During his recent trip to Brussels, Microsoft’s Brad Smith promised to protect European interests from geopolitical uncertainty, including potential US interventions. He stressed that Microsoft’s survival relies on the trust of its European customers and governments. Those who heard his speech might have left feeling hopeful, but they could also be waiting for real proof of his commitments.
Then came the news that the head prosecutor of the International Criminal Court (ICC), Karim Khan, had his Microsoft email services suspended due to US sanctions. These sanctions were imposed after the ICC investigated key Israeli figures. The details behind those sanctions aren’t the focus here; what matters is how the service suspension reveals Microsoft’s willingness to comply with US demands, undermining Smith’s earlier assurances.
Khan’s disconnection isn’t just a minor incident; it echoes beyond the ICC, making anyone using or considering Microsoft’s cloud services think twice. The fallout from this decision is serious—immediately following the news, the Dutch government began exploring non-Microsoft alternatives. Other suppliers have reported a rise in requests for data backups, and concerns are spreading through Germany and the Nordics.
While most users probably won’t see arbitrary service shutdowns, Microsoft needs to tread carefully. It earns about a quarter of its global revenue from Europe, so harming that market would be reckless. Still, the damage to public sector confidence may already be significant. Governments prefer to control their own data, and when a long-trusted vendor seems beholden to a foreign government, they instinctively start scouting for alternatives.
The risk for Microsoft is that those “just-in-case” alternatives can quickly become new go-to solutions. A few departures can snowball into a larger trend. These governments are likely to follow each other if they sense a need for change.
No one expects an immediate mass exodus. Still, Microsoft users are discussing other options now, which should concern the company. There have long been worries that US-based cloud providers might face pressure to disclose customer information. Until now, promises from companies like Microsoft seemed reassuring, but with this incident, doubts have resurfaced.
To regain access to his email, Khan switched to Proton Mail, a Swiss encrypted service known for its privacy. While Proton Mail has its own government obligations, the information it must share is limited. Khan may have sacrificed some usability for better protection from US influence, a trade-off that others might consider in the future.
This incident illustrates a critical lesson: trusting cloud providers with your data isn’t always straightforward, no matter what assurances they offer. In this case, Microsoft’s actions spoke far louder than Smith’s promises.