What happened with Nayara Energy?
Nayara Energy, an Indian refinery company, is part-owned – less than 50% – by Russia’s Rosneft Oil Company. Tech giant Microsoft abruptly suspended its core communication and productivity tools that Nayara uses to comply with European Union (EU) sanctions.
In response, Nayara filed a case in the Delhi High Court on Monday, alleging that its fully paid-up licences for services such as Outlook and Teams were suddenly revoked and access to its own business data was blocked without due process—effectively crippling its daily operations. Nayara (formerly Essar Oil) said it contributes about 8% of India’s refining capacity, about 7% of its retail petrol pump network and an estimated 8% of polypropylene capacity. Microsoft has not commented on the court matter.
On Wednesday, though, Nayara Energy informed the court that Microsoft restored its services, following which it was withdrawing the case.
What is the legal position?
On 18 July, the EU imposed sanctions on Nayara Energy, a buyer of Russian oil, as part of a package targeting Russian interests over the war in Ukraine. However, unlike many major economies, India lacks the legal framework to block the extraterritorial application of foreign sanctions. Nayara has argued that it is not subject to EU sanctions and that Microsoft is under no legal obligation—under either US or Indian laws—to enforce the EU’s restrictions.
What questions does the incident raise?
While the case stands withdrawn, the episode raises two critical questions: How protected are businesses from geopolitical overreach when they depend on a single technology provider based in a different jurisdiction? And what steps can they take to safeguard themselves against such disruption?
Isn’t big tech supposed to be neutral?
Big tech companies can no longer claim to be neutral platforms. Their global operations are inevitably shaped by the geopolitical priorities of the jurisdictions they operate from, often at the expense of customers elsewhere. Even if not legally compelled, they may choose to err on the side of compliance to avoid reputational or regulatory fallout in major markets like the US, EU or even the Middle East.
Are there any precedents?
In 2022, Elon Musk instructed SpaceX engineers to disable Starlink satellite internet services over Ukraine, abruptly disrupting military and civilian communication and raising issues about private tech firms exerting unilateral control in geopolitical hotspots.
Canadian company Sandvine was placed on the US export entity list in 2024 because its digital tools were used by the regimes in Egypt and Belarus to censor internet traffic. The US government banned US companies from working with Sandvine, effectively cutting services through regulatory action.
Many governments have also banned the purchase/use of Kaspersky antivirus software from Russia on grounds of national security. Chinese company Huawei, too, has been banned or restricted in the US, the UK, Australia, Japan, India and parts of the EU from participating in 5G and critical digital infrastructure over national security concerns.
The merits and demerits of such geopolitical decisions notwithstanding, companies such as Apple, Microsoft, Oracle, SAP and Amazon reduced or even severed business ties—blocking sales, cloud services, and developer tools—in response to sanctions on Russia. Many companies did so proactively, even when not legally required in certain jurisdictions.
As on 29 July, over 1,000 companies have publicly announced they are voluntarily curtailing operations in Russia to some degree beyond the bare minimum legally required by international sanctions, as per a survey done by the Chief Executive Leadership Institute at the Yale School of Management. Likewise, geopolitical tensions between the US and China have also led to companies reassessing their presence in China.
Is this digital colonialism?
“What this situation really exposes,” asserted Jayanth N Kolla, founder and partner at deep tech consultancy Convergence Catalyst Kolla, “is a textbook case of digital colonialism—where big tech companies wield enormous control over the day-to-day operations and futures of other businesses.”
The irony, he added, is hard to miss.
“Microsoft’s action was based on its interpretation of EU sanctions, but it’s the same EU that is leading the global call to curb big tech’s overreach. Yet here we have a real-world demonstration of that very power—one where a single decision can halt the operations of an entire energy company. This is digital colonialism in action.”
What must enterprises do while picking tech vendors?
Companies must assess the geopolitical exposure of global technology vendors. Is a cloud provider based in a country that actively imposes sanctions or faces diplomatic tensions? Has it previously suspended services in other countries due to regulatory pressure?
Nayara may have used rediff.com’s service for internal communication in the absence of Microsoft’s service, as per a Reuters article. Yet, its reliance on Microsoft illustrates the broader risk of single-vendor lock-in. If core communication and productivity tools are suddenly cut off, companies will be forced to scramble for local alternatives.
The risk is amplified in sectors like energy, telecom and finance, which are tied closely to national infrastructure and economic stability. Hence, it’s critical to diversify service providers by using multi-cloud or hybrid-cloud strategies.
What are the alternatives to MNC tech providers?
Indian companies can now turn to domestic or geopolitically neutral alternatives. Zoho (office tools), CtrlS (data centres) and HCL Technologies (cloud services) are beginning to fill this gap. While they may not yet offer the same scale or feature-richness as global players, they may offer stability and reliance. But such transitions take time, cause productivity losses, and often involve compromises in functionality or integration.
What else do companies need to keep in mind?
Companies must plan regular data backups, alternative access points, and migration workflows to switch providers in days, not months. Kolla pointed out that most companies maintain redundancy for core cloud infrastructure and data hosting by working with multiple vendors.
“But when it comes to applications like email, Teams, and other executable services, redundancy is less common,” he explained. “Strategically, redundancy makes sense. Economically, however, maintaining a backup provider that might never be used is hard to justify.” Kolla added that this incident reveals a potential market for on-demand or pay-per-use backup services for cloud-based productivity tools.
How could this incident change vendor contracts?
Experts said companies must include protective clauses in vendor contracts. They must ensure that provisions exist for data portability, redundancy, and advance notice in case of service suspension. Legal teams must review not only the technical service-level agreement but also the jurisdiction, force majeure, and termination clauses from a geopolitical risk perspective.
