Forrester

If these sound familiar, your company’s customer advocacy program has room to grow. You’re reactive. You identify advocates case by case as needed: Emails asking “Does anybody know a customer who can speak to … ?” clog your inbox. You can’t track advocate activity. You’re not sure which customers have given or are willing to give a reference, a testimonial, or a review. It’s all about you. Customer advocacy is a one-way street: You ask for help when needed but haven’t factored in customer advocates’ preferences and motivation. How can you make your customer advocacy program more proactive, more transparent, and more motivating to customers? With technology. Higher-performing customer advocacy programs lean on technology to scale customer advocate sourcing, management, activation, and measurement. Next question: Which direction should you take? Consider Four Approaches To Advocacy Technology Strategic customer advocacy programs can and do function with a variety of technology categories, alone or combined. Our new report How To Buy Customer Advocacy Technology In A Shifting Market (subscription required) lays out four categories relevant to customer advocacy and guides practitioners and decision-makers on where and why to commit. Perhaps you are seeking customer advocacy technology for the first time. Or you’re reassessing your current setup. Either way, your company’s readiness and willingness to support a long-term commitment, your program goals, the severity of the pain of not acting, and the preferences of the advocates themselves should guide your choice. Forrester’s research surfaces four approaches: Advocate management and activation platforms are purpose-built with advocate identification, activation, and measurement top of mind. This category ranges from vendors covering a few core use cases, such as connecting advocates to buyers, to those with an expansive view of customer marketing including core and extended use cases. Community management platforms fill the need for peer engagement. Customer advocacy program management is not a primary use case for online community platforms, but they are worth a closer look for programs built on a community experience where customer advocates are accustomed to, or would be responsive to, an online advocate-focused destination featuring peer interactions and company engagement. Reference management platforms offer focus. Purpose-built reference platforms have a tighter focus than advocate management, supporting identification, management, activation, and measurement of customers who are willing to serve as references. CRMs meet monitoring needs. Your CRM likely already contains individual- and account-level data about advocates. You can monitor advocates with the addition of new fields and creative segmentation. The Forrester Tech Tide™: B2B Customer Advocacy And Reference Technologies, Q4 2024 (subscription required), offers more insight and guidance on relevant technology categories. Reach out to speak to a Forrester analyst about our maturity assessment and to explore technology options. source

While we cannot determine when commercially available quantum computers (aka Q-Day) will be able to break asymmetric cryptography and algorithms, Forrester’s best estimate is that this will happen in 10 years. But it could also happen in five or 20 years. Currently, many governments have established a deadline of 2035 for full migration to use of postquantum cryptography. The Australian Signals Directorate’s guidelines for cryptography are the most aggressive, with 2030 as the deadline. A Full Migration To Postquantum Is An Enormous Undertaking Recognizing the urgency and impact, governments have issued guidance and deadlines for migration. Industry-specific entities have issued guidance, such as the European Telecommunications Standards Institute’s framework for quantum-safe migrations, the Financial Services Information Sharing and Analysis Center’s framework for replacing an insecure algorithm, and the Bank of Israel’s directive for banking system preparedness for cyber risks arising from quantum computing capabilities. Regulatory requirements and standards such as the Payment Card Industry Data Security Standard and the EU’s Digital Operational Resilience Act highlight the need to monitor developments and vulnerabilities in cryptography as well as the need for cryptoagility. Balance Short-Term Fixes With Longer-Term Strategic Plans As architects migrate their applications and systems to quantum-secure versions, different approaches will lead to debates around time and cost. For example, an engineer might replace an application that uses RSA encryption with a new application version that has implemented one of the approved postquantum algorithms, which could meet the immediate requirement. But architects looking to future-proof their environment against ongoing cryptographic changes might want to implement cryptographic agility systems that add short-term cost but make upgrading simpler in the long term — the architect would make a configuration change in the cryptoagility tool rather than spending time directly upgrading large numbers of complex and critical systems and software that serve enterprise resource planning, security, and other parts of the business. The Architect’s Guide To Quantum Security Our latest report, The Architect’s Guide To Quantum Security, breaks down the common architectural building blocks that architects will use to construct a quantum-safe environment. These building blocks can be arranged into a few different patterns, and architects should choose the patterns that best support their organization’s business cases and technology environment. Crucially, these patterns are not mutually exclusive and should be used in combination where appropriate — an architect can apply different patterns to different components in the same environment. To understand the common quantum security architectural building blocks and patterns, please read our report and schedule an inquiry or guidance session with us. source

