# Microsoft Sovereign Cloud Core Customer Scenarios: Regulatory Requirements

## Метаданные

- **Канал:** Microsoft Azure
- **YouTube:** https://www.youtube.com/watch?v=BROJqkmxlE4
- **Источник:** https://ekstraktznaniy.ru/video/44722

## Транскрипт

### Segment 1 (00:00 - 05:00) []

(upbeat music) - In this video, let's unpack how Microsoft Cloud helps to address regulatory compliance requirements. Across public sector and regulators industries, from banking, to healthcare, to critical infrastructure, organizations face mounting legal obligations that dictate controls concerning where data is stored and processed, how it must be handled and protected, and what it can be used for, and who can access it. These requirements aren't theoretical. They shape day-to-day decisions about cloud compliance strategies and operational risk. Let's start with a real-world scenario. Imagine a national finance regulator, let's call it the National Financial Conduct Authority. It oversees the entire banking ecosystem of the country. New legislation has just come into force introducing strict requirements. All supervisory data, including regulated entity filings, must remain under sovereign control. Access to that data must be tightly governed by the regulator itself, and subject to strict confidentiality. Security incidents must be properly reported. Every system touching financial reporting data must be fully auditable, and systemically important services must meet the highest standards for availability and continuity. At the same time, the regulator wants to modernize. Legacy on-premises systems are costly, inflexible, and difficult to scale. Cloud offers agility, resilience, and innovation, but only if it can meet the letter and spirit of the law. The challenge is clear: how to adopt cloud technology while preserving data residency, controlled access, auditability, and operational continuity. This is an example of the regulatory requirements scenario where modernization and compliance must advance together, not in opposition. So how do we define this? When Microsoft talks about a regulatory requirement scenario within our sovereign cloud framework, we are referring to situations where an organization must comply with international, but also local legal policy or compliance mandates that dictate data handling, confidentiality, operations, and cloud architecture. It represents customers who have non-negotiable compliance guardrails they must meet in order to operate. These requirements vary around the world. In Europe, it could be the GDPR and NIS2, or financial sector regulations such as DORA. In the Middle East, it might involve national cloud frameworks or sector-specific laws. In Asia Pacific, sovereignty rules often center on government workloads or national critical industries. In all cases, compliance is not optional, and customers need a cloud approach built to satisfy a regulatory scrutiny while still unlocking innovation. So how do we address these concerns through sovereign solutions? This is where Microsoft Sovereign Cloud comes in. Rather than offering a separate cloud built from scratch, Microsoft embeds sovereign regulatory and compliance controls directly into the Microsoft Cloud, and then provides enhanced operational, technical, and contractual capabilities where required. Let's break that down. It starts with data residency controls. Customers can ensure data is stored and processed within required geographic boundaries. On top of the existing strong data residency controls, Microsoft implemented the EU Data Boundary to address requests from EU EFDA customers to provide more insight and control in data transfers. Microsoft has expanded data residency controls across other geographies, as well, and we continue to add more controls, such as oversight by EU resident operational personnel. Next, how do we help respond to regulated operational access? Regulators often require that operational access be strictly controlled. Microsoft offers sovereign aligned personnel models such as EU resident oversight, and provides full audit trails for access events. Furthermore, Customer Lockbox allows customers explicit control over Microsoft engineering access to customer data for support issues. And then how do we help with assurance? And this is about compliance certifications and built-in governance. Microsoft operates an extensive set of security and compliance controls

### Segment 2 (05:00 - 07:00) [5:00]

within its cloud operations, and provides many customer-managed controls and measures on top of those. All those controls help address regulatory requirements. We surface those controls to customers through assurance reports against over hundreds of standards and regulatory frameworks. Our sovereign private cloud options can also support the regulatory requirements scenario. For workloads requiring the highest degree of control, customers can deploy isolated customer-operated environments such as Azure Local or Microsoft 365 Local, enabling them to meet strict sensitive data in-country and operational independence mandates. For eligible customers, our national partner clouds as part of our sovereign partner ecosystem, can be instrumental. In some jurisdictions, regulators require cloud operations to be handled by an in-country entity. Microsoft supports this through national partner clouds like Bleu in France, or Delos in Germany, operated by trusted national partners while still providing Microsoft Cloud capabilities. We know that regulatory requirements can be complex, evolving, and high stakes. That's exactly why Microsoft has taken a comprehensive approach. We have spent decades working with governments and regulated industries around the world, which has helped us to gain depth of experience. We provide a holistic sovereignty model with integrated, technical, operational, and contractual controls thoughtfully built in, and that model offers flexibility and choice. From public sovereign regions to private cloud deployments and national partner models, customers can choose the right fit. In all this, we truly commit to transparency, auditability, clear contractual protections, and published compliance documentation, build trust with regulators, policy makers, and customers. Microsoft strives to enable customers to innovate in a compliant way. Customers don't have to trade compliance for innovation. They get both. (energetic music)