Actually no - that is incorrect. Microsoft can have no legally sovereign options in the EU or anywhere else inthe woprld that are also connected to Microsoft public cloud (which Bleu still is). Engaging a local provider to sell your global product under their name does not make it sovereign - unless you're Microsoft and seek to redefine the word sovereign... Only Google currently have a genuinely sovereign option that can scale - GDC-AG. Other standalone options are either deisnged to operate as Edge cloud / hybrid solutions or as very feature limited (like Azure Local - which actually does both...) DESC does NOT use Sharepoint and 365 - it is a service operated by Axon using their evidence.com back end. It sits on Azure and its absolutely not a compliant solution for DPA 2018 or any EU LED based legislation (although many UK and some European Police forces do use it). Microsoft's contract terms do not comply with the UK law (which given its still 99% currently the same as EU law is I suspect reasonable...); however the UK Gov DID buy their services under frameworks that specifically prohibit offshoring so Microsoft might be in for a very sticky time inthe near future. There's a lot of evidence piling up to suggest that in many cases they may have breached those contracts... Oops.

No they are certainly breaking the law. They fail to comply with the UK Data Protection Act 2018 Part 3 provisions. By refusing to provide evidence of GDPR compliance they are in breach of Article 28(4) of the EU and UK GDPR... When the problems were identified to Microsoft in early 2019 however they absolutely took the position that it was all down to the Police to get this right. then they started working with them to build systems in full knowledge that actually they could not comply with the laws. There are full email trails to show when Microsof tbecame aware of the issues and that they stated wthey would not advise the police of the issues.

Not really. It took 2 weeks of analysis and cross-referencing of different Microsof tinformation sources to compile the full record of countries to which the data is sent. re they hiding th einformation? Depend who you ask. What they DO however is present a small part of the info in an accessible place - its suggests 17 countries, mostly friendly, with only 4 not adequate under GDPR. only thrtough othe rlinks, searches and abnalysius does the full picture emerge - 148 sub-processors, 105 countries and 10k's of contracted administrators all around the world. Although the focus of the article is Policing - actually 66 of the 105 countries have no EU or UK GDPR adequacy (only 28 are legally suitable countries for Policing data to go to under EU and UK laws).. Microsoft refused to provide any evidence of compliance to the Scottish Police, but they work across policing in the UK to sell their service - so are they in fact being open and transparent?