It's not about the company per se, it's whether choosing a US vendor exposes you to a capricious US government who has shown it's willing to pull almost any lever to get what it wants.

The US Cloud Act already means no US company can give you legal reassurance of European law compliance - and while some companies have choosen to pretend this isn't the case for convenience - the legal position is clear.

However now there is the prospect of a rogue US government leveraging control of IT infrastructure for extortion or simple theft ( under the guise of national interest ).