There was a case of Doctolib in the EU. French authority investigated Doctlib for using AWS.
They got off the hook because data was encrypted in the EU, outside of AWS and the encryption keys were inaccessible to AWS.
Similarly Sendinblue uses GCP and AWS as dumb storage of externally encrypted backups.
There are valid use cases. But these are very limited.
There was a case of Doctolib in the EU. French authority investigated Doctlib for using AWS.
They got off the hook because data was encrypted in the EU, outside of AWS and the encryption keys were inaccessible to AWS.
Similarly Sendinblue uses GCP and AWS as dumb storage of externally encrypted backups.
There are valid use cases. But these are very limited.