Companies based in Europe are essentially taking a risk when they entrust the security of their email communication to US providers. This is not only due to these companies being subject to the much-discussed CLOUD ACT and FISA regulations, but also simply because the service provider’s staff could potentially view sensitive messages.
Distributed system architecture, for instance, often means that data from Europe can be transferred to the US and processed there. Depending on the terms of the contract, US-based staff with the appropriate roles may technically be able to access the email communication of European customers. While agreements with customers of course aim to address such concerns, this does little to change the fact of the matter.
European companies and institutions can avoid this dilemma from the outset, however, by opting for an email security provider like Retarus, which is based in Europe and processes the data belonging to its customers there. By all means, the service provider should also be independent – when companies are acquired by US corporations, the CLOUD Act even grants US authorities access to data located outside the USA.
To repeat a fitting quote from our founder and CEO, Martin Hager:
“Against this backdrop, it is critical for organizations to assess where workloads are best placed, factoring in criticality, compliance, latency, and transparency at every level. Digital sovereignty is becoming increasingly important in the United States as organizations rely more heavily on a small number of global cloud providers. Questions are emerging about control, resilience, and accountability of data and sensitive information. […] The goal should be resilient, sovereign, and cost-conscious cloud usage with less dependency, more visibility, and greater freedom of choice.”
Visit our website to find out more about Retarus Email Security and its related services. As a fully European provider, Retarus contractually guarantees data processing within the EU and excludes usage of US hyperscalers.
