File storage is one of the most consequential procurement choices a team makes. Documents, contracts, source files, customer records, and operational data tend to accumulate in whichever storage product is convenient first, and migrating them later is one of the slowest projects an organization will ever attempt.
The mainstream defaults — Google Drive, Dropbox, OneDrive — are operationally polished but introduce the same recurring questions for European buyers: where is the data hosted, who manages the encryption keys, what is the legal exposure under the US CLOUD Act, and how is sub-processor disclosure handled.
European and Swiss providers approach this differently. Some, such as Tresorit, use end-to-end encryption with client-side keys so the operator cannot read file contents even under compulsion. Others, such as Infomaniak kDrive, operate fully owned data centers in Switzerland with no US infrastructure in the data path. Self-hostable platforms like Nextcloud let an organization run the entire storage layer inside its own EU environment.
The right pick depends on the threat model. For teams handling regulated data, end-to-end encryption is often the decisive feature. For general operational storage, EU-only hosting with a clear DPA may be sufficient.