Two Dutch regulatory agencies are investigating allegations that Microsoft leaked the names of Dutch civil servants to the U.S. government, raising serious questions about data sovereignty and cloud provider trustworthiness for government agencies.

Europe has been warning about this exact scenario for years. If proven, this validates every European privacy hawk's worst fears about American cloud providers and government data.

According to NL Times, Microsoft allegedly shared names of Dutch civil servants with the U.S. House of Representatives without redacting identifying information from emails, minutes, and invitations. These workers were employed by regulatory agencies implementing the Digital Services Act.

The agencies affected were the Authority for Consumers and Markets and the Dutch Data Protection Authority - which means the data protection watchdog itself had its employees' data allegedly leaked. The irony is almost too perfect.

State Secretary Willemijn Aerdts raised the issue with U.S. Ambassador Joe Popolo, saying: "If you have a problem, you fight it out with us or, if necessary, in Europe, but not against the backs of civil servants." That's diplomatic language for "this is completely unacceptable."

Here's the context that matters: American companies must comply with the Cloud Act, which requires them to share data with the U.S. government regardless of where that data is stored. European governments have long worried this creates an impossible situation - trust American cloud providers with sensitive data, knowing the U.S. government can demand access.

Netherlands thought it had safeguards in place. If those safeguards failed, or worse, if Microsoft simply ignored them, that's a massive breach of trust that will reverberate across European government procurement decisions.