Many MSPs depend heavily on third‑party cloud providers. For organizations that see themselves aligned with the West, the preferred platforms are typically AWS, Azure, or Google Cloud. They often avoid Alibaba Cloud or Tencent Cloud because they fear data loss and government control.
Now, here’s the challenge: similar concerns are increasingly being raised about U.S.-headquartered cloud companies. Many organizations say they’re worried that the current U.S. administration does not appear fully constrained by existing agreements. Even when such agreements exist, the U.S. legal environment makes data sovereignty feel like a potentially moot point.
The Clarifying Lawful Overseas Use of Data (CLOUD) Act of 2018 includes a clause that allows the U.S. government to access data held on any platform owned by a U.S. company, regardless of where the data resides. Although the law includes safeguards—such as court‑approved warrants and probable cause—the global community has watched developments in the U.S. and is not confident that these safeguards offer strong protection.
Sovereign clouds and shifting global investment
Europe has responded by strengthening its own data protection approach. The EU’s General Data Protection Regulation (GDPR) is fundamentally at odds with the CLOUD Act, which has driven the EU and other countries to invest heavily in “sovereign cloud platforms.” The EU is expected to invest about $28 billion in these platforms by 2027, growing roughly 10 percent annually.
Beyond this, European banks are evaluating ways to reduce their dependency on Visa and Mastercard for similar reasons. Europe wants stronger control over the management of its data, and confidence in U.S. stewardship is declining.
AI, hyperscalers, and expanding data access
Cloud vendors themselves have added to these concerns. The large hyperscale platforms—and many smaller public clouds—are major players in the artificial intelligence (AI) market. AI requires massive amounts of data, and hyperscalers hold enormous volumes of it. Very little of this data actually belongs to the cloud providers, but that hasn’t prevented widespread scraping across their platforms. Legal cases have already emerged—and been won—showing that scraping has gone beyond public data and into copyrighted material.
Organizations are no longer viewing AI as an engine for entertainment or marketing alone. It is now a tool for nation‑state information dominance and, increasingly, a potential strategic weapon. This can lead to looser safeguards for AI vendors viewed as strategically important.
In the U.S., some vendors do not sell to the general commercial market but focus exclusively on government customers—both domestic and international. Their systems require access to massive datasets, including photographs and personal identifiers, which can be used to triangulate information and create detailed profiles. These can be used for targeted political messaging (as seen with Cambridge Analytica in the U.K. before it folded) or for criminal identification. There are even ongoing discussions about using AI in a “Minority Report”-style approach to identify children who may be more likely to commit crimes in the future.
What this means for MSPs
MSPs must discuss these issues openly with customers. As on‑premises AI becomes less viable, cloud‑based AI will dominate. This makes sovereign clouds appealing for organizations seeking AI without exposing their IP to foreign governments.
Acknowledging this “data‑drinking elephant” and guiding customers through the risks and realities will become an essential part of the MSP role moving forward.
Photo: Oliver Hewett / Shutterstock
This post originally appeared on Smarter MSP.
