Competitor Analysis · Cisco Webex

Webex gives you great meetings,
and US authorities access to all of them.

Webex is a Cisco product. Cisco is a US company. Under the CLOUD Act (18 U.S.C. § 2713), every meeting recording, transcript, message, and call handled through Webex infrastructure is subject to US government compelled disclosure — regardless of where your data centre is located.

Switch to sovereign → See the comparison
Webex: Cisco (US) jurisdiction Webex: AI processes all meeting content AMVLET: No US jurisdiction. No exceptions.
$270/yr
Webex Suite per user per year — every meeting, recording, and AI-processed transcript on that plan flows through Cisco's US-jurisdiction cloud infrastructure, fully accessible under the CLOUD Act
0
GDPR Article 48 mechanisms that permit lawful CLOUD Act compliance for Webex users — the conflict between EU data protection law and US compelled disclosure is structurally unresolved for all Cisco products
100%
Of Webex paid plans store cloud recordings and process AI meeting summaries, transcriptions, and notes on Cisco-controlled US infrastructure — including the FedRAMP Enterprise tier
1:1
The Matrix open standard maps directly to every Webex feature — video, voice, messaging, recording, AI — with full data sovereignty, no US jurisdiction, and zero per-seat licensing on self-hosted deployments
Feature comparison

Webex vs AMVLET — every feature, every exposure

The same meeting, messaging, and calling capabilities — with one critical difference: who has access to the data.

Feature Webex Free $0 Webex Meet Webex Suite Webex Enterprise AMVLET · Matrix Sovereign
Meetings & Video
Video conferencing
Meeting duration limit 40 min 24 hours 24 hours 24 hours No limit
Max attendees 100 200 200 1,000 Unlimited
Screen sharing
Recording & Storage
Local recording
Cloud recording Cisco cloud — 10 GB Cisco cloud — unlimited Cisco cloud — unlimited Your sovereign cloud
Recording jurisdiction Cisco / US Cisco / US Cisco / US Your jurisdiction
AI & Transcription
AI Assistant Cisco AI Cisco AI Cisco AI Optional — on-prem
AI meeting summaries Cisco processes content Cisco processes content Cisco processes content Optional — sovereign
AI data jurisdiction Cisco / US Cisco / US Cisco / US Your jurisdiction
Messaging & Calling
Persistent messaging
Voice & video calling
PSTN calling
End-to-end encryption Transport only Transport only Transport only Transport only E2EE by default
Sovereignty & Security
Data jurisdiction Cisco / USA Cisco / USA Cisco / USA Cisco / USA Your jurisdiction
CLOUD Act exposure YES — Cisco YES — Cisco YES — Cisco YES — Cisco NO
GDPR Art. 48 conflict YES YES YES YES None
Self-hostable
Air-gapped deployment
Cryptographic key ownership Cisco Cisco Cisco Cisco You
Open Standard & Federation
Open standard protocol Proprietary Proprietary Proprietary Proprietary Matrix (open)
Interoperable federation ✓ Cross-org
Vendor lock-in Cisco Cisco Cisco Cisco None
Interchangeable clients
NIS2 supply-chain compliance Cannot satisfy Cannot satisfy Cannot satisfy Cannot satisfy Full documentation
The Cisco exposure

What Webex exposes under the CLOUD Act

Cisco is a US company headquartered in San Jose, California. Every service they provide — regardless of where the data centre is located — is subject to CLOUD Act compelled disclosure.

Critical

Meeting recordings and AI transcripts

Every cloud recording stored on Webex, and every AI-generated transcript and meeting summary produced by Cisco's AI Assistant, is held on Cisco-controlled infrastructure. A CLOUD Act order can compel Cisco to produce complete recordings and transcripts of your most sensitive meetings — board deliberations, M&A discussions, legal strategy, personnel matters — without notifying you.

CLOUD Act § 2713 · Compelled disclosure of stored communications
High Risk

All persistent messages and file transfers

Webex Messaging stores all chat history, files, and shared content on Cisco's servers. Unlike traditional email, enterprise messaging contains highly sensitive operational intelligence — decision trails, document drafts, confidential attachments, and informal strategic discussions. All of this is accessible via CLOUD Act compelled disclosure. GDPR Article 48 offers no lawful basis to resist such an order.

GDPR Art. 48 + ePrivacy Directive · No lawful transfer mechanism for CLOUD Act
High Risk

Call metadata and participant intelligence

Who called whom, at what time, for how long, from where, on which device — call detail records generated by Webex Calling and Webex meetings are stored on Cisco infrastructure. This metadata pattern is often more revealing than the content of the call itself. For organisations conducting sensitive negotiations, compliance investigations, or security-sensitive communications, this metadata is strategic intelligence held by a US corporation.