Earlier this month, my colleagues Matt Selheimer, Srividya Sridharan, and Katy Tynan advised B2B leaders on how to weather market volatility and navigate current economic storms (subscription required). One of six actions they recommend is using customer insights to improve understanding and empathy in communications and reduce high-friction processes. This is especially important when it comes to retaining and growing customers. While deeper understanding is the first step, retention should be the desired result. B2B teams that fail to prioritize, resource, and measure the impact of postsale customer engagement risk negative repercussions on customer retention, loyalty, growth, and advocacy. The chart above, which I borrowed from Craig Moore’s research, shows how failing to retain customer revenue puts more pressure on frontline teams to grow revenue — tough to do when customers are slow-walking purchases. Five Ways To Focus On Retaining And Growing B2B Customers During Volatile Times Our data shows that current customers, through renewal and expansion, account for 61% of B2B revenue, higher for established companies and lower for companies still in new-account growth mode. With poor retention potentially putting this revenue at risk, it’s time to (re-)prioritize customer engagement with five key actions and investments: Analyze your “best” customers. Review the journeys of customers who succeed to better understand why they do better than others and why they value working with you. Use this insight to improve prospect prioritization and redirect customers with lower health scores back on the path to measurable results. This focus will help drive greater cost optimization and foster better organizational discipline. Use insights to mindfully govern customer communications and interactions. Prioritize listening with empathy and pay more attention to signals that provide insight into customer interests, intentions, and context. Custom large language models and predictive AI can boost insight gathering and analysis results. Invest in customer resources that support retention and growth. Building an environment where customers attain value and grow requires focusing on what customers need — and what companies should do to produce desired outcomes. Our research shows how B2B companies that consolidate resources to focus on and prioritize postsale interactions see a full return on that investment. Build relevant, personalized digital experiences for customers. Scaling postsale engagement requires some straightforward investments that can double returns in three years. These include giving customers self-directed and digital means to solve problems, networking to learn best practices, becoming more proficient, and having unique, differentiated experiences that create meaningful value. Leverage AI to increase team efficiency and customer relevance. Postsale teams gather, use, and exchange large amounts of verbal communication, correspondence, creative copy, presentations, and other forms of unstructured natural language — making them ideal grounds for using predictive and generative AI to boost performance. Beyond increasing internal efficiencies and consistency, AI-backed practices can help deliver more personalized and relevant customer engagement that builds trust and loyalty while helping customers improve time-to-value. If customer retention is high on your priority list for 2025, clients can schedule a guidance session if you’d like to walk through your plans or concerns with me to learn how to further these actions and investments for your team. If customer retention is not high on your list, set up some time to learn why it should be! source

The world of DevOps is changing fast. The latest innovation? Internal developer portals (IDPs) such as Backstage, originated by Spotify. An IDP is a framework for building DevOps platforms that offer discoverable, self-service IT infrastructure and automation services, helping developers manage IT services efficiently. IDPs can help streamline workflows, reduce context switching, and enhance governance among developers. Coming Out Of The Backstage In 2020, Spotify donated Backstage to the Cloud Native Computing Foundation (CNCF) Sandbox, an incubator for early-stage open-source projects. Since then, it has boomed in popularity and changed the way enterprises approach DevOps, as massive firms such as American Airlines, Ericsson, and IKEA have taken advantage of its unique tools. As with any new tool, however, it’s important to understand the benefits and drawbacks and assess overall whether an internal developer portal like Backstage is a good fit for your firm. IDPs Have A Lot Of Benefits … IDPs serve as the building blocks for scaled-out DevOps platforms. A few benefits of IDPs include the following: Enhanced developer productivity. By creating a self-service platform, IDPs