How Microsoft is addressing digital sovereignty in Switzerland

Discussions on digital sovereignty—the capability to participate in the digital economy securely, independently and with self-determined controls—is often centered on a consistent set of questions: Where is my data stored? Who can access it? Will I have access to the latest capability? Below, we’ve answered these questions, and highlighted the commitments we’ve made and the technologies available in Switzerland.

1. What are Microsoft’s sovereign cloud solutions in Switzerland?

Microsoft offers a comprehensive portfolio to meet the full spectrum of sovereignty needs in Switzerland and across Europe:

Sovereign Public Cloud: Full sovereignty features—including data residency, encryption controls, and regulated environment management—are available in all European regions, including Switzerland. No migration to separate datacenters is required.
Sovereign Private Cloud: For organizations needing maximum operational autonomy, Azure Local and Microsoft 365 Local enable workloads to run in customer controlled and on-premises hosted environments, with consistent management and security.
Key Capabilities: Data Guardian (Europe-based access approval and monitoring), External Key Management (customer-held encryption keys), and Regulated Environment Management (centralized sovereignty controls).
Open and Hybrid by Design: Azure Arc enables unified management across multi-cloud and on-premise environments, supporting hybrid and multi-vendor strategies.

Learn more: Comprehensive Sovereign Solutions

2. Where is data stored and who can access it?

For Swiss customers, data location and maximum control over where their data resides, how it is accessed and processed is non-negotiable. Microsoft provides multiple, layered safeguards:

Swiss cloud regions since 2019. We operate cloud regions near Zurich and Geneva so customers can keep data within national borders when needed, while also supporting disaster recovery regulatories.
EU Data Boundary means public‑sector and commercial customers in the EU/EFTA (including Switzerland) can store and process customer data, pseudonymized personal data, and professional services data including Microsoft 365, Dynamics 365, Power Platform, and most Azure services within the EU/EFTA regions. For some Azure services, customers follow documented configuration to obtain the professional services storage commitment.
No direct or unfettered government access. Microsoft reviews each government data request, discloses only when legally compelled, and limits any disclosure to specific accounts identified in a valid order. Our policies are detailed in our Government Requests for Customer Data Report.
We do not provide any government with encryption keys or the ability to break our encryption.
In addition to the EU Data Boundary, we provide European customers with multiple options for securing and encrypting their data. Our Confidential Compute offerings in Azure eliminate the ability of third parties—including Microsoft—to access customer data by ensuring data is processed within a trusted environment the customer alone controls. We enable customers to create a “lockbox” around their data across Azure, Dynamics 365, and Microsoft 365 by giving them the ability to review and approve before Microsoft accesses their data for customer and service support operations. We also enable customers to secure their data with encryption keys that they, not Microsoft, control with Azure Key Vault and Purview Customer Key. Our Microsoft Cloud for Sovereignty offers customers a range of other tools to secure data, protect against unauthorized access, and satisfy legal requirements.
European‑controlled operations. With Data Guardian, we will add an additional level of assurance by ensuring that only Microsoft personnel residing in Europe control remote access to these systems. Data Guardian adds additional human and technical oversight whenever engineers outside of Europe need access. All remote access by Microsoft engineers to the systems that store and process your data in Europe is approved and monitored by European resident personnel in real time and will be logged in a tamper-evident ledger.
For Microsoft 365 and select services, Customer Lockbox lets you review and approve engineer data‑access requests and audit related activities. For encryption keys, Azure Key Vault provides audit logs and insights so you can monitor key operations and set near real‑time alerts via Azure Monitor. Customers that require immutable, tamper‑proof audit trails for their own workloads can use Azure Confidential Ledger.
Defending Your Data commitment: We will challenge every government request for public sector or enterprise customer data where there is a lawful basis for doing so. We are committed to transparency regarding government data requests and publish regular, detailed reports on such requests.

3. Do sovereignty controls require migration or reduce functionality?

With Microsoft Sovereign Public Cloud, you enable sovereignty controls across existing European regions—no migration to separate datacenters required—while keeping the full innovation pace of the public cloud. Sovereign Private Cloud gives customers even more control, but certain limitations apply.

Key capabilities designed for sovereignty:

Data Guardian for European‑controlled operations and access approvals.
External Key Management so you can keep encryption keys in your own HSMs (on‑premises or with a trusted third party).
Regulated Environment Management to configure and monitor all sovereignty controls in one place.

4. What if full operational autonomy is required?

Some sectors need workloads to run in a physically controlled environment—including connected, hybrid, or disconnected scenarios.
Azure Local brings Azure services into your locations for in‑country, on‑premises, or partner‑operated datacenters.
Microsoft 365 Local provides a validated architecture to run productivity workloads like Exchange Server and SharePoint Server on Azure Local with consistent management via Azure tools. The Sovereign Private Cloud solution (Azure Local + Microsoft 365 Local) is in preview with general availability later this year in Europe.

5. Can we move our data?

Sovereignty and data portability go hand in hand.

