Competitor Analysis · Teams

Teams is in every ministry.
Microsoft swore under oath it cannot guarantee your data stays there.

Microsoft Corporation is a US company headquartered in Redmond, Washington. Under the CLOUD Act (18 U.S.C. § 2713), every Teams meeting, Copilot AI transcript, and Teams Chat message handled through Microsoft infrastructure is subject to US government compelled disclosure — regardless of data centre location. In June 2025, Microsoft's own executive admitted this under oath before the French Senate. Switzerland's data protection commissioners have formally restricted Microsoft 365 for sensitive data. France is migrating to a sovereign Matrix-based alternative.

Switch to sovereign → See the comparison
Teams: Microsoft Corp. (US) jurisdiction Microsoft Copilot processes all meeting content AMVLET: No US jurisdiction. No exceptions.
Key alerts
French Senate, June 2025: Microsoft executive admits under oath — "No, I cannot guarantee" data sovereignty
Swiss Data Protection Commissioners: formally restrict Microsoft 365 for sensitive government data
CLOUD Act: jurisdiction follows provider nationality, not server location — Teams is always US jurisdiction
Saudi PDPL Art. 29: Teams CLOUD Act compliance structurally conflicts with KSA data sovereignty requirements
$150/yr
Microsoft 365 Business Standard per user per year — every Teams meeting, Copilot AI transcript, and Chat message on that plan flows through Microsoft's US-jurisdiction infrastructure, fully accessible under the CLOUD Act
0
GDPR Article 48 mechanisms that permit lawful CLOUD Act compliance for Teams users — the structural conflict between EU data protection law and US compelled disclosure remains unresolved across all Microsoft 365 plans
300K+
French civil servants already on Tchap — France's sovereign Matrix-based messaging platform — as the government migrates away from US cloud providers for sensitive communications. Built on the same open standard as AMVLET.
1:1
The Matrix open standard maps directly to every Teams feature — meetings, messaging, voice, video, Copilot-equivalent AI, federation — with full data sovereignty, no US jurisdiction, and zero per-seat licensing on self-hosted deployments
Feature comparison

Microsoft Teams vs AMVLET — every feature, every exposure

The same meetings, AI transcripts, and persistent messaging — with one critical difference: who has legal access to everything your organisation says.

Feature Teams Essentials M365 Business Basic M365 Business Standard M365 E3 Enterprise AMVLET · Matrix Sovereign
Meetings & Video
Video conferencing
Max attendees 300 300 300 1,000 Unlimited
Screen sharing
Breakout rooms
Webinars & large events Add-on
Recording & Storage
Meeting recording Microsoft cloud only Microsoft cloud only Microsoft cloud only Your sovereign storage
Recording jurisdiction Microsoft / US Microsoft / US Microsoft / US Your jurisdiction
SharePoint & OneDrive storage Microsoft / US Microsoft / US Microsoft / US Your jurisdiction
AI & Transcription
AI meeting summaries Copilot — add-on Copilot — add-on Copilot — add-on Optional — on-prem
AI transcription Microsoft processes content Microsoft processes content Microsoft processes content Optional — sovereign
AI action items & follow-ups Microsoft AI — US jurisdiction Microsoft AI — US jurisdiction Microsoft AI — US jurisdiction Optional — sovereign
AI data jurisdiction Microsoft / US Microsoft / US Microsoft / US Your jurisdiction
Messaging & Calling
Persistent team messaging
Voice & video calling
Phone (PSTN calling) Add-on Add-on Add-on
End-to-end encryption 1:1 calls only 1:1 calls only 1:1 calls only 1:1 calls only E2EE by default
Sovereignty & Security
Data jurisdiction Microsoft / USA Microsoft / USA Microsoft / USA Microsoft / USA Your jurisdiction
CLOUD Act exposure YES — Microsoft YES — Microsoft YES — Microsoft YES — Microsoft NO
GDPR Art. 48 conflict YES YES YES YES None
PDPL (Saudi Arabia) conflict YES YES YES YES None
Gag order risk (§ 2705(b)) YES YES YES YES Not applicable
Executive admission under oath French Senate 2025 French Senate 2025 French Senate 2025 French Senate 2025 Not applicable
Swiss DPO restriction Restricted Restricted Restricted Restricted Not applicable
Cryptographic key ownership Microsoft Microsoft Microsoft Partial BYOK You
Self-hostable
Air-gapped deployment
Open Standard & Federation
Open standard protocol Proprietary Proprietary Proprietary Proprietary Matrix (open)
Interoperable federation ✓ Cross-org
Vendor lock-in Microsoft Microsoft Microsoft Microsoft None
Interchangeable clients
NIS2 supply-chain compliance Cannot satisfy Cannot satisfy Cannot satisfy Cannot satisfy Full documentation
EU Tech Sovereignty Package ready No No No No Yes
The Teams exposure