CLOUD Act § 2703 · Stored wire and electronic communications metadata
Structural

FedRAMP does not protect you from the CLOUD Act

Webex Enterprise advertises FedRAMP authorized security. FedRAMP is a US government security accreditation standard — it certifies that the infrastructure meets US federal security controls. It does not, in any way, grant immunity from CLOUD Act compelled disclosure orders. A FedRAMP-certified Cisco platform is equally subject to § 2713 compelled disclosure as any other Cisco product. The authorisation addresses security, not jurisdiction.

CLOUD Act § 2713 · FedRAMP certification is not a CLOUD Act exemption
Operational

Webex AI processes your most sensitive content

Webex's AI Assistant — included in Meet, Suite, and Enterprise — generates real-time transcriptions, meeting summaries, action item extraction, and conversation intelligence. This processing occurs on Cisco's AI infrastructure. The AI model ingests the full content of your meetings to produce these outputs, meaning not only are recordings compellable, but the derived AI intelligence — summaries, extracted decisions, identified participants — is also held on Cisco's servers and equally subject to disclosure.

CLOUD Act + GDPR Art. 22 · AI-processed content as stored communication
Compliance

EU data centre location is legally irrelevant

Many organisations assume that choosing a "European data centre" option in Webex resolves the jurisdiction problem. It does not. The CLOUD Act applies based on the nationality of the provider — not the location of the data. Cisco is a US company. A CLOUD Act order compels Cisco to produce data from its Frankfurt, Amsterdam, or Paris data centres just as effectively as from its US facilities. In 2025, Microsoft's French subsidiary confirmed the same structural impossibility for its own sovereign cloud products.

CLOUD Act § 2713 · Provider nationality, not data location, determines jurisdiction
The open standard advantage

Matrix: the sovereign backbone that replaces Webex — without the exposure

The Matrix open standard (spec.matrix.org) is the communication layer that Webex cannot be. It provides every feature of a modern collaboration platform — messaging, voice, video, file sharing, AI — built on an open, vendor-neutral protocol where every organisation controls its own server, its own data, and its own encryption keys.

Webex is a proprietary walled garden. When Cisco changes its pricing, its terms, or receives a CLOUD Act order, your communications go with it. Matrix makes each organisation's deployment independent — federated across boundaries, but sovereign within them.

AMVLET is built on Element Server Suite (ESS Pro), the enterprise implementation of the Matrix standard. It delivers the interoperability of email with the security of air-gapped military communications — at any scale, in any jurisdiction, with no US dependency at any layer.

Read the Matrix specification →
No US jurisdiction at any layer
Matrix servers can be deployed anywhere — your data centre, a sovereign EU cloud, an air-gapped facility. No Cisco, no AWS, no Azure, no GCP required at any point in the architecture.
Open standard federation between organisations
Unlike Webex — which forces all communications through Cisco's infrastructure — Matrix enables organisations to federate directly. Each party runs its own server; no US intermediary handles inter-organisational communications.
Interchangeable clients — no lock-in
Matrix separates the client from the server. Any Matrix-compliant client works with any Matrix server. Switch frontend, switch hosting provider, or build your own — without migrating data or renegotiating contracts.
End-to-end encryption by default
Matrix encrypts messages end-to-end with keys generated and held on your devices. Unlike Webex's transport-layer encryption — where Cisco holds the keys and can decrypt content — Matrix E2EE means nobody except the intended recipients can read your messages, including AMVLET.
Air-gapped deployment for classified environments
Matrix supports fully offline, air-gapped deployments with no external network dependency. Webex requires continuous connectivity to Cisco's cloud. AMVLET's air-gapped tier provides the collaboration features of Webex Enterprise in an environment Cisco cannot reach.
The platform choice

What you accept when you choose Webex vs. what you control with Matrix

Webex — what you accept

Cisco holds your communications. US law reaches them.

  • All meeting recordings, transcripts, and AI summaries stored on Cisco servers in US jurisdiction
  • CLOUD Act compelled disclosure possible for all stored content, with gag orders preventing you from being notified
  • Cisco AI processes the full content of every meeting on your paid plan
  • Call metadata — who spoke to whom, when, from where — held by Cisco indefinitely
  • No self-hosting, no air-gap, no way to remove Cisco from the data path
  • GDPR Article 48 conflict is structural and unresolvable for all Cisco products
  • Vendor lock-in: switching means losing all message history and rebuilding all integrations
VS
AMVLET · Matrix — what you control

Your infrastructure. Your keys. Your jurisdiction.

