Anyone who's read the law has known this for years.

The GDPR is incompatible with the Cloud Act, and so the only legal (or so it should be) way to use US companies is to treat them like unsafe third countries - no matter the data center location.

But everyone wants to continue like before. Having to ensure that Amazon and Azure never touches unincrypted personal data is hard. So one "compromise" after another has been tried - never solving the actual problem.

As a EU citizen I think it's entirely embarrassing. Either the EU should have the power to force European subsidiaries to be exempted from the cloud act, or everyone should be forced to abide the law, which would greatly boost EU tech. Instead we are just rolling over.