Thoughts on the recent Dutch–Microsoft data exposure issue from an Indian perspective. In an era where data is considered the new oil, the incident raises important questions on data sovereignty, foreign government access to cloud-held data, cross-border data transfers, and the responsibilities of Data Fiduciaries under India’s Digital Personal Data Protection Act, 2023. This is not just a technology issue. It is also a legal, economic, governance and national security issue. My article looks at what Indian businesses, policymakers and regulators should consider while relying on global cloud infrastructure, especially where personal data, strategic data and critical digital infrastructure are involved. Views are personal and intended for discussion.













