04
When jurisdiction matters in practice.
concrete scenarios
not hypotheticals
Dutch healthcare and NEN 7510
NEN 7510 requires healthcare providers to demonstrate that patient data cannot be accessed by non-authorized parties. A file transfer provider owned by a US parent creates a disclosure obligation under CLOUD Act that is in tension with NEN 7510's strict access requirements. EU-owned, EU-infrastructure providers have no such tension.
Legal practice and attorney-client privilege
Dutch and German legal codes protect attorney-client privilege against disclosure. A US parent company can be compelled to produce even privileged data under CLOUD Act without notification. Jurisdiction matters not just for compliance but for professional obligations.
Government and critical infrastructure under NIS2
Article 21 of NIS2 (EU 2022/2555) requires supply chain security for essential and important entities. Infrastructure providers whose ownership changes jurisdiction mid-contract become supply chain risks. Jurisdictional stability is itself a NIS2 compliance requirement.
R&D, intellectual property, and trade secrets
For companies working on pre-patent research or confidential commercial negotiations, foreign government access to transfer metadata can reveal strategic intent. The US has a documented history of economic intelligence collection.
Accountancy, audit files and tax data
Audit working papers and tax files combine financial detail with personal data, and Dutch professional rules oblige accountants to keep them under control for years. Sending a year-end file through a provider with a US parent creates a disclosure path that the client never agreed to in the engagement letter. Under Paramant the file burns after one read and the working papers never persist anywhere outside the firm.
Journalism and source protection
Dutch law protects journalistic sources, but that protection stops at the border of a foreign subpoena served on a provider's parent company. Even when content is encrypted, transfer metadata (who sent something to a newsroom, and when) can identify a source. A relay that stores nothing and is subject only to Dutch law removes both the content and the metadata trail.
Municipalities, schools and Schrems II paperwork
Every Dutch municipality and school board that uses a US-owned transfer tool has to paper over the transfer risk with SCCs, transfer impact assessments and DPIA appendices, and defend that stack at every audit. An EU-owned, EU-hosted provider with client-side encryption removes the transfer question instead of documenting around it: there is no third-country transfer to assess.
M&A, notaries and price-sensitive information
Deal documents, cap tables and draft agreements are price-sensitive by definition, and leak damage is irreversible. Data rooms leave long-lived copies on third-party infrastructure. A burn-on-read transfer with a signed, offline-verifiable receipt gives both sides proof of delivery while guaranteeing that no copy outlives the transaction.
HR, works councils and employee files
Sick-leave correspondence, performance files and works-council documents are sensitive personal data under the GDPR with strict access limits. Routing them through a provider that can be compelled by a foreign authority sits badly with both the works council and the regulator. Client-side encryption plus EU-only jurisdiction keeps the employer in control of exactly who can ever read them.
the principle
If your file transfer provider can be legally compelled to disclose data, the strength of their encryption is not the constraint. Their legal structure is.