Your municipality’s data is in the hands of Big Tech. How much of a concern is that?

Microsoft Teams is everywhere. In town halls, on civil servants’ laptops, on aldermen’s phones. For video calls, chats, file sharing. And behind it you’ll find SharePoint, OneDrive and a whole chain of other services. It works well. No one complains.

Until you ask yourself: where exactly is our data stored? And who has access to it?

Over the past few months, I’ve noticed many municipalities starting to wrestle with that question. Not because they suddenly dislike Microsoft… or Google, Amazon, or Oracle.

But because they’re realizing they’ve entrusted their data to American companies. And those companies, reliable as they may be, ultimately fall under U.S. jurisdiction.

Why is data sovereignty suddenly such a big deal?

There are several reasons municipalities are now taking this seriously. The GDPR has been around for years, but enforcement is getting more attention. Europe is working on stricter rules around digital sovereignty. And geopolitics certainly isn’t increasing trust in American tech companies.

There’s also a practical angle. Municipalities are noticing how dependent they’ve become on a single vendor. For almost everything. And dependency means you no longer control what happens to your systems and your data.

On top of that, there’s a growing awareness that citizens’ data must be protected—not just because the law requires it, but because public trust depends on how municipalities handle personal information.

What Big Tech promises…

Microsoft, Google, Amazon and Oracle all promise sovereign data solutions. Microsoft, for example, has completed its EU Data Boundary, ensuring European data stays within Europe. Oracle offers an EU Sovereign Cloud, with servers in Frankfurt and Madrid operated under European legal oversight. Google has similar setups.

On the surface, that sounds reassuring. Servers in Europe, managed by European teams, with contractual guarantees that your data won’t leave the EU without permission.

…And what the law says

But there’s a legal issue that’s not so easily solved.

The Patriot Act of 2001 has long allowed U.S. authorities to request data from American companies, even when that data is stored outside the United States. According to ICT legal experts, the FBI can demand information from American cloud providers even if the data belongs to European customers and falls under the GDPR.

The 2018 CLOUD Act goes even further. Under this law, the Clarifying Lawful Overseas Use of Data Act, U.S. authorities can compel companies to hand over data regardless of where it is physically stored. The Dutch National Cyber Security Centre (NCSC) concluded that even European companies and data processed entirely within Europe, can under certain circumstances, still fall under this legislation.

Microsoft told the French Senate in June 2025 that it cannot fully guarantee European data sovereignty if the U.S. government demands access under the CLOUD Act. Anton Carniaux, Microsoft France’s director of public affairs, stressed that Microsoft has “a very rigorous system” to evaluate and reject illegitimate requests. But the hard reality remains: if the U.S. government comes with a legal order, an American company must comply.

The problem is the extraterritorial reach of these laws. Even if your data sits on a server in Amsterdam, run by a European subsidiary, the parent company still falls under U.S. jurisdiction.

Open source as a serious alternative

Fortunately, there are alternatives. Open-source solutions like Nextcloud offer file sharing and collaboration comparable to OneDrive and SharePoint. For communication, there are options like Mattermost and Rocket.Chat, both viable replacements for Teams. For video calls, there’s Jitsi. And several European providers offer full collaboration platforms with the same features as the big U.S. players.

The advantage? You can host these solutions wherever you want. On your own servers. With a Dutch hosting provider. With a European cloud provider without U.S. ties. You decide where the data lives and who can access it.

But let’s be honest: it’s not as simple as it sounds. Microsoft Teams works. Everyone knows it. The integration with other tools is seamless. Switching means change, training, and adjustments to workflows. And not every open-source solution is as polished as the big commercial platforms.

So should you ditch Teams tomorrow?

Should you stop using Teams tomorrow? Or throw out your Azure or AWS licenses?
No. But you should think about what data you’re storing with Big Tech—and how important it is to protect it.

Some municipalities choose a hybrid approach. They rely on Microsoft for day-to-day communication and non-sensitive files, but store confidential information on their own servers or with European providers. Others move certain departments or processes to alternatives as a pilot.

The key is making conscious choices. Which data is truly sensitive? What are the risks if a foreign government could theoretically gain access? And how does that weigh against the convenience of your current setup?

For some municipalities, the answer is clear: all citizen data should be on European servers under European jurisdiction. For others, the trade-off is more nuanced. But having the discussion is already progress.

How we see it

At WeAreFrank!, we deal with this every day. Municipalities come to us because they want to integrate, modernize and connect their systems. And increasingly, the conversation starts with the question: how do we maintain control over our own data?

Our answer is simple: use open source. Not because closed source is inherently bad, but because open source gives you freedom. The freedom to choose where your software runs. The freedom to adjust the code if needed. The freedom not to be tied to a single vendor.

The Frank!Framework we build works anywhere. On your own servers, in a European cloud, or even with an American provider if you really want to. But the point is: you decide. Not us. And certainly not an American corporation that ultimately answers to its own government.

We believe in transparency. That’s why our code is open. So you can see exactly what’s happening. So you don’t have to rely on promises, you can verify it yourself.

And we believe in a fair business model. No vendor lock-in trapping you once you start. No escalating license fees. Just honest service based on the value we deliver, not on the fact that you have no way out.

The choice is yours

Big Tech isn’t evil. Microsoft, Google and Amazon make excellent products. But they operate within a legal system that requires them to listen to their own government. And that government is not the Dutch government.

The question isn’t whether you need to overhaul everything. The question is whether you’re making conscious decisions about where your data goes. About what dependencies you’re willing to accept. About who ultimately controls your municipality’s digital infrastructure.

Interested in our perspective on open source and data sovereignty? Neem contact met ons op.