New U.S. extraterritorial surveillance laws pose direct sovereignty risks for European organizations using American cloud providers to process sensitive data or operate critically sensitive systems.

Executive Order 12333, FISA Section 702 and the CLOUD Act enable U.S. authorities to compel data disclosure from providers like AWS and Microsoft, even when data is in EU or Swiss regions, overriding local data protection frameworks.

Talk analyses the security and compliance impact of these laws to Swiss and European organizations processing critically sensitive data (such as sovereign data), as well as assessing if current provider security features like AWS Nitro and Microsoft multi-step key access adequately shield against government process.

Talk offers pragmatic resilience strategies to keep data outside of provider control. Sovereignty-by-design architecture and confidential compute. These layered defences allow companies to maintain high performance and agility while protecting critically sensitive data.

About the speaker

Tomas Kokolevsky

Information Security Officer at Beyond Gravity

Tomas is an Information Security Officer with over 13 years of experience in cybersecurity management across regulated sectors including aerospace, healthcare, and fintech. His focus is on protecting critical assets and enhancing organizational resilience through strategic governance, risk mitigation, and technical control implementation. At Beyond Gravity, a leading European space manufacturing company, Tomas oversees enterprise-wide security programs, ensuring robust defenses against evolving cyber threats and compliance with international and space industry-specific regulations. He leads initiatives that uphold data sovereignty within cloud and datacenter environments, enabling secure and compliant operations in the international aerospace/defense supply chain, such as the CMMC Program.
Read more …