The Dutch NCSC (Nationaal CyberSecurity Centrum), amongst other by an external law firm the impact of the US on the Cloud Act that would enable the US government to investigate on European data centers and documents it to be very limited. In a day and age of Zero Trust, considering the origin of the GDPR and Cloud Act, the fact of the surveillance states we are in, this risk might be somewhat underestimated; but getting insights in the facts is helpful.