Azure does have sovereign clouds, for instance its Germany cloud. [1] In this case data is handled by a German company and not Microsoft and so is subject to EU law.

[1] https://azure.microsoft.com/en-us/global-infrastructure/germ...

Why not use a non-US provider then? Maybe this will lead to more support for those. I can imagine that some EU companies will now struggle even more using AWS/GCP/Azure.

Depends on where your customers are and the applicable scale/latency costs of not using the biggest providers.

If you want 20ms latency to customers in the US, you're going to be hosting in North America, damn relativity and all that.

> Your best bet is to store cryptographic keys offsite and leave the data in the cloud. There's a market opportunity for someone who can wrap that up in a reasonable API/library for use on EC2/GCP/Azure.

Is there actually a market for this that people would pay for, or is it just something that people would like to exist?

Sure, for downstream SAAS to use for customers. I think it'd be a nice add-on for services with customers outside the US who are wary of overreach. So if there are two web email vendors, and one has this protection and the other doesn't, it may be the deciding factor for a customer. The one that has that protection could use this service to do that for them.

Even without the national boundary feature, good crypto APIs not bound to your compute vendor is a nice thing to have.