What is the CLOUD Act?

The CLOUD Act is a U.S. federal law that clarifies how law enforcement can access data stored overseas by American tech companies.

Enacted on March 23, 2018, as part of the Consolidated Appropriations Act, it amends the 1986 Stored Communications Act to require U.S.-based providers to disclose data they control—regardless of server location—upon a warrant or subpoena. It also enables bilateral executive agreements with foreign governments, allowing reciprocal data access for serious crimes while imposing safeguards like privacy protections and challenge mechanisms for providers.

The law arose from cases like the FBI's 2013 attempt to access Microsoft emails stored in Ireland, addressing cloud computing gaps in prior statutes. Providers can now formally contest requests conflicting with foreign laws, but critics note risks to privacy for U.S. persons' data abroad.

Related content

The CLOUD Act, enacted in 2018, amends U.S. law to clarify how law enforcement accesses data stored by U.S. tech companies, regardless of server location.

It compels providers to disclose customer data on U.S. servers or abroad via warrants, while allowing challenges if foreign privacy laws conflict, and enables bilateral agreements with other nations for reciprocal access to combat serious crimes.

GDPR is an EU-wide privacy statute that limits what organisations may do with individuals’ personal data and how that data can be transferred outside the bloc.

The CLOUD Act is a U.S. criminal-procedure law that expands when U.S. authorities may compel cloud providers to hand over data—even if the bits sit in Europe.

One protects data subjects; the other empowers investigators. Because both reach across borders, they can collide, forcing companies to balance EU obligations to withhold data against U.S. orders to disclose it.

GDPR and the CLOUD Act pursue opposite goals—one to shield personal data, the other to expose it for legitimate policing—yet both claim global reach. Companies operating trans-Atlantically must design governance that can survive being pulled in both directions at once.

What is the CLOUD Act?

Related content

Try Easy Redmine in 30 days free trial