Swiss Government Sounds The Alarm Bell Over Cloud Storage Security Risks

Cloud services are part and parcel of our digital lives these days. Many of us use at least one of the many great cloud storage providers vying for our money, while even everyday smart appliances rely on the cloud. The latter, of course, proved disastrous for owners of Eight Sleep beds, which were rendered unusable by Amazon Web Services' October 2025 outage.

Even the public sector, including world governments and their agencies, uses cloud services. They can offer many benefits, including cost savings, improved security, access to software-as-a-service (SaaS) tools, and easy expansion to suit ever-changing needs. However, it's not all rosy: data sovereignty, or the notion that a cloud user should have full control over their cloud data, is fast becoming a concern, as exemplified by a recent regulation regarding the Swiss government's use of cloud services.

On November 18, 2025, Switzerland's Conference of Swiss Data Protection Officers, also known as Privatim, passed a resolution that essentially prohibits the use of cloud services for sensitive government data. Reasons include cloud providers' lack of transparency, the absence of end-to-end encryption, and the loss of control over government data when stored in the cloud. The resolution also specifically cites the U.S.' Cloud Act, which compels American service providers to release user data stored on their servers upon government request, as another motivator. In its conclusion, Privatim recommends that the Swiss government only use cloud services if it can encrypt the data itself and ensure that the cloud provider does not have access to the encryption key.

It's essential to remember that Privatim's resolution is not a wholesale ban on cloud services in Switzerland; it only applies to the nation's government services, which are entrusted with ensuring that citizens' data is kept safe from prying eyes. While that may seem paranoid, it's worth remembering that even a giant like Microsoft has had to admit to French courts that it could not guarantee the privacy of cloud data if the U.S. government were to request it, somewhat justifying Privatim's concerns.

To be clear, nobody's going to be legally prohibited from using private cloud services anytime soon (or ever). As long as they're not working with data that requires the level of privacy that government bodies must adhere to, the issues Privatim raises should not overly concern the average cloud service user. However, its ban on cloud services isn't happening in a vacuum.

Self-hosting, or setting up one's own server to run SaaS apps, is rapidly growing in popularity amongst end-users. While de-Googling one's life has been made easier by apps such as Proton Mail, tech enthusiasts are taking it a step further by building their own servers for cloud storage or photo management to regain control of their data and protect it from the whims of Big Tech. While self-hosting may seem like a hassle for someone who just wants a place to dump their photos, we wouldn't be surprised if it becomes even more prominent in the years to come — especially now that governments are expressing concerns about the cloud as well.