---
url: https://eurocomply.app/sovereignty/cloud-act-eu-customers
canonical: https://eurocomply.app/sovereignty/cloud-act-eu-customers
title: What the US CLOUD Act Means for EU Customers — EuroComply
topic: cloud-act-eu-customers
question: Does the US CLOUD Act apply to EU customers of US vendors?
sourceUrl: https://curia.europa.eu/juris/document/document.jsf?docid=228677
lastReviewed: 2026-05-12
author: EuroComply Team
license: CC-BY-4.0
---

# What the US CLOUD Act Means for EU Customers

## Does the US CLOUD Act apply to EU customers of US vendors?

Yes — the US CLOUD Act (2018) authorises US law enforcement to compel US-based service providers to produce data they control regardless of where it is stored. A US-parent vendor that hosts EU customer data in Frankfurt is still subject to a US warrant. EU data residency is necessary but not sufficient for CLOUD Act protection.

## Practical considerations

- The CLOUD Act applies to US-headquartered companies and their subsidiaries — not to where the data is physically stored
- EU customers should evaluate vendor corporate structure (headquarters + parent), not just data-residency contractual terms
- EU-EU vendor pairings (EU customer + EU-headquartered vendor + EU hosting) are the strongest configuration against CLOUD Act compulsion
- Schrems II (CJEU C-311/18) addressed transfers to the US, not direct US-compelled access — the two are distinct legal regimes

## Recommended next step

[Check CLOUD Act exposure scores for 1000+ tools](https://eurocomply.app/cloud-act-scores)

## Source

Primary source: [US CLOUD Act (18 U.S.C. § 2713) + Schrems II judgment (CJEU C-311/18)](https://curia.europa.eu/juris/document/document.jsf?docid=228677).

---

Informational only. Not legal advice — consult qualified legal counsel.

Last reviewed: 2026-05-12 by the EuroComply Team. License: CC-BY-4.0.