Joshua Moynehan
|Blog
|2026-06-23|9 min
Enterprise buyers in Europe's regulated markets are asking where voice data goes before they ask about pricing. Here is what changed, and what it means for every service provider selling voice.
TL;DR
• European sovereign cloud spending has grown 83% in 2026 alone. Enterprise buyers are paying for sovereignty as a commercial requirement.
• France moved 2.5 million civil servants to sovereign infrastructure. Regulated markets are setting a procurement direction that will reach your customers.
• Microsoft's voice AI is US-hosted only. EU Data Boundary customers cannot use it. Providers on EU infrastructure fill this gap today.
• 70% of organizations cite sovereign controls over network infrastructure as the most important component of technical sovereignty (IDC).
• Providers who answer the sovereignty question confidently are advancing in deals others are being filtered out of.
Let’s be honest. Not long ago the sovereignty question was at the bottom half of the pile when it came to buying decision influencers. Buyers asked about uptime, integration and pricing but residency was more of a legal appendix. Today, that’s far from the reality as across enterprise, mid-market and SMB, sovereignty is moving from the back of the RFP to the filter that decides who gets invited to the commercial conversation in the first place, with regulated sectors leading the way and the rest of the market following quickly behind.
So what actually changed? And, more importantly, what do you do about it?
Sovereignty used to be a legal item on the procurement checklist. What changed?
Last year was a defining period that shifted sovereignty from compliance category to commercial reality.
Specifically, in June 2025 Microsoft's representatives indicated in testimony to the French Senate that they could not guarantee French data stored in European Microsoft data centres is fully protected from US government access requests. The US CLOUD Act (2018) compels American companies to respond to US authority requests regardless of where data physically sits, creating a jurisdictional tension that European legal teams are increasingly flagging in procurement. That tension is now part of the public record.
The market data makes the commercial consequence concrete.
According to Gartner, European sovereign cloud spending will reach $12.6 billion in 2026, growing 83% year-over-year. By 2027, Europe is forecast to surpass North America in sovereign cloud spending. This important trend puts the focus back on geopatriation as organisations relocate workloads based on political and regulatory context, not just technical requirements alone.
Figures from IDC frame this up for service providers. 28% of EMEA enterprises are now more likely to use network service providers based in their own region due to geopolitical uncertainty. 70% say sovereign control over network infrastructure software is their most important component of technical sovereignty. 30% of telcos plan to migrate applications to country sovereign cloud infrastructure this year.
What France's procurement decision signals for the rest of Europe
In January 2026, France moved 2.5 million civil servants to sovereign infrastructure, replacing US-hosted collaboration tools with a certified French alternative. But France is not alone in moving to more sovereign ground. Germany's Schleswig-Holstein completed 80% of a 30,000-workstation Windows-to-Linux migration this year, saving EUR 15 million in licensing costs. Denmark, the Netherlands and Austria have each published formal digital sovereignty strategies. The pattern is clear to see.
For service providers building around Teams voice in European markets, the indicators across Germany, Denmark, the Netherlands and Austria all point in the same direction. Customers are seeing sovereignty come up earlier in the sales conversation, with regulated sectors setting the pace and the rest of the market closing the gap. The question is whether your answer is ready when it does.
Digital Operational Resilience Act (DORA)
What sovereignty actually means for your voice data
When a business makes a phone call through your platform, four categories of data are generated. Call metadata reveals communication patterns. Call recordings create a permanent record of what was said and agreed. Transcriptions, when AI converts audio to text, create a written record subject to EU AI Act transparency obligations from August 2026. AI-processed data, when models analyse calls for sentiment, topics or compliance flags, generates derived insights from voice content.
Every category is subject to GDPR. Where it is processed, and which jurisdiction governs it, determines your exposure and your customer's.
As of April 2026, Microsoft's real-time voice AI in Copilot Studio is hosted in North America only. EU Data Boundary customers cannot use it at all. Customers outside North America must allow cross-geography processing, sending audio data to US-hosted models.
The service provider running voice on EU infrastructure closes that gap. Microsoft provides the collaboration platform. You provide the voice layer, with all data processed under EU jurisdiction, through a European company governed by European law.
"The goal is not to achieve perfect independence, but to build resilience through trust, working with trusted providers where full sovereignty is impractical, while retaining genuine control where it matters most." GSMA Intelligence, Sovereign Enough, April 2026
The regulatory stack making sovereignty a hard commercial requirement
No single regulation makes sovereignty mandatory for every use case. But five EU regulations are converging to make it commercially decisive for regulated enterprise customers.
GDPR and Schrems II limit personal data flows to the US unless specific conditions are met. A US company operating EU data centres is still subject to the CLOUD Act, which creates a conflict that EU-based legal teams are increasingly flagging as unresolvable.
