TZUTC: -0500
MSGID: 1763.consprcy@1:2320/105 2d943c00
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
Swiss government urges people to ditch Microsoft 365 and others due to lack 
of proper encryption

Date:
Tue, 02 Dec 2025 10:20:00 +0000

Description:
A lack of E2EE and sufficient transparency has Switzerland worried about
American hyperscalers.

FULL STORY
======================================================================
 - American hyperscalers adhere to the US Cloud Act, which goes against Swiss
beliefs
 - Privatim is advocating for true E2EE and more transparency across the chain
 - American hyperscalers are acceptable if customers can encrypt their own data

Swiss data protection officers have warned public bodies not to use cloud
services from industry hyperscalers Microsoft, Amazon, and Google, due to a
lack of true end-to-end encryption. 

This comes as many SaaS vendors, especially those falling under the US Cloud
Act, could be required to hand over data to US authorities, even if its 
stored in Switzerland. 

Cloud providers were also criticized for not offering sufficient transparency
to verify security, with long chains of external service providers further
complicating data security.

Switzerland warns against using Microsoft 365, AWS, and Google Cloud

Privatim, the Conference of Swiss Data Protection Officers, also warned that
using SaaS means a significant loss of control for public bodies, meaning 
they cannot influence risks to citizens fundamental rights. 

Ultimately, Privatim says that international SaaS providers should not be 
used for highly sensitive or confidential data unless the government can
encrypt the data itself, and the provider cannot access the keys. 

Switzerland is already known for its strict data privacy laws, and a Swiss
Data Protection Act revision in September 2023 adds further requirements for
cross-border data disclosures and more. 

The US Cloud Act goes against Swiss standards for privacy and sovereignty,
particularly because even data thats hosted in a Swiss region is not immune
from the US Cloud Act. 

Unrelated to this latest warning, Switzerland already has its own, home-grown
alternative to Big Tech. Proton has quickly gained itself a name for strong
security  the company cannot access user data, even if it were required to by
law. 

Besides using Swiss and EU infrastructure and adhering to Swiss law, Proton
also offers client-side encryption (CSE) and open sources the parts that dont
need to be protected. 

Being that three American hyperscalers account for around two-thirds of the
cloud market, not only does this make finding a suitable and compliant
alternative slightly more challenging, but it represents significant growth
opportunities for those companies if European data privacy trends continue. 

======================================================================
Link to news story:
https://www.techradar.com/pro/security/swiss-government-urges-people-to-ditch-
microsoft-365-and-others-due-to-lack-of-proper-encryption

$$
--- SBBSecho 3.28-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470
SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426