The United States Congress has expressed concern regarding Microsoft’s recent decision to invest $1.5 billion in data centres in Italy, citing potential national security risks associated with the investment.
These concerns have arisen due to the timing of the agreement coinciding with the United States’ Department of Defence’s plans to award a contract of up to $10 billion for the Joint Enterprise Defence Infrastructure, which involves the modernisation of the Pentagon’s cloud computing systems. Lawmakers have raised questions about Microsoft’s commitment to exclusively keeping data generated by the Italian Ministry of Defence within Italy’s borders.
Senator Marco Rubio, a member of the Senate Intelligence Committee, has conveyed his apprehension about the deal by addressing a letter to the Defence Secretary Lloyd Austin, posing five questions regarding the project’s impact on national security and potential involvement of China’s Huawei.
Furthermore, Microsoft’s investment in Italy has also drawn scrutiny from members of the House Judiciary and Armed Services committees. Democratic Representative Stephanie Murphy, who has a history of collaborating with Italian security officials, has expressed concerns about the potential influence of the Chinese government over certain Italian data storage operators, suggesting that it may be relatively simple for China to access this data.
In response to these concerns, a Microsoft representative has asserted that the project complies with all European Union data protection and privacy laws, assuring a “zero tolerance policy for unlawful government access to data.”
The US government’s concerns about data residency and sovereignty extend beyond the investment in Italy, encompassing Microsoft’s JEDI contract pitch, as well as its bid for the Australian Department of Defence’s centralised processing environment deal.
Recognising the urgency of the situation, lawmakers have convened with representatives from the State Department and the Pentagon to address these growing concerns about US-related investments in allied countries, as well as the potential influence from China and other countries that may jeopardise data security. It is strongly recommended to vigilantly monitor the situation and construct a comprehensive framework that addresses all outlined concerns.