Open by design: Azure supports open standards, open‑source runtimes, and a broad partner ecosystem.
Microsoft’s cloud services are designed for openness and flexibility. Customers can export their data at any time using well-documented processes and widely supported, industry-standard formats. There are no proprietary barriers that prevent you from moving your data or workloads to other platforms. This commitment to portability ensures you retain full control and freedom of choice—without risk of vendor lock-in.

6. Does Microsoft support open-source solutions?

Open Source enables Microsoft products and services to bring choice, technology and community to our customers. Sovereignty requires openness, and open standards and open-source technologies can be used throughout our infrastructure. According to the Open-Source Contributor Index (OSCI), Microsoft ranks #2 globally with 5,079 active contributors to date, and 11,217 total community members, with Microsoft as a foundational pillar of open-source innovation.
VS Code, one of the world’s most popular developer tools with millions of users, is developed in Zurich’s Wollishofen.

Learn more: Microsoft Open Source

7. What about resilience, governance, and security oversight in Europe?

We have formalized commitments so customers can plan for the long term.

Digital Resilience Commitment. We commit to contest any order to suspend or cease cloud operations in Europe using all legal avenues available, including pursuing litigation in court. This commitment is legally binding on Microsoft Corporation and all subsidiaries.
We will store back-up copies of our code in a secure repository in Switzerland, and we will provide our European partners with the legal rights needed to access and use this code if needed for this purpose.
European board oversight. Our European datacenter operations and their boards are overseen by a European board of directors composed exclusively of European nationals and operating under European law.
European Security Program. We are expanding AI‑powered threat intelligence sharing, capacity‑building, and partnerships (including with Europol) for governments across the EU, EFTA, the UK, and others—free of charge. We have also created a Deputy CISO role for Europe focused on evolving regulations such as DORA, NIS2, and the Cyber Resilience Act.
Global cybersecurity capabilities. Microsoft’s security platform analyzes over 84 trillion threat signals daily, one of the largest and most diverse threat intelligence datasets in the world, to help protect customers in Switzerland and globally from evolving cyber threats. In 2024, Microsoft blocks over 7,000 password attacks per second and tracks more than 1,500 threat actors worldwide.

Learn more: European Digital Commitments

8. How can transparency and verification be ensured by default?

Trust Center. Our Trust Center centralizes certifications, audit reports, data‑protection documentation (including the DPA), and product‑specific compliance content.
Customers have the right to conduct an audit, provided the necessary conditions are met.
Government Security Program. For governments, qualified authorities can review Microsoft source code in secure Transparency Centers (including in Ireland).
Biannual transparency reporting. We publish detailed, global reports on government requests for customer data and our responses.
We use industry-standard secure transport protocols like IPsec and TLS between datacenters and user devices. Data at rest benefits from double encryption, service-level encryption, and disk encryption. Azure Confidential Computing enables encryption even while data is being processed.
Microsoft commits to comply with all laws and regulations applicable to its providing of the products and services, including security breach notification law and data protection laws (including GDPR and Swiss data protection law).

9. How is Microsoft investing in Switzerland?

We are scaling to meet Swiss demand while supporting skills, innovation, and sustainability.

USD 400 million investment (a nnounced June 2, 2025) to expand AI and cloud infrastructure in Switzerland, including advanced GPUs.
Serving 50,000+ customers, including those across regulated sectors such as finance and healthcare.
Helping skill 1 million people by 2027 in AI and digital competencies.
Renewable energy. To date, all electricity consumption in Switzerland has been covered by renewable energy purchases.
Our 36-year presence has created a thriving ecosystem. 4,600+ Swiss partner companies employ tens of thousands of professionals.
For every CHF Microsoft generates, our partner ecosystem creates 8+ CHF of additional value.
We operate the Spatial AI Lab in Zurich, partner with ETH Zurich (including a collaboration on AI Red-Teaming), EPFL, Switzerland Innovation Parks, and Deep Tech Nation, representing real Swiss jobs, Swiss expertise, and Swiss innovation capacity that strengthen economic competitiveness.

Learn more

European Digital Commitments → https://blogs.microsoft.com/on-the-issues/2025/04/30/european-digital-commitments/

Sovereign solutions for Europe → https://blogs.microsoft.com/blog/2025/06/16/announcing-comprehensive-sovereign-solutions-empowering-european-organizations/

EU Data Boundary (completion) → https://blogs.microsoft.com/on-the-issues/2025/02/26/microsoft-completes-landmark-eu-data-boundary-offering-enhanced-data-residency-and-transparency

Government Requests for Customer Data Report → https://www.microsoft.com/en-us/corporate-responsibility/reports/government-requests/customer-data

Switzerland investment (June 2, 2025) → https://news.microsoft.com/de-ch/2025/06/02/microsoft-deepens-switzerlands-digital-future-with-strategic-investment-in-cloud-and-ai-infrastructure-startups-skilling-and-innovation/

Defending your Data → https://blogs.microsoft.com/on-the-issues/2020/11/19/defending-your-data-edpb-gdpr/

Advance European Commerce and Culture → Unlocking data to advance European commerce and culture – Microsoft On the Issues

European Security Program → Microsoft launches new European Security Program – Microsoft On the Issues

Tags: