Published:
Last updated:
US Cloud Act and Sovereign Cryptography
The US Cloud Act allows US authorities to access data managed by US companies — regardless of where the server is physically located (including Switzerland).
Core Concept
The law creates a potential conflict with the Swiss nDSG and the EU GDPR. The technical solution lies in sovereign cryptography, where key control remains exclusively with the customer (BYOK / hold your own key).
Relevance
- Risk Assessment: Evaluation of the risk when using US hyperscalers for sensitive data.
- Encryption Standards: Consistent use of customer-managed keys (CMK).
- Alternative Providers: Evaluation of Swiss providers not subject to the Cloud Act.