Microsoft is under fresh scrutiny after reports from the Associated Press suggested the tech giant disabled the email account of Karim Khan, the Chief Prosecutor at the International Criminal Court (ICC), in alignment with sanctions imposed during the Trump administration.
Although the suspension has made headlines globally, Microsoft, as reported by DataNews, firmly denies the accusation. The company contends that Khan's email was simply transitioned to ProtonMail by the ICC itself. As of now, the ICC has yet to issue any public statement clarifying the matter.
This development has reignited debates around US-imposed sanctions and the far-reaching power of American legislation in the digital domain. A key piece of that puzzle is Section 2713 of the 2018 CLOUD Act, which obliges US tech companies to furnish data they control—even when stored overseas or shielded by foreign laws. Critics argue this mandate severely erodes national data sovereignty.
The timing of the controversy is particularly sensitive, as Microsoft continues to position itself as a trustworthy partner in shaping Europe’s digital and AI future. The company has made overtures promising full compliance with EU regulations, as part of its broader European strategy.
On a larger scale, this incident underscores the fragile trust underpinning international digital governance. As US companies aggressively pursue AI training data, projects like OpenAI’s "for Countries" initiatives—which offer tailored AI services in return for access to national datasets—are facing growing skepticism. European policymakers and institutions are becoming increasingly wary of deep dependencies on firms legally tethered to US oversight.
The ‘Khan email’ issue, while narrow in scope, exposes deeper concerns about digital vulnerability. For many in Europe, it serves as a potent reminder of the potential risks of relying on foreign cloud providers—spurring renewed calls for sovereign infrastructure and tighter regulation of external tech partnerships.
