Updated juli 1, 2026
Summary: Microsoft Teams and Zoom expose communications to US government access under CLOUD Act 18 U.S.C. § 2713 and FISA 702. Sovereign alternatives such as Jitsi Meet, BigBlueButton, and Matrix/Element with DTLS-SRTP encryption, hosted in Swiss or EU-controlled infrastructure, eliminate that exposure and satisfy NIS-2 Article 21 confidentiality requirements.

Sovereign unified communications refers to voice, video, and messaging infrastructure operated under a legal and technical jurisdiction that prevents foreign governments from compelling access to call content, metadata, or recordings. For European public-sector bodies, financial institutions, and regulated healthcare and legal organisations, this distinction is not a preference; it is a compliance and operational security requirement driven by specific, enforceable laws on both sides of the Atlantic.

The Jurisdictional Exposure of Microsoft Teams and Zoom

Both Microsoft Teams and Zoom are products of US-incorporated entities, which places every byte of call data they process, regardless of where it is physically stored, within the reach of CLOUD Act 18 U.S.C. § 2713. That statute obligates a US provider to preserve, backup, or disclose the contents of a wire or electronic communication held anywhere in the world when served with a qualifying legal process. Microsoft’s European data boundary offer and Zoom’s EU data routing do not change this exposure; they govern storage location, not the provider’s legal obligation to comply with a US court order.

Separately, FISA Section 702 authorises the US intelligence community to compel electronic communication service providers to assist in the acquisition of foreign intelligence targeting non-US persons reasonably believed to be located outside the United States. Conference call metadata, including participant identities, IP addresses, call durations, and dial-in numbers, constitutes precisely the category of data targeted under these authorities.

Key risk: In 2023, the US Foreign Intelligence Surveillance Court approved all 3,394 FISA Section 702 targets submitted by the government, illustrating that judicial oversight under FISA functions as ratification rather than meaningful constraint. (Source: US Office of the Director of National Intelligence, Annual Statistical Transparency Report, 2023.)

For lawyers handling legally privileged client communications, physicians discussing patient data under medical secrecy obligations, and government officials conducting classified or sensitive policy discussions, routing those communications through Teams or Zoom therefore creates a structural breach of confidentiality that no contractual safeguard can repair.

The European Data Protection Supervisor has stated directly: “The CLOUD Act means that any provider incorporated in the United States, or whose parent is incorporated there, can be compelled to produce data stored anywhere in the world, including in Europe.” This assessment predates the current EU-US Data Privacy Framework and is not resolved by it, because the Framework governs commercial data transfers, not intelligence access.

Sovereign Open-Source Alternatives

Four mature open-source platforms can replace Teams and Zoom in regulated environments without routing call media or metadata to US-controlled infrastructure.

Platform Primary use case Encryption baseline Notable sovereign integration
Jitsi Meet (open-source, self-hosted) Ad-hoc and scheduled video calls, team meetings DTLS-SRTP mandatory; optional E2EE via Insertable Streams Native Nextcloud Talk integration; Matrix/Element bridge
BigBlueButton Structured meetings, webinars, training, parliamentary sessions DTLS-SRTP; HTTPS for signalling Nextcloud integration; Moodle and open LMS
Matrix / Element with Jitsi integration Persistent team messaging with embedded group calls Olm/Megolm E2EE for messaging; DTLS-SRTP for media via Jitsi bridge Federates with other Matrix homeservers under your control
OpenVidu Programmable video sessions, custom applications DTLS-SRTP via mediasoup or Kurento API-driven; embeds in sovereign portals and citizen services

Jitsi Meet, when deployed from the open-source repository rather than the 8×8 cloud service at meet.jit.si, carries no telemetry, no licence fees, and no external dependencies. The Jitsi Videobridge (JVB) handles selective forwarding of encrypted media without decrypting streams, keeping the server in a zero-knowledge position for call content when end-to-end encryption is enabled.

BigBlueButton is better suited to formal proceedings because it provides breakout rooms, moderated recording, shared notes, and polling features that approximate the structured workflow of a regulated meeting or hearing.

Matrix / Element with a self-hosted Jitsi bridge gives organisations a unified interface: persistent encrypted chat, file sharing from a sovereign Nextcloud instance, and video calls, all within one client, with no external federation unless explicitly configured.