What Microsoft Teams exposes under the CLOUD Act

Microsoft Corporation is headquartered in Redmond, Washington. Every service it provides — regardless of data centre location — falls under US jurisdiction. This is not speculation. It is what Microsoft's own executive confirmed under oath before the French Senate on 18 June 2025.

Critical

Teams meetings, recordings, and Copilot AI transcripts

Every Teams meeting recording — and every Copilot AI-generated transcript, meeting summary, action item, and follow-up — is stored on Microsoft-controlled US infrastructure. A single CLOUD Act order compels Microsoft to produce the complete contents of your most sensitive meetings: board sessions, legal strategy, M&A discussions, intelligence briefings, and diplomatic communications. Microsoft's own Transparency Reports confirm it regularly receives and complies with government data requests. Data centre location is legally irrelevant — the obligation follows Microsoft's corporate nationality, not its server geography.

CLOUD Act § 2713 · Compelled disclosure of stored communications regardless of location
Under Oath

Microsoft admitted it cannot guarantee data sovereignty

On 18 June 2025, Anton Carniaux — Microsoft France's director of public and legal affairs — testified before the French Senate's inquiry into European digital sovereignty. Asked directly whether he could guarantee, under oath, that French citizen data could not be transmitted to the US government without France's consent, Carniaux answered: "No, I cannot guarantee that." No contractual commitment, no EU data centre, and no technical architecture Microsoft offers changes this. The CLOUD Act obligation is structural. Microsoft confirmed this under oath.

"No, I cannot guarantee that, but, again, it has never happened before."
Anton Carniaux — Microsoft France, director of public and legal affairs — French Senate, 18 June 2025
CLOUD Act § 2713 + French Senate testimony, June 2025 · Microsoft under oath: sovereignty cannot be guaranteed
High Risk

Teams Chat, SharePoint, and OneDrive — all exposed

Teams messaging does not exist in isolation. Every Teams Chat message, SharePoint document, OneDrive file, and shared calendar entry is stored on Microsoft's US-jurisdiction cloud. For government organisations, this means the entire information architecture — policy documents, sensitive correspondence, financial data, personnel records, and classified attachments — sits within reach of US legal process. Switzerland's Conference of Data Protection Commissioners formally concluded that this structural exposure makes Microsoft 365 incompatible with sensitive public sector use, urging Swiss authorities to "heavily restrict" its use for sensitive data and to transition to self-hosted alternatives.

GDPR Art. 48 + Swiss DPO Resolution · Microsoft 365 restricted for sensitive Swiss government data
Structural

PDPL conflict: Saudi Arabia's data is not protected

Saudi Arabia's Personal Data Protection Law (PDPL, Royal Decree M/19) restricts cross-border transfer of personal data outside the Kingdom without NDMO authorisation. When a US CLOUD Act order compels Microsoft to produce data of Saudi users or Saudi organisations — government ministries, financial institutions, healthcare providers — Microsoft must comply. There is no US–Saudi bilateral CLOUD Act executive agreement, no PDPL-compliant transfer mechanism for compelled disclosures, and no right to notify the data subject. The conflict is structurally identical to GDPR Article 48: following US law means violating Saudi law. No Microsoft contractual commitment resolves this — as Microsoft itself has now acknowledged under oath.