reduce the headaches that occur with old-school ticketing systems. Continuous improvement and integration. Backstage can help integrate legacy tools with new technologies, which can in turn create a more sustainable and continuously improving system. Streamlined governance. By providing a framework to define and automate governance, IDPs simplify it and ensure consistent, error-free deployment pipelines. … But There Are Still A Lot Of Considerations While the benefits of IDPs seem like a no-brainer, it’s important to understand whether an IDP is actually a good fit for your organization. Drawbacks include the following: Expectations for the platform are out of sync. Different teams may have different needs and goals for their DevOps practices. It’s crucial to establish metrics for success and foster alignment across stakeholders to avoid misunderstandings and ensure that the platform meets expectations. The process of defining and measuring metrics needs to begin before Backstage is implemented. Most IDPs are frameworks that require assembly. While many teams that implemented Backstage assumed that it would be an easy, free addition to their DevOps practices, that isn’t always the case. Backstage can be complex and requires engineering expertise to assemble, build, and deploy. Exploring commercial IDP options that include an orchestration layer on top of Backstage is another option that may be a better fit for some organizations. Teams fail to treat the platform like a product. Too many platform teams build their platform without including the developers (their customers) in the conversation. This is a recipe for low adoption, which has plagued many platform teams. Instead, treat the platform like a product: Assign a product manager to curate developer needs and build a proof of concept to prove out the value of the platform. Take the learnings from that POC to scale the platform and continue to seek out developer participation. Platforms are top of mind for Forrester clients, and we are actively researching this space. To help with that research, we encourage vendors of IDPs (platforms or portals) to brief us on their products. Clients of Forrester who have questions on developer platforms or portals are welcome to request an inquiry or guidance session. You can find the full report on IDPs here. source

Your return-to-office (RTO) policy isn’t working today, and it won’t ever work — at least, if by work, we mean a policy that satisfies the in-office preferences of the executive team without driving some of the best workers to distraction or worse. This is because the policy itself can’t accomplish anything without the hard work necessary to develop and implement an approach to enforcement that you can maintain. That’s honestly the part that leaders have put the least effort into, as we’ve written in our latest report, The Facts About Hybrid Work Policy In 2025. In the report, we evaluate the data available on hybrid work in the US from our own surveys of thousands of workers and decision-makers over the past decade as well as a review of the most robust data available from academic researchers at Stanford and elsewhere. The facts make one thing clear: Most policies are not being complied with. On average, employees operating under hybrid work policies are given 2.1 days a week to work remote, a number that has fallen by a full day over the past few years. Yet even as the policies have tightened, the number of days that people actually work remote has not changed meaningfully since late 2022.   This means that as policies tighten, compliance is actually getting worse. We predict that in 2030 the number of days hybrid workers are in the office will have dropped by half a working day per week to 1.6 days total. Yet we predict actual days worked remote will not have dropped by the same amount. For executives hidebound and determined to see more workers in the office more days per week, their gut response will be to reduce flexibility even more, cracking down on the people who are undermining what executives perceive as the extra productivity and culture energy they would have if only more people were in the office, believing that if some slackers are driven out of the organization, this will only allow the company to regroup around its core performers. Unfortunately for them — as we show clearly in our report — none of that is true. Productivity is not higher and, in some cases, it’s worse when people are compelled to work in the office. Culture energy is actually higher for people who have work flexibility, and according to a University of Pittsburgh analysis of more than 3 million tech and finance workers’ employment histories, people who attrit after hybrid work policy changes are among the highest-qualified and most senior performers. None of this argues that your policy should change. Hopefully you made your decisions in light of the data we’ve been sharing for years that is now showing all of these things to be true. But it does argue that how you manage enforcement of your policy requires your thoughtful attention and careful leadership. In the report, we break out two broad approaches — loose enforcement and tight enforcement — and show how each can be done in a way that more effectively manages the risks and mitigates the consequences of your policy. Under tight enforcement, you face specific, measurable risks to which you can manage. Under loose enforcement, it’s harder to measure the short-term