The U.S. CLOUD Act restricts the use of AI-powered services in Europe.

Post author:Pasi Petäjä
Post last modified:August 11, 2025

No worries on Eximiatutor’s AIcheq AI assessment and data protection

The EU’s AI Act and the GDPR (General Data Protection Regulation) are crucial for defining how different AI applications can be used in the EU. In the summer of 2025, the French Senate heard from a Microsoft Europe representative about data security in Europe. The representative stated that it’s not possible to completely rule out the possibility that the data of European citizens or companies could be accessed by U.S. federal authorities if they so wish. This led to widespread news coverage about the impact of the U.S. CLOUD Act.

The CLOUD Act (Clarifying Lawful Overseas Use of Data Act) allows U.S. authorities to demand data from U.S. tech companies, even if that data is stored outside the United States. This has created tension, especially with the EU’s GDPR, which restricts the transfer of personal data outside the EU. The data security risk particularly affects AI companies and their applications, such as ChatGPT, Co-pilot, and Gemini.

The problem affects not only the development of AI services but also, more broadly, all data stored in the cloud solutions of U.S. companies. In practice, most of the world’s data resides on servers owned by U.S. companies. The three largest cloud providers and AI companies—Microsoft, Google, and Amazon—have committed to following local data security regulations like GDPR. This includes storing data locally in Europe.

Both Microsoft and Google have taken a strong stance on data protection and have stated their opposition to inappropriate data requests.

AWS has publicly announced that they will challenge government data requests that are overly broad or improper, especially when they conflict with applicable data protection laws such as the GDPR. Their principle is to disclose only the minimum amount of information if they are legally obligated to do so.

Eximiatutor’s AIcheq AI assessment and solutions are European and thus compliant with EU regulations. Furthermore, the data is stored on AWS servers, which have been chosen by large cities and various major information systems. While absolute data protection doesn’t exist, AWS’s model is considered to be the most compliant and least risky for storing data within the EU.

The focus now is on how the interpretation of data security and legislation will evolve between the U.S. and the EU. As it stands, small and medium-sized businesses in the EU are expected to receive some simplification to their data protection practices, but without weakening the core principles of data protection.

Background of AI assessment

In 2017, we embarked on a journey to revolutionize learning with technology. Our pioneering research and development began with deep mathematical modeling, leading to the engineering of our first groundbreaking NLP and parsing algorithms by 2018. This ambitious work culminated in the 2024 unveiling of our two-phased AI assessment technology. This powerful platform, featuring Large Language Models for both textual and math assessments, is a game-changer. It provides students with instant feedback that fuels their success, while giving teachers an assessment proposal tool that frees up their valuable time to focus on what matters most: teaching.

No worries on Eximiatutor’s AIcheq AI assessment and data protection

You Might Also Like

Eximiatutor’s artificial intelligence is different from generative artificial intelligence

Näin tekoäly säästää 160 miljoonaa euroa Suomen koulutuksessa – aicheq-analyysi

The most important features of Eximiatutor’s AI assessment