Encryption Standards Required for NIS-2 Compliance

NIS-2 Article 21(2)(h) of Directive (EU) 2022/2555 requires essential and important entities to implement policies and procedures for the security of communications, including voice and video. ENISA’s guidance on implementing this article treats end-to-end encrypted transport as the baseline: “End-to-end encryption is no longer optional for sensitive government communications; it is the baseline from which security architecture must be built.”

DTLS-SRTP as the Mandatory Transport Layer

WebRTC-based conferencing tools, including all four platforms listed above, use SRTP (Secure Real-time Transport Protocol) for media encryption and DTLS-SRTP (RFC 5764) for key negotiation. DTLS-SRTP ensures that keys are established via a datagram TLS handshake directly between endpoints, preventing a passive network observer or a compromised relay from decrypting media. Any sovereign deployment must verify that DTLS-SRTP is enforced and that plain RTP fallback is disabled at the server configuration level.

For deployments handling communications classified as sensitive by national frameworks or subject to legal professional privilege, per-client end-to-end encryption using WebRTC Insertable Streams (as implemented in Jitsi’s E2EE mode) provides an additional layer: the Jitsi Videobridge receives encrypted payloads it cannot decrypt, so even a compromised server does not expose call content.

Compliance note: DTLS-SRTP alone satisfies transport confidentiality under NIS-2, but organisations subject to national security classifications or attorney-client privilege frameworks should additionally require E2EE via Insertable Streams and document this choice in their Article 32 GDPR technical measure register.

Integration with Sovereign Unified Communications Stacks

A sovereign unified communications deployment should eliminate all touch points with public cloud endpoints, not merely replace the conferencing layer in isolation. In practice this means tying conferencing to sovereign email, file sharing, and identity management.

The most coherent architecture for European regulated organisations currently combines: a Nextcloud Hub instance for file collaboration and calendar, providing the Nextcloud Talk client as the daily conferencing interface; a self-hosted Jitsi Videobridge backend that Nextcloud Talk calls via its High Performance Backend for larger meetings; a Matrix homeserver (Synapse or Dendrite) for persistent messaging and cross-department federation without touching public Matrix.org servers; and a sovereign SMTP/IMAP email stack for asynchronous communications. All components can be hosted in Swiss data centres under the revised Federal Act on Data Protection (revFADP, in force since 1 September 2023), which removes the Swiss-EU transfer friction while keeping data outside US jurisdiction entirely.

Capacity Planning, Latency, and Crisis Resilience

Government and financial-sector deployments cannot tolerate the capacity assumptions appropriate for a startup. A Jitsi Videobridge instance on a single 16-core server with 32 GB RAM typically sustains 100 to 150 concurrent video participants at 720p before degradation; a production deployment for a ministry or large bank requires a horizontally scaled cluster behind a load balancer, with at least N+1 redundancy at each tier.

Latency targets for intelligible voice are well established: one-way latency below 150 ms is generally imperceptible to speakers; above 300 ms, conversation quality degrades noticeably. A Swiss-hosted deployment serving users in Germany, France, or the Netherlands will typically see round-trip times of 10 to 30 ms to major population centres, well within tolerance. Crisis communications scenarios, such as a cybersecurity incident requiring out-of-band coordination when primary networks are compromised, require a deployment architecture that does not share infrastructure with the systems under attack. This means the conferencing stack should run on dedicated virtual machines or bare metal separate from the organisation’s primary Active Directory, email, and file systems.

The average total cost of a data breach reached $4.88 million in 2024 according to IBM Security’s Cost of a Data Breach Report, a figure that underscores why crisis communications infrastructure must remain operational during the breach response itself, not be routed through the compromised environment.

Sovereign Recording, Transcription, and AI Meeting Summaries

The demand for AI-generated meeting summaries, live transcription, and action-item extraction is real, and sovereign deployments must meet it without routing audio to OpenAI, Google, Microsoft Copilot, or any other public cloud AI service.

On-Premises Speech-to-Text

OpenAI’s Whisper model was released under an open-source licence and can be run entirely on-premises on GPU or CPU hardware. It supports over 90 languages at accuracy levels suitable for formal meeting transcription. Vosk is a lighter alternative for real-time streaming transcription on constrained hardware. Neither requires an external API call when self-hosted.

Local Large Language Models for Summarisation

Once a transcript is produced on sovereign infrastructure, summarisation and action-item extraction can be handled by a locally deployed model such as Mistral 7B or Llama 3. These models run on commodity GPU servers and produce output quality appropriate for internal meeting summaries without sending any content outside the controlled environment. The pipeline: Jitsi recording to sovereign object storage, Whisper transcription on-premises, Mistral summarisation on-premises, output stored in Nextcloud and accessible only to meeting participants.