impact, but long-term metrics such as engagement and attrition favor you. Forrester clients can read the report to learn more. My personal plea to leaders on this topic: Stop personalizing this policy. The numbers are in — some of your decisions are having a positive effect, and some are having a negative effect. If you aren’t measuring the effects that your policy is having and then responding with policy or enforcement adjustments that manage to those metrics, you are missing the opportunity to really lead. And you’re going to need to be that kind of leader to get your organization through all the volatility and uncertainty you currently face. It would be nice to go into those tough decisions having already shown that you know how to handle tough choices involving smart and good people who can genuinely disagree over policy and enforcement. source

Forrester recently published The Human Capital Management Solutions Landscape, Q2 2025. We took a peek at 41 vendors, the new set of core use cases for human capital management (HCM), and what new extended use cases are picking up in the market along with the traditional and new HCM capabilities. The global HCM market size was valued at $31.34 billion in 2024. The market is projected to grow from $34.12 billion in 2025 to $64.97 billion by 2032. Global organizations are signaling a significant strategic priority on talent and workforce management, evidenced by projected substantial increases in technology investments across HR, recruitment, workforce management, and talent intelligence over the next five years. This investment reflects a critical understanding of the direct link between talent optimization and business outcomes. While a best-of-breed approach has historically been prevalent, we’re observing a clear and accelerating shift toward full HCM suite adoption across both large and midmarket enterprises in most industries. This trend is driven by the need for integrated data, streamlined processes, and a unified view of the workforce, suggesting a move away from siloed solutions to a more holistic and strategic platform approach. The dominance of software-as-a-service HCM solutions underscores a demand for agility, scalability, and continuous innovation in managing an organization’s most valuable asset: its people. A Few Key Observations From The Recent HCM Landscape The rise of flexible workforces and total workforce management continues. Today’s workforce now comprises full-time employees, contingent workers, and freelancers and gig workers. Gone are the days when HCM solutions only focused on full-time employee data management. Today’s HCM solutions try to compete with Beeline and Fieldglass. In a tough macroeconomic and layoff-ridden environment, being open to contingent workers and gig workers helps modern businesses be agile, scalable, and profitable. Digital workers are coming. While many find this concept alarming and detest the anthropomorphizing of a “piece of software” or a “digital agent,” it’s inevitable. This is now not a matter of “if”; it’s a matter of “when.” The traditional HR org chart consists of positions with roles, responsibilities, and skills to perform a specific job function. Today, we know with certainty that AI and automation will impact every job to a varying degree. Every person occupying a position will have AI agents and automation take over certain job functions, and there’s no better system than an HR system to help define, control, and manage these agents. It will only be a matter of time until some HCM vendors provide comprehensive, secure, and advanced governance, risk, and compliance controls to manage the digital workforce of tomorrow. This will trigger the C-suites to accept and adopt the concept of digital workers in order to meet their fiduciary duty toward their board and investors to ensure that their organizations are as automated as possible with a rebalanced workforce. The marketplace economy is here and maturing. Today’s mature HCM vendors have developed massive underlying platforms that are highly extensible, which enables independent third-party software vendors, partners, and even customers to develop low-code/no-code functional or vertical software solutions and sell them to a wider audience, creating a huge buy-and-sell vendor marketplace. This trend is picking up rapidly and is extremely lucrative to HR vendors, partners, and customers, creating a highly incentivized ecosystem and economy for all participants. HCM evolves to include spend, identity, and IT asset management. There’s been an increased emphasis and heavy demand on unified business operations across the organization rather than siloed systems and data. HCM as the employee system of record plays a key role and acts as the connective tissue between systems. It provides the ideal foundation to ensure that employee data flows seamlessly across the enterprise, even as an employee moves through the organization. Many vendors are exploring knowledge graph semantics to make this happen. The new HCM model now covers some aspects of spend management, such as expense management, bill pay, and corporate cards; some aspects of identity and access management, such as a controller of employee identity; and IT asset management, to manage worker assets and devices across organizations. Payroll finally gets its innovation moment thanks to consumer-grade fintech. Payroll is always viewed as highly transactional, compliance-driven, extremely