PDPL Art. 29 (KSA) + CLOUD Act § 2713 · Cross-border transfer without NDMO authorisation is a violation
Silent Risk

Gag orders: your organisation will never know

Under 18 U.S.C. § 2705(b), US authorities can attach a non-disclosure order to a CLOUD Act demand, legally prohibiting Microsoft from informing you that your data was requested or produced. This directly conflicts with GDPR's transparency obligations (Articles 13–14) and eliminates any practical ability to challenge the disclosure. Your ministry, legal department, or security services may have had their most sensitive discussions reviewed by a foreign government — and the law ensures you are never told. Microsoft Carniaux's Senate testimony acknowledged this risk directly: even Microsoft's challenge process does not protect against legally justified orders.

18 U.S.C. § 2705(b) + GDPR Arts. 13–14 · Compelled non-disclosure violates EU transparency obligations
Legislative

France is leaving Teams. Europe is accelerating the exit.

France's government has formally begun migrating to Tchap — a Matrix-based sovereign messaging platform built on the same open standard as AMVLET. Over 300,000 French civil servants are already on Tchap, with full migration from US cloud providers targeted by 2027. The EU Commission's "Tech Sovereignty Package" (CADA, May 2026) proposes restricting US cloud providers from processing sensitive EU public sector data — financial, judicial, health, and national security information. Microsoft, as a US-headquartered provider, falls directly within scope. The direction of European policy is unambiguous: Teams is being structurally excluded from the most sensitive government workloads.

EU CADA (proposed May 2026) + France Tchap migration · 300,000+ civil servants already sovereign; legislation accelerating exit
The open standard advantage

Matrix: the sovereign backbone that replaces Teams — already trusted by governments

The Matrix open standard (spec.matrix.org) delivers everything Teams offers — persistent messaging, video meetings, voice, file sharing, Copilot-equivalent AI — on an open, vendor-neutral protocol where your organisation controls its own server, its own data, and its own encryption keys. No Microsoft, no US jurisdiction, no CLOUD Act applicability at any layer.

France's government built Tchap on Matrix. Over 300,000 French civil servants already use it. The technology that Europe's governments are migrating to is the same open standard that powers AMVLET. This is not a theoretical alternative — it is proven, production-grade sovereign communication infrastructure deployed at national scale.

AMVLET is built on Element Server Suite (ESS Pro), the enterprise-grade implementation of the Matrix standard. For EU organisations subject to GDPR and the incoming CADA legislation, and for organisations in Saudi Arabia subject to PDPL, Matrix is the only architecturally sound path: a communications platform where CLOUD Act compelled disclosure is not a risk to manage — it is structurally impossible because no US company controls the data.

Read the Matrix specification →
No US jurisdiction at any layer — CLOUD Act inapplicable
Matrix servers deploy in your own data centre, a sovereign EU cloud, or a KSA-resident facility. No Microsoft, no US infrastructure at any point in the architecture. CLOUD Act compelled disclosure is not mitigated — it is structurally impossible because no US company controls the data. What Microsoft admitted it cannot guarantee under oath, Matrix guarantees by architecture.
End-to-end encryption by default — no Microsoft key access
Matrix encrypts messages end-to-end with keys generated on your devices. Microsoft Teams E2EE is limited to 1:1 calls only — group meetings, recordings, Copilot AI, and Teams Chat are not E2EE. With Matrix, nobody — including AMVLET — can decrypt your communications. A CLOUD Act order directed at AMVLET would produce nothing decryptable.
Trusted by governments — 300,000+ civil servants on Matrix today
France's Tchap, built on Matrix and Element Server Suite, connects over 300,000 civil servants across French government ministries. This is the same architecture AMVLET delivers. Matrix is not an emerging alternative to Teams — it is the platform governments are actively migrating to, at national scale, precisely because Teams cannot guarantee data sovereignty.
GDPR and PDPL compliance by architecture, not by contract
When no US company is in the data path, the GDPR Article 48 conflict and the Saudi PDPL Article 29 conflict cease to exist. Compliance is an architectural fact — not a contractual assurance from a US company that remains subject to US law regardless of what its contracts say. This is the distinction Microsoft's own Senate testimony made clear: contracts cannot override US law.
EU Tech Sovereignty Package ready — today
As the EU Commission moves to restrict US cloud providers from sensitive public sector data, and as France's Tchap migration demonstrates, the architecture that satisfies the incoming CADA regulation is available now. AMVLET on Matrix requires no procurement rework, no compliance transition, no legislative risk. The sovereign answer exists — it is proven, and it is here.
The platform choice

