In February, the United States imposed sanctions on the International Criminal Court (ICC) in The Hague. As a result, Chief Prosecutor Karim Khan has no access to the emails on his Microsoft account. The incident once again demonstrates the risks of dependence on US IT services.
To make matters worse, Khan’s bank accounts have also been frozen, according to the Associated Press. If he takes a flight to the US, he will likely be arrested upon arrival. According to the Associated Press, the ICC has been paralyzed by the forced Microsoft blockade. The conflict between the ICC and the US arose in November, when the former issued an arrest warrant for Israeli Prime Minister Benjamin Netanyahu. This incident tells bystanders more than just how applicable it is to this specific situation. Anyone who does not want to follow the geopolitical stance of the US exactly must have a plan B when it comes to software.
Good until it isn’t
European governments may consider the risks of using Microsoft acceptable. That was the position taken by the Dutch government in October last year, for example. Uncertainty about the sovereignty of Microsoft’s cloud services was not seen as a deal breaker: Azure, 365, and other Microsoft services were judged to offer all kinds of advantages that could mitigate any potential issues. At least, that was how it looked in 2024.
Under President Trump, the US has taken a decidedly less friendly stance toward the European Union and its member states. These geopolitical tensions mean that it is up to the business community to smooth things over. Microsoft, for example, is adamant that it will defend itself in court if Washington demands access to European citizens’ data. In fact, the encryption and access management of sovereign cloud services should make access from outside the continent technically impossible. Even with the clearest explanation, this may be revoked or secretly circumvented. And if Microsoft loses its case in court, it will still have to change course. Every non-US government will have to keep this scenario in mind when organizing its digital affairs.
In other words, relying solely on Microsoft services for critical purposes has its risks. What if the Dutch government refuses to go along with changed US policy on ASML’s chip machines, to name one example? Do all civil servants have email accounts and bank accounts that are not linked to Microsoft and cannot be blocked by the US? If not, these services may continue to run smoothly until it is too late.
Contracts are worth little
The most important achievement is that national security should not depend on the honor of an SLA. On top of that, the ICC is currently looking for European alternatives to the lost services, a smaller version of the larger concerns about Europe’s digital autonomy. There are plenty of services that could in principle provide the same functionality as the established names; the question is, however, whether they are enterprise-ready, secure, and fully sovereign.