeatedly warned of what would happen, and its one of the constitutions, that massively voted for Trump...
- Trump continued to state, as late as 2024,that the Central Park Five were responsible for the 1989 rape of a woman in the Central Park jogger case, despite the five males having been officially exonerated in 2002. - Trump was a leading proponent of the debunked birther conspiracy theory falsely claiming president Barack Obama was not born in the United States - Trump and his company Trump Management were sued by the Department of Justice for housing discrimination against African-American renters.
Donald Trump made big gains with Black voters in 2024.
- Trump is a convicted rapist and felon, and is known 44 million women voted for him...
We are past strange, and we are in the phase of electorate deserves what they voted for.
If you find yourself with a view of reality that massively differs from others, you have two options.
(1) Assume they’re irrational, uninformed, and wrong, or
(2) Reconsider your priors and attempt to understand why they think the way that they do.
Let’s take the “island of garbage”. It was said by a comedian during his set. The Trump campaign stated “this joke does not reflect the views of President Trump or the campaign”.
The way that you framed it, however, was very careful to be true while also being misleading.
I think the viral quote "Dear America: You are waking up, as Germany once did, to the awareness that 1/3 of your people would kill another 1/3, while 1/3 watches." is probably pretty apt. The IRGC also has real support among the Iranian population. Putin clearly has strong support in Russia.
Generally, a lot of people are just not good people.