The European Data Protection Supervisor (EDPS) has launched two investigations to comply with the "Schrems II" Judgement. The first investigation deals with the use of cloud services provided by Amazon Web Services and Microsoft under Cloud II contracts by European Union institutions, bodies and agencies (EUIs) and the second regarding the use of Microsoft Office 365 by the European Commission. The EDPS' analysis also confirms that EUIs increasingly rely on cloud-based software and cloud infrastructure or platform services from large ICT providers, of which some are based in the US and are therefore subject to legislation that, according to the "Schrems II" ruling, allows disproportionate surveillance activities by the US authorities.