Trump’s Impact on Cyber Security & Europe

Written by Marc Nimmerrichter on 25.11.202415.01.2025

This article is a commentary on the assessment of current political developments and their impact on cyber security and Europe by Florian Schweitzer and Marc Nimmerrichter. The article was first published on November 25, 2024 as press release.

What can we expect from Trump regarding Europe?

Trump will take national interests into account even more and exert political pressure to protect US companies. In contrast to his first term in office, there is currently little resistance to him and his policies from tech companies in the US.

Vance vs. DSA to protect X

Trump’s vice president JD Vance has threatened to stop protecting the EU through NATO if it enforces the Digital Services Act (DSA) against Elon Musk’s X (formerly Twitter) platform[1]. The DSA provides for conduct and transparency obligations for online platforms, among others. X is currently facing billions in fines for failing to restrict the spread of false information and hate speech. Trump has already shown in his first term that he will not base his foreign policy on values and existing alliances. “America First” will also apply during his second term and, as a tough negotiator, he will use the available means of pressure. It is not unlikely that the DSA will also be targeted.

Trump vs. DSGVO

The GDPR is intended to protect European personal data. However, it conflicts with the access of US authorities to this data. So far, the GDPR has been interpreted in Europe to mean that personal data must be stored at least in their European data centers when using US clouds. However, in his last term in office, Trump already passed the CLOUD Act (Clarifying Lawful Overseas Use of Data Act), which enforces access by US authorities to EU data even if it is stored outside the USA. With a decree related to Privacy Shield 2.0, Joe Biden slightly restricted US access to EU citizens’ data in that this access must be necessary to achieve defined national goals and there should be mechanisms for dealing with complaints from EU citizens[2]. It is questionable whether this third attempt to harmonize EU and US law will hold up before the ECJ (the “Safe Harbor” and the subsequent first “Privacy Shield” agreement were overturned before the ECJ), especially because President Trump could revise the compromises agreed by Joe Biden. If the compromise is overturned by the ECJ, a new agreement between the US and the EU under President Trump is not very likely. For companies in the EU, this would increase legal uncertainty, particularly when using cloud services, and in the worst case could lead to US clouds no longer being able to be used to store personal data. This in turn would mean a competitive disadvantage for European companies.

Erpressbarkeit der EU durch das US-Cloud-Monopol

The EU has fallen behind in the cloud computing business. There is not a single company from the EU among the top 10 hyperscalers. The first 5 places are occupied by US companies, led by Amazon AWS, Microsoft Azure and Google Cloud. But the use of the cloud is also progressing at a rapid pace in the EU. This means that EU companies are heavily dependent on the US tech giants. As we have seen in the example of the Russia-Ukraine war, a withdrawal from a market can faster than one might expect[3] [4] [5]. Even if economic interests do not make such a move against the EU foreseeable in the near future, this could still prove costly for the EU if transatlantic relations deteriorate.

Hacking und Spionagesoftware

The US Department of Commerce maintains the Entity List pursuant to Section 744.11(b) of the Export Administration Regulations (EAR), a list of companies that violate the national interests of the USA. Export and transport restrictions apply to these companies. As a step to put human rights at the center of a values-based foreign policy of the Biden administration, several companies were added to this list. These companies produce espionage tools that have been proven to be used against journalists, business people, activists and government members and enable authoritarian governments to repress. This includes the Israeli NSO Group, which is close to the Netanyahu government or at least supported by it[6].

Due to the closeness of Trump and Netanyahu, it is possible that these restrictions are lifted for Israeli companies[7]. This would open up barriers to the protection of dissidents and freedom of expression in authoritarian countries. But not only there – the Pegasus spy software from the NSO Group has also been used by EU governments against their citizens for political purposes[8]. There are also connections to Sebastian Kurz, whose current business partner was previously managing director of the NSO Group.

[1] https://www.fr.de/politik/musk-nato-trump-vance-militaer-unterstuetzung-eu-x-twitter-bussgeld-usa-regierung-zr-93403255.html
[2] https://www.tagesschau.de/ausland/europa/eu-usa-datenschutzabkommen-101.html
[3] https://www.derstandard.at/story/2000134151597/rueckzug-von-amazon-microsoft-und-co-russland-geht-der-datenspeicher
[4] https://www.kettner-edelmetalle.at/news/us-sanktionen-zwingen-internationale-it-dienstleister-russland-zu-verlassen-13-09-2024
[5] https://www.derstandard.at/story/2000133959963/von-amazon-bis-red-hat-welche-tech-firmen-russland-verlassen
[6] https://www.derstandard.at/story/3000000229758/wie-israel-die-ueberwachungssoftware-pegasus-zum-staatsgeheimnis-machte
[7] https://kurier.at/politik/ausland/us-wahl-2024-sieg-trump-harris-israel-gaza-krieg-nahost-netanjahu/402972698
[8] https://orf.at/stories/3292919/