risk-averse, and boring enough to never be considered an ideal candidate for disrupting innovations. For decades, no auditor and controller or chief human resources officer wanted to take on the liability of experimenting with payroll. Beyond cloud-based, multicountry payroll and global payroll engines, there haven’t been many changes to this segment. But newer consumer-grade fintech innovations — such as paycheck-linked lending and bill pay, earned wage access, real-time pay, dynamic direct-deposit switching, improved credit scoring, financial wellness, and automated verification of income and employment — are becoming increasingly popular, driven by the small- and medium-size business market. Exciting news! The publication of this HCM landscape kicks off the Forrester Wave™ evaluation for HCM solutions. I’m looking forward to spending the next four months evaluating a select group of market-leading HCM vendors across their key offerings and product strategies. Stay tuned for the Forrester Wave later this year! Meanwhile, have a look at the HCM landscape report here. For more insights from the report, information on any of the vendors discussed in the report, and overall HCM market trends, please book time with me (via an inquiry or guidance session). source

Attention all marketing leaders! The stage is set, and the spotlight is on you. The B2B Summit APAC Marketing Awards are calling for entries, and this is your golden opportunity to showcase your extraordinary achievements. Have you driven remarkable milestones with a customer-obsessed growth strategy, process, or initiative? Have you been the driving force behind your company’s marketing strategy driving phenomenal growth? If so, we want to hear your story! Submit your entries by August 28th, 2025, and let your success shine. We are on the lookout for programs developed by leaders and teams based in the APAC region that show strong cross-functional alignment or exceptional results from a single function that make a significant impact on company performance and growth. Winners will be unveiled just before the Forrester B2B Summit APAC on November 6th in Singapore. Imagine sharing your inspiring journey on the event main stage and receiving complimentary tickets to B2B Summit APAC 2024. But that’s not all! Both winners and finalists can bask in the limelight, featuring in Forrester reports, videos, social media posts, and other prominent channels, celebrating your success far and wide. Join the elite ranks of previous winners like Fujitsu Asia Pacific, UIPath, Grant Thornton, Autodesk, Red Hat, Dell Technologies, F5, Cisco, and many more who have earned their place in our prestigious hall of fame. Now, it’s your turn to step into the spotlight. Start crafting your entry and let your achievements shine. Find FAQs here and the entry form here. Remember, the deadline is August 28th, 2025—don’t miss your chance! source

How do you spend your workday? If your value to the organization is to process paperwork, take an order and fulfill it, manage data and people’s access to it, report out a status, regurgitate templated or documented information, or have the same conversations over and over, I can confirm some hard news that you may already suspect: You’ll be replaced by AI — and soon. It’s not really your fault, either. Your job description isn’t usually the result of a “choose your own major” scenario. Your organization created a lot of paperwork to process and needed a processor. You did the job as outlined in the job description that the org created. And the more paper, orders, numbers, and status reports that were produced, the busier you got, the more time you spent processing those things, and the more that task became your whole job, whole role, and whole value as an employee. Now that AI, and especially agentic AI, can take on more of that paper processing, the same leaders who wrote that job description and put you in that role are hunting through the organization for the low-hanging fruit for easy replacement. HR, this affects a lot of you specifically. An announcement this week gives us a rich example of how AI can help leaders rebalance their workforce but also showcases how vulnerable support functions are to being replaced by AI. In The Wall Street Journal, IBM announced its move to AI agents to “replace the work of a couple hundred human resources workers.” This job-shrinking in HR made space for job adds in areas that “[International Business Machines Chief Executive Arvind] Krishna calls ‘critical thinking’ focused domains, where people need to do things that ‘face up or against other humans, as opposed to just doing rote process work.’” To IBM, those areas of opportunity include sales, marketing, and software engineering. But IBM HR could also benefit from streamlining and efficiencies by leveraging AI to improve skills detection, learning, workforce planning, recruiting, inclusion, resource management, career-pathing, and the myriad other AI use cases within HR. This opportunity is also why I offer the same warning to any employee: Make sure that your value is more than just your time and ability to process paper, forms, and orders. If it’s not, make moves to demonstrate your (human) capabilities, build your artificial intelligence quotient (AIQ), and prepare for change. I see a huge opportunity for HR to guide their organizations through AI transformation — something I hope IBM also sees — but HR leaders must rise to the occasion and demonstrate why they deserve to be part of AI governance and use case selection, not the next group packing up their boxes. source

