Swedish military rejects US tech giants’ cloud services for classified operations
Saturday 30th May 2026 on 06:00 in
Sweden
The Swedish Armed Forces will not use cloud services from US-based providers like Google, Amazon, or Microsoft for handling classified information, citing American surveillance laws that could force the companies to hand over data, Swedish public broadcaster SVT reports.
A new internal defense strategy states that US firms have a “far-reaching obligation” to surrender information to US authorities under the Foreign Intelligence Surveillance Act (FISA) and the Cloud Act, regardless of where their servers are located. The strategy emphasizes that the legal jurisdiction of a cloud provider’s headquarters—not the physical location of its data centers—determines which laws apply.
An undisclosed security agency report, obtained by SVT, goes further, asserting that cloud providers retain technical access to unencrypted data through their control of infrastructure. Thomas Nilsson, head of Sweden’s Military Intelligence and Security Service (MUST), confirmed the risks, stating that if a provider could be compelled to “shut down, access, or share our information, that is clearly concerning.”
Fredrik Blix, a cybersecurity researcher at Stockholm University, agreed that no organization can guarantee full protection if a provider retains server access. However, he noted that for non-defense sectors, major cloud providers may still offer adequate security against conventional cyber threats, whereas self-hosted alternatives could prove prohibitively expensive.
US tech executives have previously dismissed such concerns. Sophia Wikander, CEO of Microsoft Sweden, told SVT that the company would “challenge any such order” from US authorities.