What you accept with Teams vs. what you control with Matrix

Microsoft Teams — what you accept

Teams holds your government's communications. Microsoft holds the keys.

  • All recordings, Copilot AI transcripts, Teams Chat messages, and SharePoint documents on Microsoft's US-jurisdiction infrastructure — fully compellable under the CLOUD Act
  • Microsoft's own executive confirmed under oath before the French Senate: "No, I cannot guarantee" that your data cannot be transmitted to the US government
  • Gag orders under § 2705(b) mean you will not be notified when your organisation's most sensitive discussions are produced to US authorities
  • GDPR Article 48 conflict is structural and unresolvable — Switzerland's data protection commissioners formally restrict Teams for sensitive government data
  • Saudi PDPL Article 29 conflict is equally unresolvable — no US–KSA executive agreement exists
  • E2EE covers only 1:1 calls — group meetings, recordings, Copilot AI, and all Teams Chat are not end-to-end encrypted
  • EU CADA legislation (2026) is moving to restrict Teams and all US providers from sensitive public sector workloads
VS
AMVLET · Matrix — what you control

Your infrastructure. Your keys. Your jurisdiction. Proven at scale.

  • No US company in the data path — CLOUD Act applicability is structurally eliminated, not contractually promised away
  • What Microsoft cannot guarantee under oath, Matrix guarantees by architecture: no US jurisdiction means no CLOUD Act compelled disclosure
  • GDPR and PDPL compliance by architecture: data stays in the jurisdiction where it is governed, with no US intermediary
  • E2EE by default across all messaging, group meetings, and calls — keys generated on your infrastructure
  • AI processing optional, deployable on your own sovereign infrastructure, with no data leaving your jurisdiction
  • EU CADA-ready today — the same sovereign architecture France already deployed at national scale with 300,000+ civil servants
  • No vendor lock-in: Matrix is an open standard — switch clients, switch providers, retain your data, your history, your deployment
Common questions

