First of all, the servers i run this on sits in the EU. While the Cloud Act can and would effect this that is not the concern from corporate.

If we as a company allow the data to be copied to other regions outside the EU then WE are not compliant with the rules and can be punished for it. That is what corporate is worried about. Just like we have a deal with OpenAI, but no documentation etc is allowed to be shared and that is being monitored by our SIEM platforms.