  • No US company in the data path — no CLOUD Act applicability at any layer
  • Cryptographic keys generated and held on your infrastructure — not AMVLET's
  • AI processing optional and deployable on your own sovereign infrastructure
  • Open standard federation: communicate across organisations without routing through any intermediary
  • Self-hosted, EU-sovereign cloud, or fully air-gapped — your choice, at any time
  • Full NIS2 essential entity supply-chain documentation provided
  • No vendor lock-in: Matrix is an open standard — your data and your deployment are yours
Common questions

Switching from Webex: what organisations ask

Webex says it uses European data centres. Doesn't that solve the CLOUD Act problem?+
No. This is the most common misunderstanding about cloud sovereignty. The CLOUD Act (18 U.S.C. § 2713) applies based on the nationality of the cloud provider — not the physical location of the data. Cisco is a US company incorporated in Delaware and headquartered in San Jose, California. A CLOUD Act order compels Cisco to produce data from any data centre it operates, anywhere in the world, including those in Frankfurt, Amsterdam, or Paris. Choosing a "European data centre" in Webex's settings has no legal effect on this obligation. Microsoft's French subsidiary confirmed the same structural issue in a Senate hearing in 2025: even purpose-built "sovereign cloud" products cannot guarantee immunity from US authorities when the provider is a US company.
Webex Enterprise has FedRAMP authorization. Doesn't that mean it's protected?+
FedRAMP and CLOUD Act immunity are entirely separate things. FedRAMP (Federal Risk and Authorization Management Program) is a US government security accreditation framework that certifies an infrastructure meets specific security controls required by US federal agencies. It says nothing about who can legally access the data held on that infrastructure. A FedRAMP-authorised Cisco platform is equally subject to CLOUD Act § 2713 compelled disclosure as any other Cisco product — FedRAMP authorisation does not constitute an exemption, a shield, or any form of legal protection from US law enforcement orders. The security certification and the jurisdictional exposure are completely independent legal and regulatory questions.
Can Matrix/Element really match all the features of Webex?+
Yes. The Matrix standard covers the full communication stack: persistent encrypted messaging, voice and video calling, file sharing, screen sharing, and — with AMVLET's deployment — meeting recording stored on your own sovereign infrastructure. For AI features (transcription, meeting summaries, action item extraction), AMVLET supports optional on-premise AI processing, meaning the AI runs on your infrastructure with no data leaving your jurisdiction. The key architectural difference is that Matrix separates the client from the server: you can choose the frontend interface that suits your organisation, run it against your own server, and federate with partner organisations — all without any US company touching the data path. What Matrix does not offer is vendor dependence: your data stays under your control, your jurisdiction, and your encryption keys permanently.
How does open standard federation work, and why is it better than Webex's approach?+
Webex's federation model requires all communications to route through Cisco's infrastructure. Even when you invite an external organisation into a Webex meeting or message thread, Cisco handles the session. This means Cisco holds records of all cross-organisational communications — and every one of those is CLOUD Act accessible. Matrix federation works like email: each organisation runs its own server (or has AMVLET run it for them), and servers federate directly with each other using the open Matrix protocol. No Cisco, no intermediary, no US infrastructure in the path. An organisation in Germany and one in France can communicate via their sovereign Matrix servers without either party's messages traversing any US-jurisdiction infrastructure. Crucially, because Matrix is a genuine open standard, both the client (the app you use) and the server are interchangeable — meaning no single vendor can lock you in or become a chokepoint for your communications.
What does migrating from Webex to AMVLET actually involve?+
AMVLET works with your legal, IT, and compliance teams to plan and execute a migration that minimises disruption. The process involves deploying your sovereign Matrix server (on-premise, EU-sovereign cloud, or air-gapped depending on your security requirements), configuring identity management and SSO integration, establishing federation channels with your key partner organisations, and training your teams on the AMVLET client. For organisations currently using Webex's messaging history, export tools are available for archiving prior communications in compliance with your record-keeping obligations. The migration timeline depends on your organisation's size and complexity, but the architectural outcome is the same: a communications infrastructure where no US company is in the data path, where your encryption keys are yours, and where CLOUD Act compelled disclosure is structurally impossible — not merely contractually promised.

The same meetings. None of Cisco's exposure.

Switch from Webex to a sovereign communications platform that gives you every feature — without putting your most sensitive conversations in the hands of a US corporation.

Book a migration briefing → Explore Enterprise