
•
3 minute read
Sovereign cloud, US law and your trading data
In June 2025, Microsoft France appeared under oath before a French Senate inquiry into digital sovereignty. Its director of public and legal affairs was asked a plain question: could the company guarantee that data held in Europe would never be passed to US authorities without European consent? The answer? No.
What Microsoft actually said
Under the CLOUD Act, passed in the US in 2018, American authorities can compel a US-domiciled company to produce data it holds, wherever in the world that data is stored. Microsoft France told senators it resists requests it considers unfounded, meaning that it challenges them in the courts and that no European customer has been targeted so far. On the core question, however, the position is now clear. A valid US order would have to be honoured, and the company could not guarantee otherwise.
This means that essential data can sit in Paris, Frankfurt or Zurich, but the jurisdiction that governs the parent company travels with it.
Where the servers sit, and whose law reaches them
This is the distinction the sovereign cloud category tends to blur. A US hyperscaler can build a data centre in Europe, staff it locally and market it as sovereign. That addresses where the data physically rests. It does not change which government can compel the company that runs it. A European address with a US parent still leaves the data reachable under US law.
What this means for commodity traders
In commodity trading, the sensitive data is the business. Contracts, prices, positions, P&L, counterparties and the internal logic of a desk are the commercial advantage. Send that to an AI or a platform running outside your control, and two things happen. The information leaves your perimeter, and your continued access to it becomes a decision someone else can make.
How Euclid is different
Euclid is a Commodity Trade and Risk Management (CTRM) platform designed so this question does not arise. It deploys on client-owned infrastructure or inside Euclid's private Swiss data centre, with no US hyperscaler dependency. The trading data stays inside a perimeter the client controls. There is no US provider in the chain, so there is no CLOUD Act exposure to manage in the first place.
That difference is structural, and it shows in the numbers: Euclid runs on 100% client-owned infrastructure, against an industry where 67% of legacy CTRM data sits in US-based clouds.
What Euclid AI does today
The same logic governs our AI. Euclid AI runs inside that private environment, connected directly to the platform, and today it does two key things.
Processing trading documents.
Drop a contract, invoice, confirmation or market-data report into the system and the AI turns the unstructured file into structured platform data, across more than 50 formats, at 99.3% OCR accuracy, cutting typing time by 98%.Answering questions about your data in plain language. Ask the CTRM database directly and the AI returns the answer, with no query-building by hand.
Both run without ever sending trading data to a third-party AI outside your jurisdiction.
The question worth keeping
Sovereign cloud offerings will keep improving. The engineering will get better, and the marketing sharper. But none of it closes the gap Microsoft described under oath. That gap is fundamentally a legal one, beyond the purview of ‘better engineering’. As long as the provider answers to another government, so does the data.
For a trading firm, one question cuts through the branding. Who can reach your data when a government asks? If the honest answer runs through a US provider, the firm is not fully in control of it.


