How the U.S. CLOUD Act compels disclosure of data within a provider’s “possession, custody, or control,” regardless of storage location.
The Philippine Government Cloud First Policy’s assertion of sovereignty over government-linked cloud data “regardless of location.”
Why U.S. warrants served on U.S.-headquartered providers storing Philippine government data create a compliance dilemma.
Potential reconciliation mechanisms, including MLAT channels and executive agreements under 18 U.S.C. § 2523.
Obtain Counsel on Data Sovereignty and CLOUD Act Risk
Geronimo Law advises cloud providers, financial institutions, and government contractors on data sovereignty, cross-border disclosure risks, and regulatory compliance strategy.
This section addresses common concerns raised by businesses, legal teams, and finance professionals looking for clarity on complex issues and get a better understanding of key concepts.
What is the core conflict between the CLOUD Act and Philippine Cloud First rules?
The CLOUD Act compels U.S.-subject providers to disclose data within their control, regardless of location, while Philippine Cloud First policy seeks to exclude foreign legal access to government-linked cloud data.
When does a compliance dilemma arise?
A conflict arises when U.S. authorities serve a warrant on a U.S.-headquartered provider for data stored in the Philippines that is linked to Philippine government systems.
How can such conflicts be mitigated?
Through Mutual Legal Assistance Treaty (MLAT) processes or executive agreements under 18 U.S.C. § 2523, which provide structured cross-border evidence-sharing mechanisms.
.webp)
