>it is going to be translated into laws soon enough (i.e. governments mandate data sovereignty)

The laws are already there. That's my point.

Most nations can coerce information from corporate entities within their nation, even information that corporation holds outside said country. To what extents that coercion can hold will of course vary by local laws, customs and the people in charge. The US has a fairly large media footprint, not to mention it's actual physical size and outsized influence even then. So it is more covered and visible.

Inside the US, the biggest concerns similarly come with China, which I consider a bigger risk. For better or worse, if you're inside the US, you're probably better off holding as much of your presence as you can inside the US as EU requirements can actually be more harmful than helpful in terms of compliance. There are also certain protections and resistance you can take to less than formal (judicial warrant) requests. Only because if you hold an online presence in the EU, and are forced to violate EU laws, then you're in trouble on both sides.

I would assume similar in most cases, though the EU confederation is something I'm far less familiar with where national laws and EU laws conflict, etc. I'm more familiar with US state to federal structures.

>The intelligence community has no restrictions operating on foreign networks and servers.

there have been several bombshell revelations in the last 1-2 decades which indisputably show that the US intelligence community also has (effectively) no restrictions operating on US citizen networks and servers, and often does so with the direct help of US companies.

the legal standards are worthless when they can just be ignored without consequence. when the standards happen to work, just buy the data from the private sector.

secondly, these changes are also about mitigating any retaliatory decisions made when the US government gets upset at how tall another country's leader is, or whatever.

I wish I believed that they have to go to the FISA court for much of anything any more. Instead they go to Palantir and the like which simply buy the data and aggregate it. Very similar to the process of money laundering. And for the data that can't be bought there's the five eyes work around.

So probably makes sense to host on EU headquartered companies

The fear is not "NSA is snooping on our customer data", it's "Trump has a beef with our premiere minister/president, and Jeff Bezos accepted Trumps request to turn off AWS from them" that's the fear.

We're far beyond the default assumption that NSA snoops on absolutely everything, and more about protection ourselves from trade wars, tariffs and similar blockages as what Microsoft did with the ICC.