← Thought Leadership

Architecture

When you paste a contract into an AI, who else can read it?

Checking a draft contract or a live incident against European law by running it through a foreign AI transmits the full text to a provider under foreign jurisdiction. That is a disclosure, and it may be one you never learn about.

Martin Foerster
Co-founder
· 3 min read

New to the topic? Start with What sovereign compliance actually means.

A person typing on a laptop keyboard

Photo: Nathan Dumlao / Unsplash

A lawyer reviewing a draft acquisition agreement wants to check its wording against German and EU law before it is signed. She pastes the full text into an AI assistant and asks whether any clause conflicts with the relevant statutes. The answer returns in seconds, and it is useful. In that same moment, the entire unsigned agreement has left the building and now sits with the assistant’s provider, which may be a company on the other side of the Atlantic.

The prompt is the disclosure

There is a habit of thinking about AI risk in terms of the answer: whether it is accurate, whether it is biased, whether it can be trusted. The more immediate risk is on the way in. Every evaluation an institution runs transmits the material it is evaluating. Ask a foreign model whether an unsigned contract complies with member-state law, and you have disclosed the contract. Ask it to assess the exposure created by a live regulatory incident, and you have disclosed the incident, along with your own reading of how serious it is, to whoever operates the model.

For most everyday queries this is immaterial. For the work that compliance and legal teams actually do, it is not, because that work concentrates precisely the material an institution is obliged to protect: unsigned deals, privileged assessments, incident records, and the internal view of its own liabilities.

What foreign jurisdiction means in practice

The reason this weighs more heavily with a US-controlled provider than with a European one is not reputation. It is law.

Definition
The CLOUD Act, and the gag order
The US Clarifying Lawful Overseas Use of Data Act allows American authorities to compel a US-based provider to hand over data it holds, regardless of where in the world that data is stored. A non-disclosure order can be attached to the demand, legally barring the provider from telling the affected customer. In Microsoft’s own account of its litigation, most such orders arrived with no expiry date, which means the customer may never learn that the data was produced.

This exposure is documented, and it is worth being precise about the evidence. In June 2025, asked under oath before the French Senate whether he could guarantee that French citizens’ data would never be handed to the US government without French consent, Microsoft France’s director of public and legal affairs answered plainly: “No, I cannot guarantee that.” A data centre in Europe does not change the jurisdiction of the company that operates it.

The reach of US jurisdiction over US companies is not hypothetical either. In May 2026, a committee of the US Congress demanded internal documents from Microsoft as part of an inquiry touching European platform regulation, and Microsoft handed over its own records concerning two Dutch regulators that enforce the EU’s Digital Services Act, including the unredacted names of their civil servants. The material came from Microsoft’s own systems rather than data it hosts for those bodies, and the disclosure ran through US Congressional process rather than any European one, with the Dutch government learning of it only afterwards. Where a non-disclosure order applies, even that much awareness is not guaranteed.

The rule this points to

None of this is an argument against using AI for compliance work, which is quickly becoming indispensable. It is an argument for a boundary. Evaluations that expose an institution’s regulated material, an unsigned contract, an incident assessment, a candid view of its own exposure, should run under European data-protection law and, wherever possible, on models operated within European jurisdiction, the direction European policy is already moving. Better still, they should run on an architecture in which the sensitive material never leaves the institution’s control at all, so that there is nothing for a foreign authority to compel. That protection does not depend on the maturing of European models. It holds whatever the model is, because the material a foreign authority might reach was never sent to it.

The question to ask before entering anything into an AI system is not only whether the model is good. It is who else is entitled to read what you are about to show it, and whether you would ever be told if they did.

Frequently asked questions

Is it safe to put confidential documents into an AI tool?
For everyday queries, usually. For sensitive compliance and legal material, not without care: running a document through an AI model transmits it to the model's provider. If that provider is subject to US law, the material can be compelled under the CLOUD Act, often under a gag order.
What is the CLOUD Act and why does it matter for AI?
The US CLOUD Act lets US authorities compel a US-based provider to hand over data it holds regardless of where in the world it is stored. A non-disclosure order can bar the provider from telling the affected customer.
How can teams use AI for compliance safely?
Run evaluations under European data-protection law and, where possible, on models operated within European jurisdiction — better still, on an architecture where the sensitive material never leaves the organisation's control at all, so there is nothing for a foreign authority to compel.

Sources