The EU AI Act introduces voice AI transparency obligations from August 2026. High-risk AI systems must operate under EU jurisdiction. Providers using voice AI on US-hosted models face direct compliance exposure from this date.
NIS2 requires essential and important entities, including telecom operators, cloud providers and managed service providers, to manage supply chain security and demonstrate infrastructure resilience.
DORA requires financial entities to manage ICT third-party risk and limits concentration risk with any single provider. Financial customers need communication infrastructure on EU sovereign platforms to meet DORA obligations.
The EU Data Act reduces vendor lock-in through mandatory cloud switching and data portability. Sovereign providers benefit as customers exercise these rights.
Taken together, these regulations create an environment where customers across enterprise, mid-market, SMB and SOHO face increasing compliance pressure from non-EU communication providers, with regulated sectors carrying the highest immediate exposure. The provider who simplifies this compliance conversation wins the deal.
Three commercial advantages for providers who can answer the question
First, you win deals in regulated verticals that non-sovereign providers cannot enter. Financial services, healthcare and public sector customers have requirements that exclude or disadvantage US-hosted voice infrastructure, and in these deals the qualification criteria eliminates most competitors before pricing is even discussed.
Second, you can charge a premium as enterprises are actively choosing sovereign infrastructure and accepting any price difference. Enterprises are paying for sovereignty because it removes a compliance cost they would otherwise manage internally, which supports premium per-seat pricing rather than competing on cost.
Third, you protect against disintermediation. As Microsoft adds more AI capabilities to Teams Phone, including Copilot transcription and voice agents, the service provider's role risks shrinking to the trunk. Sovereignty is the dimension where providers on EU infrastructure retain a position that the global platform cannot replicate today, with Microsoft's voice AI currently running on US-hosted infrastructure.
The GSMA framing from their April 2026 research is the right one: sovereignty is about resilience, and resilience is about keeping control where it matters most. Use the global platform for collaboration, and keep voice data and AI processing under European control through a trusted European partner. That is the commercial story that works for every service provider selling Teams voice in European markets.
Dstny's Always-On Communications platform is European by Design: voice data processed within EU jurisdiction, by a European company, governed by European law. Dstny partner programme.
FAQ
What is data sovereignty and why does it matter for service providers?
Data sovereignty covers three layers: data residency (where data is physically stored), legal/jurisdictional control (which country's laws govern access), and operational control (who administers the infrastructure). For service providers, all three matter. A US-owned company operating EU data centres is still subject to the US CLOUD Act, meaning EU-hosted data on US infrastructure is not legally sovereign. Providers on EU-owned infrastructure, governed by European law, satisfy all three layers and can demonstrate this to buyers across enterprise, mid-market, SMB and SOHO segments.
What is the CLOUD Act and how does it affect European voice data?
The US CLOUD Act (2018) requires US-based technology companies to provide data to US authorities on request, regardless of where that data is physically stored. For voice data processed through US-owned infrastructure, including call recordings, transcriptions and AI-processed call content, this means US authorities can compel access even if the data sits in a European data centre. Providers on EU-owned infrastructure are not subject to the CLOUD Act.
Can European customers use Microsoft's voice AI on Teams Phone?
As of April 2026, Microsoft's real-time voice AI in Copilot Studio is hosted in North America only. EU Data Boundary customers cannot use it at all. Customers outside North America must allow cross-geography processing, sending audio data to US-hosted models. For European enterprise customers who need voice AI on Teams Phone, a service provider offering voice AI on EU infrastructure closes this gap.
Which EU regulations make data sovereignty a hard requirement for communications?
Five regulations converge: GDPR/Schrems II (lawful data transfer limits), the EU AI Act (voice AI transparency obligations from August 2026), NIS2 (supply chain security for telecoms and cloud providers), DORA (ICT third-party risk management and concentration risk limits for financial entities), and the EU Data Act (cloud switching and portability). Together they create significant compliance risk for customers across enterprise, mid-market, SMB and SOHO who rely on non-EU communication providers.
How does partnering with an EU-based voice provider close the sovereignty gap?
Partnering with an EU-based voice provider means you offer the Teams collaboration platform from Microsoft and the voice layer, with all data processed under EU jurisdiction, through a European company governed by European law. This model works across enterprise, mid-market and SMB customers: regulated workloads such as voice data, AI-processed call content and compliance recordings run on EU sovereign infrastructure, while the broader collaboration stack runs on the global platform.
Dstny is an Always-On Communications platform built for Service Providers across Europe. European by Design: voice data processed within EU jurisdiction, by a European company, governed by European law. Want to know how Dstny closes the voice sovereignty gap for your enterprise customers? Dstny Call2Teams
