Microsoft has finalized the EU Data Boundary for the Microsoft Cloud, a significant move to empower European businesses and give customers within the European Union greater control over their data.
This initiative ensures that both public sector and commercial customer data are now stored and processed within the EU and European Free Trade Association (EFTA) regions. This includes data from key Microsoft services like Microsoft 365, Dynamics 365, Power Platform, and most Azure services. The EU Data Boundary also extends to professional services data generated during technical support interactions for these core cloud services.
This milestone is the result of a massive undertaking, spanning several years and involving hundreds of product teams and thousands of developers across Microsoft. The EU Data Boundary underscores Microsoft’s commitment to offering cloud services that align with European values around transparency, privacy, and customer control. It’s one piece of a broader effort aimed at providing customers with a range of data residency solutions.
The EU Data Boundary rollout has been completed in three phases:
- Phase 1 (January 2023): Included the storage and processing of customer data for core services, including Microsoft 365, Dynamics 365, Power Platform, and Azure.
- Phase 2 (January 2024): Expanded the scope to include pseudonymized personal data.
- Phase 3 (February 2025): Ensured that professional services data from technical support interactions, including customer-provided logs and Microsoft’s support case notes, are also stored within the EU and EFTA regions.
For certain Azure services, customers may need to take additional steps to secure professional services data storage, as detailed here.
Microsoft’s commitment to Europe is long-standing, with over 40 years of operations in the region. Over the past 16 months, Microsoft invested over $20 billion in AI and cloud infrastructure across Europe to expand local options and cater to growing demand.
Microsoft offers numerous solutions to provide customers with data location control, supporting transparency, accountability, and data protection. These solutions include:
- Microsoft 365 Advanced Data Residency: Enables granular controls over the location of Microsoft 365 customer data.
- Microsoft Cloud for Sovereignty: Allows public sector customers to build and transform Azure workloads while meeting stringent sovereignty, compliance, security, and policy needs.
- European Cloud Principles: A commitment to ongoing innovation, transparency, and accountability to meet customer needs.
These efforts reflect Microsoft’s continued focus on supporting innovation, economic growth, and technological advancements in Europe as the region embraces a digital future.
Microsoft is deeply committed to cybersecurity, putting customer and digital ecosystem protection first. Through the Secure Future Initiative (SFI), security is integrated into every aspect of Microsoft’s operations. This global effort is key in fighting complicated cyberattacks, making the digital world safer for European customers and organizations worldwide.
In limited security incidents where a coordinated global response is needed, essential data may be involved in the transfer, but with strong safeguards. Microsoft is transparent in these cases, using encryption, access controls, and other robust protections. This global intelligence allows Microsoft to offer real-time alerts and threat response assistance. Customers are protected no matter where a threat originates.
Microsoft’s goal is to deliver secure, innovative cloud technologies that respect European values. The EU Data Boundary for the Microsoft Cloud is an example of its commitment to providing European organizations with tools to flourish in a secure cloud setting. Microsoft is dedicated to listening to customers worldwide and adapting to meet their unique needs.
Learn more about the EU Data Boundary for the Microsoft Cloud here.
