Alexander Rudolph schreibt in »Microsoft says U.S. law takes precedence over Canadian data sovereignty« für digitaljournal.com

Does this affect the federal government and military? Yes.

It appears that it does not matter if the target is an individual, organization, or government. As long as the legal request is considered valid in the United States, the target or location of the data does not matter.

As an example, the Department of National Defence and Canadian Armed Forces make significant use of Microsoft 365. They have their own defence-tailored instance called Defence 365, which serves as a common cloud infrastructure for collaboration across DND/CAF, with stakeholders and other government departments.

In theory, any data on or using Microsoft or a U.S.-based organization’s products and infrastructure which is not isolated from the Internet could be subpoenaed by the United States government.

The current United States administration has shown to base a significant amount of its foreign and economic policy on dubious or false pretenses with little basis in rational, informed evidence or reality. As a result, we cannot expect that all legal requests received by Microsoft or other tech giants will be evidence-based or rational.

Thus, this revelation represents a significant risk to the Government of Canada and its military.