'Kill Switch Shield' and the Recurring Erosion of Trust in US Tech

For decades, government anxieties regarding the internet centered on data "pulls" (mass surveillance programs siphoning information) from sovereign states and data "pushes" (flooding nations with targeted influence campaigns). In the emerging internet governance era, the focus is on data cuts: when governments and companies get cut off from the network, unable to access their information or contacts.

In June 2025, the Chief Prosecutor to the International Criminal Court (ICC), Karim Khan, reportedly lost access to his Microsoft email account. Media reports stated that Microsoft cut him off from his account in compliance with unilateral sanctions from the US. The US targeted Khan after he indicted Israeli Prime Minister Benjamin Netanyahu for war crimes. The sanctions shocked analysts and policymakers.

The ICC is a reputable international organization founded in 1998, and it counts 125 states as parties. It is based in the EU, one of the US’s closest allies, and was supported by US leadership as part of the institution's call for the arrest of Vladimir Putin in 2023 under similar circumstances. In mid-July 2025, the US government doubled down on this coercive strategy, extending sanctions to a United Nations rapporteur.

These sanctions came at a time when Trump was threatening EU leaders with tariffs if they did not align with his Make America Great Again agenda. The risk that US sanctions could trigger loss of access to critical digital infrastructure should spark widespread concerns about the degree of US control over key information platforms, including the potential for President Trump to weaponize the private US corporations that governments, such as the EU, rely upon.

Although the use of sanctions by the US government is not in itself new, their use has increased by 933% since 2000. Furthermore, over the past decades, a handful of tech companies have become critical to the operation of both governments and the private sector. Private and public institutions increasingly depend on a US stack of technologies, including for data storage and processing.

Microsoft has previously served as a vehicle for US sanctions in the past. For example, in 2019, it cut off the access to GitHub, the most popular platform for coders to collaborate on and share their work, for users in Iran. GitHub took this action just months after being acquired by Microsoft. A Snowden-like effect is now rapidly unfolding across Europe. In 2013, Snowden revealed to the world that the US government was leveraging its multinational platforms to conduct surveillance on an unprecedented scale. Over the past decade, US multinationals have worked to convince the EU that the data of its citizens is safe on their clouds, regardless of the geographies through which it flows or is stored. A policy framework initially branded as “Privacy Shield” was introduced to support these reassurances and restore public trust, coming into force in 2016.

If the Snowden revelations sparked concern that the US was leveraging global networks to pull data in for espionage, the current fear is that its control over the networks and today’s digital platforms means it can cut off its supposed adversaries altogether. Whereas in the 2010s the US government was tapping into the network flows managed by US companies, it is now forcing US tech companies to deny access to critical services.

The policy responses emerging

Three types of policy proposals emerged in response to this perceived threat. The Danish government, for example, is seeking to replace Microsoft’s suite of products in its offices with free and open-source alternatives. This move signals that Denmark’s threshold for trust now requires developers to open the inner workings of their systems and show they cannot exercise undue control. In doing so, Danish policymakers aim to neutralize the power US tech companies hold over the data flowing through their platforms and to ensure those actors cannot undermine the autonomy of the Danish government.

Meanwhile, other actors within the European Union are calling for industrial policy measures aimed at strengthening EU-based companies by prioritizing and supporting European technologies. Members of the EuroStack initiative, for example, are pushing for alternatives to the US giants in every layer of the internet stack of technologies (data storage, data processing, search engines, social media curation algorithms).

Microsoft has been quick to put forward policy proposals aimed at reassuring its EU clients. In an April blog post, Microsoft President Brad Smith announced:

“In the unlikely event we are ever ordered by any government anywhere in the world to suspend or cease cloud operations in Europe, we are committing that Microsoft will promptly and vigorously contest such a measure using all legal avenues available, including by pursuing litigation in court.”

While the Snowden revelations triggered the “Privacy Shield” response, companies like Microsoft are now proposing what amounts to a “Kill-Switch Shield.” This strategy aims to resolve disputes by altering governance structures, as opposed to the code or ownership. Such solutions require trust that the governance mechanisms will not be overridden by those who control the underlying levers of power. However, the successful legal challenge to Privacy Shield in 2020, and the ongoing legal challenges to its successor frameworks as of 2023, suggest that the trust deficit runs deep, undermining the viability of governance-based solutions. This is why EU policymakers are increasingly focused on securing control over the infrastructure itself: they no longer trust that the governance mechanisms alone can withstand the current political pressure.

An opportunity to strengthen democratic culture

As this new era in information governance emerges, policymakers face the urgent task of creatively navigating these challenges. In a recent article published in Internet Policy Review, I outline a typology of six strategies adopted by governments concerned about the potential for abuse at key points of network control. Some of these strategies concentrate on reshaping infrastructure, while others aim to reform governance mechanisms.

In the current context, involving the public in shaping responses that are trustworthy, sustainable, and seen as legitimate is key for two reasons. First, it speaks to the depth of our democratic experience. After decades in which neoliberal globalization normalized corporate control over information flows, governments are now stepping back in. This marks a critical opportunity to rejuvenate democratic debate by broadening the scope of issues we publicly discuss and choose to collectively govern.

Second, public involvement is crucial to ensuring that communication power remains distributed. This shift is unfolding against a backdrop of democratic backsliding. Reintroducing the nation-state as a central player in shaping issues of public interest can help strengthen public interest and support for democratic processes and collective governance, but also risks abuses of power, especially if autocratic leaders gain control over a reinvigorated state apparatus.. As we move to curb the dominance of big tech, it is important to ensure that this reclaimed power is not merely transferred, but instead diffused through new democratic processes and institutions.

Danish policymakers are pushing for greater transparency, while the EuroStack initiative advocates for stronger legal oversight and enforcement power. These are valuable goals and reasonable strategies. But for them to succeed, the European Parliament must take the lead in developing processes and institutions that actively involve the public in this necessary new wave of power redistribution.