Spell-check for privacy
Blog
Safe AI adoption 9 min read

Data sovereignty starts in the prompt field

Your data sits in a European data centre, so you're sovereign? Not necessarily. As long as the provider is American, the US government can reach it, wherever the servers are. And that choice isn't made by procurement, it's made by the employee who pastes something into a prompt.

Data in a European data centre still falls under US law when the provider is American
Quick answer

Data sovereignty comes down to one question: which government can legally compel your data? For most AI tools the answer is the United States, even when the data sits in Europe, because the provider falls under US law. A cloud contract alone does not settle it, because the real choice is made the moment an employee types into a prompt.

01

Sovereignty is not only about where your data sits, but which government can legally compel it

02

The US CLOUD Act forces American providers to hand over data, including from a data centre in the EU

03

Under oath in 2025, Microsoft could not guarantee EU data is never accessed under US law

04

The EU-US Data Privacy Framework is a legal basis, not a guarantee: its two predecessors were struck down

05

Most AI tools are American; the jurisdiction is chosen at the moment of the prompt, not in the contract

A director told me recently, with some pride, that his organisation had gone "fully European" on AI. European vendor, European data centre, every box ticked. When I asked what his people did when that one European tool was a little too slow or too limited, the room went quiet.

That is exactly the gap. The employee in a hurry does not paste into the tool that took months to negotiate. He pastes into ChatGPT, because it is faster. And at that moment the data no longer sits in Europe, it sits under US law.

Digital sovereignty is arranged in the boardroom. But it is decided in the prompt field.

The question is not where your data sits, but under whom

We talk about sovereignty as if it were a question about maps: are the servers in the EU or not? That is a reasonable question, but it is not the one that matters. The one that matters is which government can legally compel your data. And that does not depend on where the disk spins, but on which law the provider falls under.

That distinction is the whole game. You can host data perfectly within Europe and still fall under a foreign law, simply because the company behind it is foreign. Sovereignty is therefore first a legal question, and only then a technical one.

Why hosting is the wrong question

The US CLOUD Act of 2018 requires American companies to hand over data when the US government asks, regardless of where that data is held. A server in Frankfurt changes nothing as long as the parent company is in the US. Jurisdiction travels with the company, not with the disk.

And that is exactly where the CLOUD Act collides with the GDPR. Article 48 says that a judgment from a foreign court or authority is only a valid basis to transfer data if it rests on an international agreement, such as a mutual legal assistance treaty. An order under the CLOUD Act does not, by itself, meet that bar. So a US company with European customers can be required to hand over data under US law and forbidden from doing so under the GDPR at the same time. Two legal systems demanding the opposite, with your data caught in between.

This is not legal scaremongering. In 2025, a Microsoft executive was asked, under oath, before the French Senate: can you guarantee that European data is never handed to the US government? The answer was no. The company has to comply with US legal orders, and such requests do occur.

That shifts the whole conversation. European hosting is a precondition, not a guarantee. And the uncomfortable part is this: at the very moment the data leaves, in a prompt field, you see none of it. No flag, no country of incorporation, no clause of law. Just an empty text box asking what you are working on.

Most AI tools fall under US law

Look at what is used every day. ChatGPT at OpenAI, Copilot at Microsoft, Gemini at Google, Claude at Anthropic: all American companies. Whatever is pasted into them falls under US jurisdiction, with or without a European data centre. Add to that the US surveillance laws, in particular FISA Section 702 and Executive Order 12333.

This is not a fringe concern; it is precisely why European data rules and US law have collided for years. In 2020, in the Schrems II case, the EU Court struck down the arrangement of the day, Privacy Shield, because that US surveillance was incompatible with European fundamental rights. Its successor, the 2023 EU-US Data Privacy Framework, keeps transfers legal for now. But it is shaky: a fresh case is before the Court, FISA 702 survives on short extensions, and the US body meant to police the arrangement has been hollowed out. Two earlier frameworks did not last. Building your most sensitive data on this one is, in effect, a bet on how a court case turns out.

DeepSeek showed that this can come from an entirely different direction too: a Chinese model storing data in China, blocked by Italy in 2025. But that is one example of a broader principle, not an everyday European problem. The question that does come up daily is the US jurisdiction of the tools everyone already has open.

That Europe takes this seriously shows in the counter-movement: in late 2025 member states adopted a declaration for European digital sovereignty, and the Commission launched a sovereign-cloud procurement. Admirable, at the infrastructure level. But all of that effort is undone in two seconds by a single paste into the wrong tool.