In today’s volatile business environment, executives face the dual challenge of optimizing costs while maintaining exceptional customer experiences. Our new report, The Golden Thread From CX To Value Streams Reveals Optimization Opportunities, offers a strategic approach to navigating these complexities. The office of the CIO, however, often faces specific hurdles when engaging teams to leverage business architecture and customer journey artifacts for problem-solving. They encounter a lack of understanding — teams may not fully grasp the value and application of business architecture and customer journey maps in their daily work. There are perceived complexities — some may view these artifacts as overly academic or time-consuming to utilize for practical problem resolution. Organizational silos can hinder the sharing and collaborative use of these artifacts across different departments. Even when faced with these barriers to execution, doing nothing isn’t an option. Aligning customer journeys with operational processes is crucial for maintaining high-quality customer experience while optimizing costs so that the benefits of creating methods for strategic focus are worth it. The success of these focused teams can then serve as a catalyst for wider adoption and integration into standard problem-solving practices. We find that in working with our clients, the need to mobilize against a framework is an opportunity often overlooked and that using the “tiger team” strategy to bridge customer experience and operational excellence is a best practice worth sharing. Here are some key steps to Forrester’s integrated approach to overcome initial resistance and demonstrate the tangible value of these strategic tools to the broader organization. Empower A Tiger Team Accelerating problem-solving and fostering a culture of continuous improvement are musts, and these squads of cross-functional experts are pivotal in diagnosing and resolving your complex operational issues. They use forensic process analysis and capability assessments to pinpoint areas for improvement. Connect Maps And Artifacts Integrating artifacts helps you maintain operational efficiency and meet customer expectations. Connect customer journey maps, business capability maps, and value stream maps so that you prevent the doom loop of passing bottlenecks to unsuspecting colleagues. A holistic view enables your organization to reallocate your investments effectively while avoiding service-level-agreement breaches. Dissolve Silos And Enhance Collaboration Breaking down silos and promoting shared accountability are essential for aligning organizational goals with customer needs. Siloed perspectives often lead to disjointed priorities and unexpected outcomes. Dissolve your silos by fostering collaboration across departments. Continuously Improve And Monitor Continuous monitoring and optimization are vital for sustaining operational excellence and adapting to evolving customer needs. Transition from crisis response to continuous improvement by establishing a robust operational microscope. This means deploying skilled personnel, adopting a strategic viewpoint, and using structured methodologies guided by a customer-centric mindset. Execute Our Eight Steps To Sustainable Success Forrester clients can use our eight-step process to scale operational improvements, from prioritizing fast fixes to treating journeys and value streams like products with dedicated owners. This approach ensures that optimization efforts are aligned with strategic goals and are continuously monitored for effectiveness.   If you need help understanding how your tiger teams can take you from crisis to opportunity, let’s talk. Schedule an inquiry or guidance session with me or Linda Ivy-Rosser to talk about how you can use the eight steps in our best-practice report to optimize your IT landscape with tiger teams. We can ensure that this action aligns with your strategic commitment to the pursuit of continuously improving business results through technology. In the meantime, Forrester clients can read The Golden Thread From CX To Value Streams Reveals Optimization Opportunities. source

Increasing geopolitical volatility has characterized the last three years in Europe, reaching new heights, with ongoing disputes on US tariffs and possible EU retaliation measures hitting US big tech – including hyperscalers. European technology leaders worry about the potential consequences of these actions, from higher costs, to service availability, and other disruptive consequences. The latest blog from Microsoft’s Vice Chair & President Brad Smith tries to reassure these tech executives of Microsoft’s commitment to supporting its European customers, promising digital sovereignty, respect for privacy and local laws, and its contribution to strengthening cybersecurity in the region. But in doing so, it also highlights how vulnerable the IT backbone of many European organizations is to shifting political winds. Here is what Microsoft is committing to do and what tech executives should watch out for. Expanding Data Center And Sovereign Cloud Capacity According to Brad Smith’s blog, Microsoft is committing to: 1) increase its European datacenter capacity by 40% over the next two years, 2) complete its sovereign cloud offering in Germany (France already being available), and 