Most companies I know (and/or have worked for) pay a lot of attention to where exactly their stuff is being hosted, partly due to GDPR. It might not be a Europe-native hoster but in most cases it will still be a data center in Europe (operated by AWS/Azure/GCP).
Which doesn't protect these companies. The CLOUD act allows the US to access the data even if hosted outside of the US, if it's a US company - since 2018. That has been a looming threat ever since, but is now more perilous than ever.
