Between the transposing of the EU Data Protection Directive in 1998 and the terrorist attacks in New York in September 2001, trade relations between the United States and the European Union were mutual, bilateral and safe.
Customers could lose access to data already held in an insecure cloud, and have their services cut off entirely, with businesses losing their outsourced communications services.
Or, Europe could ban new cloud contracts being signed by European clients with U.S.-based or wholly owned companies. This would limit the problem from spreading, but not solve the issue in its entirety.
U.S. companies could 'set free' their EU-subsidiaries so they can operate as self-operated.
Though it is not ideal, and might cause serious legal headaches for wholly owned EU subsidiaries of larger U.S. owned companies, subsidiaries could be allowed to operate independently from their parent organisations.
If Safe Harbor were to be suspended, this could severely impact cloud service providers, as well as governmental intelligence sharing capabilities.
While the very point of the Patriot Act series when I highlighted that U.S. intelligence agencies could access EU-based data, this would on the flip side have ramifications for intelligence sharing governments across the world; potentially hampering serious investigations into online child abuse and terrorism.
The EU could draft emergency legislation to temporarily block U.S. law, giving time to work on it further.
The most likely option, and far beyond the least damaging. In what form this will take, it is not clear.