Risky Bulletin Podcast Summary

Episode Title: Between Two Nerds: Microsoft Embraces Digital Sovereignty
Host/Author: risky.biz
Release Date: June 30, 2025

Introduction

In this episode of Risky Bulletin, hosts Tom Uren and Garak delve into Microsoft's strategic shift towards supporting digital sovereignty in Europe. The discussion explores the implications of geopolitical tensions on cloud services, data privacy, and the broader tech ecosystem. The conversation is rich with insights into how major tech companies like Microsoft are navigating the complex landscape of international regulations and security concerns.

Microsoft’s New European Security Program

Tom Uren opens the discussion by highlighting Microsoft's recent launch of a security program tailored specifically for Europe. This initiative is a response to growing concerns about digital sovereignty among European nations.

Tom [00:11]: "This week, or maybe last week, Microsoft launched a new security program specifically tailored at Europe."

Garak probes further into the nature of these concerns, questioning whether they are purely European or influenced by other global powers like China.

Garak [00:56]: "Did you say Europe or China or... Because."

Tom clarifies that while China has long been concerned with digital sovereignty, Europe has recently intensified its focus on the matter.

Tom [01:01]: "Chinese have been concerned for a long time and it turns out that Europeans are now getting concerned."

Background and the ICC Sanctions Incident

A significant catalyst for Microsoft's new program is an incident involving sanctions imposed by the Trump administration on the lead prosecutor of the International Criminal Court (ICC). This sanction led Microsoft to suspend the prosecutor's access to Outlook, sparking debates about data control and sovereignty.

Garak [01:37]: "So he's lost access to his only Fans account which was linked to his Outlook."

Tom explains the irony of the situation, noting that the prosecutor faced sexual harassment allegations, which may have influenced the decision to suspend his Outlook access. However, this incident underscores the broader issue of relying on non-EU infrastructure.

Tom [01:55]: "Well, now he's using ProtonMail. But, the broader point is that from the European point of view, we can't have an organization that we endorse the ICC like its IT infrastructure."

This event highlights the European apprehension about third-party control over critical digital infrastructure, emphasizing the need for localized solutions.

Microsoft’s Response and Commitments

Garak inquires about Microsoft's reaction to the European Commission's discussions about potentially replacing Azure, indicating a competitive edge for Microsoft in addressing these concerns proactively.

Garak [02:32]: "So how is Microsoft taking that? Because I'm sure."

Tom references a post by Brad Smith, Microsoft's Vice Chair and President, detailing new commitments to Europe. These include building local data centers, ensuring data residency within Europe, and pledging not to hand over European data.

Tom [03:22]: "It talks about new Commitments to Europe. It mentions building local European data centers and the cloud ecosystem. It talks about keeping data in Europe. It talks about making commitments to not hand over that data."

Garak remains skeptical, questioning whether these commitments genuinely address the underlying concerns or are mere public relations efforts.

Garak [03:41]: "None of these are the problem, though. Yeah, keep going. It's just going to say, like, all of the things that he lists, that's nice, but none of them are, we will not turn off the accounts of people that upset Trump, essentially."

Tom mentions one of the solutions Microsoft is offering: the ability to run the Microsoft Stack in local data centers without Microsoft's direct input, though he expresses doubts about its practicality.

Tom [04:04]: "So one of the solutions they're offering is basically the ability to run Microsoft Stack in your own data center without Microsoft's input."

Despite reservations, Tom acknowledges Microsoft's aggressive approach to addressing digital sovereignty, seeing it as a strategic advantage over competitors like Google and AWS.

Tom [04:46]: "I think that doing this early, relatively early, compared to say, Google or AWS, is actually a really good move."

Comparisons with Other Tech Giants

The hosts compare Microsoft's strategy with the challenges faced by other tech giants like Google, Amazon, and Apple in similar geopolitical contexts.

Garak raises the question of whether companies like Google and Amazon will adopt similar statements and policies to reassure their European customers.

Garak [09:23]: "Do you think Google will do the same? That they'll come out with the same statement and sort of make the same sort of guarantees?"

Tom points out that while Microsoft has already enacted policy changes to handle sanctions and geopolitical pressures, other companies may still grapple with these issues due to lack of specific incidents triggering action.

Tom [10:50]: "So I guess it must have known that these things were coming published in late April about, you know, here are concerns that we're addressing, and they move."

The discussion further explores how companies like Apple handle account suspensions and data privacy in sanctioned scenarios, highlighting the complexities involved in balancing user privacy with geopolitical compliance.

Tom [12:47]: "Well, that's a way that encryption protects them, I think."

Garak [13:17]: "Right, but I mean, they sanctioned him specifically. Right. So surely if he has an iPhone, that would include it."

Digital Sovereignty Implications

The conversation shifts to the broader implications of digital sovereignty, emphasizing its persistent relevance and the necessity for states to develop resilient, localized tech infrastructures.

Tom [19:11]: "So at this point, to me it seems like digital sovereignty is never going to go away."

Garak supports this viewpoint, stressing that digital sovereignty aligns with national interests to control critical infrastructure and mitigate risks associated with external dependencies.

Garak [21:08]: "But yeah. It doesn't necessarily result in better security. Now they're at the point it's like we recognize that digital sovereignty is a thing. Here's all the ways that we will bend over backwards to help you..."

Tom reflects on the historical reluctance of big tech companies to support digital sovereignty due to cost and complexity, noting that Microsoft's current stance marks a significant shift in industry behavior.

Tom [19:25]: "Yeah, well, that's sort of against their interests. They don't want. Yeah, it makes sense. They would rather have everything in one place and it would just be easier for them..."

The hosts agree that while digital sovereignty was previously a contentious issue, it has become an unavoidable aspect of the modern digital landscape, compelling tech giants to adapt their strategies accordingly.

Conclusion

Tom and Garak conclude the episode by reiterating the enduring significance of digital sovereignty and the proactive measures companies like Microsoft are taking to align with European concerns. They acknowledge that while digital sovereignty presents challenges for both tech companies and states, it remains a critical component of national security and data privacy strategies.

Tom [22:03]: "Yep. Thanks. A little crochet."
Garak [22:06]: "Thanks a lot, Tom."

Key Takeaways

• Digital Sovereignty: A growing concern for Europe, emphasizing control over digital infrastructure and data residency.
• Microsoft’s Strategy: Proactively addressing digital sovereignty through local data centers, data protection commitments, and enabling on-premises deployments.
• Geopolitical Tensions: Incidents like the ICC sanctions highlight the fragility of relying on global tech infrastructures.
• Industry Comparisons: Other tech giants are yet to fully align with digital sovereignty mandates, potentially positioning Microsoft advantageously.
• Future Implications: Digital sovereignty is expected to persist, driving continued evolution in tech company policies and national security strategies.

Notable Quotes

• Tom [03:22]: "It talks about building local European data centers and the cloud ecosystem. It talks about keeping data in Europe."
• Garak [21:08]: "But yeah. It doesn't necessarily result in better security. Now they're at the point it's like we recognize that digital sovereignty is a thing."
• Tom [16:44]: "At the most extreme is you can run all our stuff on your own hardware."

This episode of Risky Bulletin provides a comprehensive analysis of Microsoft's engagement with digital sovereignty, offering listeners valuable insights into the intersection of technology, politics, and security in the European context.