Replacing Teams: what governments and enterprises ask

What did Microsoft actually admit in the French Senate, and why does it matter?+
On 18 June 2025, Microsoft France's director of public and legal affairs, Anton Carniaux, testified under oath before a French Senate inquiry into digital sovereignty and public procurement. He was asked directly whether he could guarantee that French citizen data held on Microsoft's servers could not be transmitted to the US government without France's explicit consent. His answer was unambiguous: "No, I cannot guarantee that." This is the most significant public admission ever made by a US hyperscaler executive regarding CLOUD Act exposure. It confirmed, under oath, what data protection authorities across Europe had long argued: no contractual commitment, no EU data centre, and no technical measure offered by Microsoft can override the obligation created by the CLOUD Act (18 U.S.C. § 2713). The law compels disclosure. Microsoft cannot legally refuse a valid, well-framed request. And now they have said so themselves, publicly, under oath.
Microsoft says my data is stored in European data centres. Doesn't that make it safe from the CLOUD Act?+
No — and this is precisely the misunderstanding Microsoft's own French Senate testimony confirmed. The CLOUD Act (18 U.S.C. § 2713) applies based on the nationality of the provider, not the physical location of the data. Microsoft Corporation is incorporated in the United States and headquartered in Redmond, Washington. A CLOUD Act order compels Microsoft to produce data from any server it operates, anywhere in the world — including Frankfurt, Amsterdam, Dublin, or Paris. Choosing a "European data centre" option in Microsoft 365 has no legal effect on this obligation. Carniaux's Senate testimony was explicit: even with European data residency enabled, Microsoft would be "obliged to transmit the data" if a well-framed CLOUD Act request arrived. Switzerland's data protection commissioners reached the same conclusion and formally restricted Microsoft 365 for sensitive government data on this basis.
Does the CLOUD Act create a conflict with Saudi Arabia's PDPL for Microsoft Teams?+
Yes — and the conflict is structurally unresolvable. Saudi Arabia's Personal Data Protection Law (PDPL, Royal Decree M/19) restricts the cross-border transfer of personal data outside the Kingdom without prior authorisation from the National Data Management Office (NDMO). When a US CLOUD Act order compels Microsoft to produce data belonging to Saudi organisations or Saudi users — government ministries, Vision 2030 entities, financial institutions, healthcare providers — Microsoft must comply under US law. There is no US–Saudi Arabia bilateral CLOUD Act executive agreement (the US has such agreements only with the UK and Australia as of 2025). There is no PDPL-compliant mechanism to legitimise a CLOUD Act compelled disclosure. The organisation subject to the order would simultaneously violate PDPL and be unable to prevent it. Microsoft's own Senate admission — that it cannot guarantee data sovereignty — applies equally in Saudi Arabia: no contractual assurance resolves a conflict between two mandatory legal obligations.
Why is France moving away from Teams? Can I trust Teams if it's used by so many governments?+
France's migration is precisely because Teams is used by so many governments — and European governments now understand that widespread adoption does not equal sovereignty. France's government created Tchap, a sovereign messaging platform built on the Matrix open standard and Element Server Suite, to provide the same functionality as Teams without US jurisdiction exposure. Over 300,000 French civil servants are already on Tchap, and France's government has set a target to migrate sensitive communications away from US cloud providers by 2027. The Swiss data protection commissioners have formally restricted Microsoft 365. The EU Commission's CADA legislation (May 2026) proposes restricting US providers from sensitive public sector workloads. The pattern is clear: governments that once adopted Teams for convenience are now identifying the structural sovereignty risk and migrating to architecturally sound alternatives. The fact that Teams is widely used does not make it legally compliant — it makes the migration challenge larger.
Can Matrix and AMVLET actually replace Teams at government scale?+
Yes — and it already has. France's Tchap deployment, connecting over 300,000 civil servants, is the proof of concept at national scale. The Matrix standard covers the full Teams feature set: persistent encrypted messaging (equivalent to Teams Chat), voice and video calling, group meetings with screen sharing and breakout rooms, large-scale events, file sharing, and — with AMVLET's deployment — meeting recording stored on your own sovereign infrastructure. For AI capabilities equivalent to Microsoft Copilot (transcription, meeting summaries, action items, follow-ups), AMVLET supports optional on-premise AI processing — the AI runs on your infrastructure with no data leaving your jurisdiction. The critical architectural difference is that Matrix is an open standard: your organisation controls its own server, its own data, and its own keys. Crucially, Matrix enables cross-organisation federation — different government agencies can communicate directly, server-to-server, without routing communications through a US intermediary. What Teams cannot offer is sovereignty. That is precisely why 300,000 French civil servants are already on the alternative.

The same meetings. None of Teams' exposure.

Replace Microsoft Teams with a sovereign communications platform that delivers every feature — without putting your most sensitive government conversations under US jurisdiction or in scope for the EU's incoming Tech Sovereignty legislation.

Book a migration briefing → Explore Enterprise