Swiss Urge Ditching Major US Cloud Services

Swiss Urge Ditching Major US Cloud Services

John Lister's picture
Submitted by John Lister on Mon, 01/05/2026 - 10:29

An group of Switzerland's data protection watchdogs has issued a stark warning to public sector organizations: steer clear of major cloud platforms like Microsoft 365, Google Cloud, and AWS. The guidance points to critical shortcomings in data encryption and conflicting legal frameworks as the main reasons for concern.

The group, named Privatim, says that the majority of software-as-a-service (SaaS) offerings lack robust end-to-end encryption. According to their findings, this gap could potentially allow providers to access data in a plaintext state, a vulnerability considered far too great for sensitive public records. (Source: theregister.com)

US Law Sparks Sovereignty Concerns

A key reason for this warning is the controversial US CLOUD Act. This American legislation legally requires US-based technology firms to provide user data to American authorities upon request, regardless of where that data is stored globally. This creates a direct clash with Switzerland's rigorous privacy regulations and its principles of national sovereignty.

The problem persists even if the data physically resides on servers within Switzerland. The US claims its jurisdiction extends across borders, casting a shadow of legal ambiguity over confidential government files. Privatim contends that by relying on these platforms, Swiss public agencies are effectively ceding control over citizen data. (Source: techradar.com)

Call for User-Controlled Encryption

In their official resolution, the Swiss data protection commissioners detailed several other fundamental issues with global cloud providers. They cited complex supply chains involving numerous third-party vendors, which can obscure data handling practices, and an inability for customers to independently audit whether security protocols are being followed.

Ultimately, the authorities outlined a single acceptable scenario for using these services: a public agency should proceed only if it implements its own encryption and maintains exclusive control over the cryptographic keys. This would effectively block the cloud provider from ever accessing the sensitive contents.

What's Your Opinion?

Do you think data location or the nationality of the cloud provider is more important for data security? Should governments exclusively use domestically-owned and operated cloud services for official business? Is it realistic for large organizations to manage their own encryption keys effectively?

Rate this article: 
Average: 5 (10 votes)
Category:
Security
Tags:
cloud provider
,
data
,
encryption
,
public

Comments

Chief's picture

Submitted by Chief on Mon, 01/05/2026 - 12:23

Governments need to pound sand.

They do not own my data or me or anything else.

eric's picture

Submitted by eric on Mon, 01/05/2026 - 14:15

"They cited complex supply chains involving numerous third-party vendors, which can obscure data handling practices, and an inability for customers to independently audit whether security protocols are being followed."

This is a problem with literally everything online.

doulosg's picture

Submitted by doulosg on Mon, 01/05/2026 - 15:57

Most players worthy of trust in this space will be large enough that they will have multiple global locations. The players seeking to retrieve the data surreptitiously won't care who or where the custodian is.

And current encryption technology will presumably become obsolete once quantum computing comes online.

And whether you or your government "own" your data is also irrelevant. Your data exists; it is vulnerable.

Need Help? Ask!

Dennis Faas

My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in technical support and cyber crimes with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).

We are BBB Accredited

We are BBB A+ Accredited!

We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.