This architecture satisfies both GDPR Article 32 (appropriate technical measures) and the emerging requirements under the EU AI Act for high-risk AI systems processing special-category data, because the data never leaves the organisation’s processing environment.

FAQ

Does using Microsoft Teams with a European data residency option eliminate CLOUD Act exposure?

No. Data residency controls determine where data is stored at rest, but CLOUD Act 18 U.S.C. § 2713 obligates US-incorporated providers to produce data regardless of storage location. Because Microsoft is a US corporation, a US court order can compel disclosure of European-resident data. Only switching to a provider with no US corporate nexus removes that exposure.

Is Jitsi Meet fully open-source and free of 8×8 telemetry when self-hosted?

Yes. When you deploy the Jitsi Meet open-source stack from the Jitsi GitHub repository on your own infrastructure, no data is routed to 8×8 or any third party. The 8×8 cloud service (meet.jit.si) is a separate hosted product; the open-source components carry no mandatory telemetry or licence fees.

What does NIS-2 Article 21(2)(h) specifically require for conferencing systems?

Article 21(2)(h) of Directive (EU) 2022/2555 requires essential and important entities to implement policies and procedures covering the security of communications, including voice and video. In practice this means encrypted transport via DTLS-SRTP, access controls, incident logging, and documented procedures for communications during crisis or incident scenarios.

Can AI meeting summaries and transcription be offered in a sovereign deployment without sending audio to a public cloud?

Yes. Open-source speech-to-text engines such as Whisper and Vosk run entirely on-premises. Meeting audio never leaves controlled infrastructure. Summarisation can then be handled by a locally deployed large language model such as Mistral or Llama, completing the full AI pipeline without any external API call.

How does Matrix/Element differ architecturally from Jitsi Meet or BigBlueButton for sovereign deployments?

Matrix is a federated messaging and presence protocol; Element is its primary client. Video calls within Matrix rely on WebRTC coordinated through your own homeserver, with larger group calls routed through a self-hosted Jitsi Meet instance. BigBlueButton is purpose-built for structured online meetings with deeper moderation features, making it better suited for formal hearings, training, or parliamentary-style sessions rather than ad-hoc team chat.

Frequently asked questions

Does using Microsoft Teams with a European data residency option eliminate CLOUD Act exposure?
No. Data residency controls determine where data is stored at rest, but CLOUD Act 18 U.S.C. u00a7 2713 obligates US-incorporated providers to produce data regardless of storage location. Because Microsoft is a US corporation, a US court order can compel disclosure of European-resident data. Only switching to a provider with no US corporate nexus removes that exposure.
Is Jitsi Meet fully open-source and free of 8x8 telemetry when self-hosted?
Yes, when you deploy the Jitsi Meet open-source stack from the Jitsi GitHub repository on your own infrastructure, no data is routed to 8x8 or any third party. The 8x8 cloud service (meet.jit.si) is a separate hosted product; the open-source components carry no mandatory telemetry or licence fees.
What does NIS-2 Article 21(2)(h) specifically require for conferencing systems?
Article 21(2)(h) of Directive (EU) 2022/2555 requires essential and important entities to implement policies and procedures covering the security of communications, including voice and video. In practice this means encrypted transport (at minimum DTLS-SRTP), access controls, incident logging, and documented procedures for communications during crisis or incident scenarios.
Can AI meeting summaries and transcription be offered in a sovereign deployment without sending audio to a public cloud?
Yes. Open-source speech-to-text engines such as Whisper (OpenAI-released, self-hostable) and Vosk can run entirely on-premises or on Swiss-hosted servers. Meeting audio never leaves controlled infrastructure. Summarisation can then be handled by a locally deployed large language model such as Mistral or Llama, completing the full AI pipeline without any external API call.
How does Matrix/Element differ architecturally from Jitsi Meet or BigBlueButton for sovereign deployments?
Matrix is a federated messaging and presence protocol; Element is its primary client. Video and voice calls within Matrix rely on WebRTC but are coordinated through your own homeserver. For larger group calls, Element integrates with a self-hosted Jitsi Meet instance, giving organisations a unified messaging-plus-video stack. BigBlueButton is purpose-built for structured online meetings and webinars with deeper moderation features, making it better suited for formal hearings, training, or parliamentary-style sessions rather than ad-hoc team chat.