The objection, taken seriously

The fair objection: "We only use vendors under the Data Privacy Framework, or that host in Europe. This is handled."

A good step, and the right direction. But the Framework is a legal basis, not a sovereignty guarantee, and it is under pressure. European hosting under an American parent does not remove the CLOUD Act. And even with your contracts in order, you only cover the tools you chose. One employee using a free tool on a personal account sidelines the whole arrangement. Sovereignty at the contract level is undone by shadow AI on the floor. The agreement on paper is a precondition, not the outcome.

What to do instead

Four steps that bring the sovereignty question back to where it is answered.

  1. Know which law each tool falls under. Not just where the data sits, but which country the provider belongs to, and what that means legally.
  2. Choose genuinely sovereign options where it matters. For your most sensitive data, what counts is not only European hosting but European control.
  3. Signal at the moment of the prompt. Show the employee what is sensitive before the data crosses into another jurisdiction, so they can correct course.
  4. Measure where sensitive data goes. In aggregate, so you can demonstrate the risk without tracking individuals.

That visibility turns an abstract debate into something concrete. This is what it looks like:

Detections over timeLast 30 days
12,438+18% vs last month
Top sources
ChatGPT
8,124
Gmail
3,210
Gemini
812
BeeSensible dashboard: aggregated detections and top sources, without monitoring individuals.

Not an assumption that the contract covers it, but a picture of which data types land in which tools, and whether the line falls after you change something.

Where BeeSensible fits

You can ask the sovereignty question at the moment it counts: before the prompt leaves. BeeSensible recognises sensitive information as someone types, across AI tools, email and other web apps. Detection runs in a European environment, in working memory, and the text is discarded after analysis. What is in there, a name paired with an account number, an IBAN, a national ID, is marked before it is sent. The employee decides whether it should leave like that, and to that tool.

Here is what that looks like the moment someone pastes client data into an AI tool:

Outlook
New message
Todr.smith@clinic.co.uk
SubjectClient file: Jane Richards
Dear colleague, please find the file for client Jane Richards (BSN: 384920173). She can be reached at 06-12345678. See the attachment for the full care plan.
BeeSensible highlights sensitive details before send.

A sovereignty strategy that lives only on the top floor, in clouds and contracts, misses the place where the decision actually happens. Because the question is not only where your data sits, but under which law, and that is answered anew every time an employee hits send. Anyone who wants control over their data's jurisdiction has to be able to see that moment. Not by banning everything, but by making what is in a prompt visible before it leaves your jurisdiction.

FAQ

Common questions

What is data sovereignty, exactly?

Data sovereignty is the degree to which your organisation keeps control over its data: not only where it physically sits, but which law it falls under and which government can legally compel it. So it is as much a legal question as a technical one.

Is data in a European data centre safe from the US government?

Not automatically. If the provider is a US company, the US CLOUD Act can require that company to hand over data regardless of where it is held, including a data centre in the EU. A Microsoft executive confirmed under oath before the French Senate in 2025 that the company could not rule this out.

What does the US CLOUD Act mean for AI tools?

Most AI tools, such as ChatGPT, Copilot, Gemini and Claude, run at US companies. Whatever an employee pastes into them therefore falls under US jurisdiction, with or without a European data centre. US surveillance laws, in particular FISA Section 702 and Executive Order 12333, are part of the picture.

Doesn't the EU-US Data Privacy Framework solve this?

The 2023 Framework makes transfers to the US legally possible for now, but it is a basis, not a guarantee. Its two predecessors, Safe Harbor and Privacy Shield, were both struck down by the EU Court, and a fresh case is pending. FISA 702 runs on short extensions and US oversight has been weakened.

What about DeepSeek?

DeepSeek shows the same principle from a different angle: a Chinese model storing data in China, blocked by Italy in 2025. But for most European organisations the everyday question is not China, it is the US jurisdiction of the tools they already use.

What does GDPR Article 48 say about the CLOUD Act?

Article 48 of the GDPR states that a ruling from a foreign court or authority is only a valid basis to transfer personal data if it rests on an international agreement, such as a mutual legal assistance treaty. An order under the US CLOUD Act does not, by itself, meet that bar. So a US provider can be required to hand over data under US law and forbidden from doing so under the GDPR at the same time.

How do you keep control of your data's jurisdiction?

Know which law each tool falls under, choose genuinely sovereign options where the data is most sensitive, and signal at the moment of the prompt so sensitive data does not cross into another jurisdiction unnoticed. Measure where it goes in aggregate, without tracking individuals.

See how BeeSensible works

Detect sensitive data before it leaves your team, in any app, in real time.