3) offer support to European cloud providers to host Microsoft applications and services on their local cloud infrastructure.Each of these measures has its own caveats for European tech executives: 1) increasing data center capacity expands Microsoft’s footprint but does not make European organizations less vulnerable to ongoing geopolitical volatility, 2) Microsoft’s sovereign cloud offerings in France and Germany are well architected but leave organizations in other European countries short of similar sovereign options, and 3) making Microsoft’s applications and services available on European vendors’ local cloud infrastructure solves a competition problem in the infrastructure space but does not help reducing European dependability on non-sovereign solutions. Pursuing Litigation To Protect Customers’ and Other Stakeholders’ Rights The blog also considers the unlikely scenario that a government asks Microsoft to suspend or cease cloud operations in Europe. Microsoft stated its determination to stand by its customers and use all legal avenues available, including by pursuing litigation in court. It’s not just words, but a new European Digital Resilience Commitment. In fact, the hyperscaler will include new clauses in all of its contracts with European national governments and the European Commission to make this promise binding.Despite the unlikelihood of this scenario, it’s one that many European technology executives and their risk leaders are considering. Microsoft’s decision to talk explicitly about it and make it a binding commitment to resist helps to partially reassure these customers. But, it also inevitably confirms that the risk, albeit remote, exists. Protecting The Personal Data Of Europeans Microsoft has long committed to protecting the personal data of Europeans through different measures, including: 1) giving customers control over where their data is stored and processed, how it is secured, and making it clear when Microsoft can access it, 2) implementing the EU Data Boundary project, which effectively extends the scope of data residency safeguards, and 3) limiting the ability of third parties—including Microsoft—to access customer data by ensuring data is processed within a trusted environment, though a Confidential Compute offering in Azure.Preventing unauthorized access and ensuring compliance with data residency requirements are points of tension for all US organizations operating in Europe. Ultimately these US organizations, like their Chinese counterparts, could be forced to grant access to their government according to their local laws, such as: Stored Communications Act and Cloud Act. The Stored Communications Act (‘SCA’) governs law enforcement access and grants American courts and regulators the power to issue production orders to cloud providers targeting customer data. The US CLOUD Act amends the SCA, by clarifying that such orders apply to any data held by a US cloud provider, regardless of data location. This has been a major point of concern for European organizations for years, and now gains new resonance from ongoing US-EU disputes. Foreign Intelligence Surveillance Act. The Foreign Intelligence Surveillance Act (‘FISA’) governs access for intelligence purposes. Section 702 grants the National Security Agency (NSA) the power to issue production orders to cloud providers targeting customer data. FISA directives also apply to data that a US cloud provider stores in Europe. US law prohibits cloud providers from publishing details of directives in their transparency reports. This makes it much harder to assess the frequency of such access – and therefore to even assess the risk FISA directives pose to European data. Microsoft’s initiatives for protecting European customers’ privacy are a step in the right direction. But they do not solve the tension between the demand of European customers to ensure that their data is protected at all times against any form of unauthorized access and the obligation of US hyperscalers to obey their national laws. European technology leaders worried about unauthorized access to their data by a foreign government should take note that these measures help mitigate – not remove – the risk. Appointing A New Deputy CISO For Europe Microsoft announced a new Deputy CISO for Europe as part of the Microsoft Cybersecurity Governance Council, dedicated to Microsoft’s security responsibilities in Europe. The Deputy CISO for Europe will be accountable for compliance with current and emerging cybersecurity regulations in Europe, including the Digital Operational Resilience Act (DORA), the NIS 2 Directive, and the Cyber Resilience Act (CRA). Having a dedicated Deputy CISO for Europe is a further signal of Microsoft’s attention to European organizations’ unique requirements. It also highlights how compliance with local norms needs more and more local context and local resources. For governments, banks, telcos, and utilities in Europe, having a person in the region with accountability shows intent and that Microsoft is taking these mandates seriously. Yet this is not a silver bullet. Unless this Deputy CISO has real authority over Microsoft’s security architecture and incident response in Europe, it might be a layer of PR and not power. There is skepticism that the appointment might be more about optics and public relations than substantive change. Providing A Variety Of Models For AI And Public APIs Any technology blog in 2025 cannot possibly ignore the