The European Data Protection Supervisor (EDPS) said on Monday that preliminary results of its investigation into Microsoft contracts with EU institutions show serious issues over compliance with data protection rules.

“Though the investigation is still ongoing, preliminary results reveal serious concerns over the compliance of the relevant contractual terms with data protection rules and the role of Microsoft as a processor for EU institutions using its products and services,” the EDPS says in a statement.

The EDPS had launched an investigation on April 2019 into the use of Microsoft products and services by EU institutions.

The investigation identified the Microsoft products and services used by the EU institutions and assessed whether the contractual agreements concluded between Microsoft and the EU institutions are fully compliant with data protection rules. The EDPS also considered whether there were appropriate measures in place to mitigate risks to the data protection rights of individuals when EU institutions use Microsoft products and services.