The European Union is reportedly working on legislation that would require companies to provide customers' personal data for law enforcement even if it's being kept on servers outside of the region.

The situation is something of an about-face for the European Commission, which typically falls on the side of privacy, Reuters said on Monday. In fact while the E.U. executive previously said it wanted law enforcement to be able to access digital evidence stored anywhere within the Union, it made no hint at going beyond that.

One Reuters source indicated that the legislation — if passed — would apply to people of any nationality and not just E.U. citizens, as long as they're connected to a European investigation. The law is still in a drafting stage, set to be considered by lawmakers and member countries towards the end of March, and even if supported could take up to two years to be set in stone.

Several sources admitted that the proposal may run into conflict with existing laws, including those in the U.S. Some American companies aren't allowed to share personal data with foreign governments, and indeed sources suggested that the proposal is partly aimed at strengthening the E.U.'s position in negotiating a bilaterial deal with the U.S.

Another goal is speeding up the efficiency of European investigations. Currently E.U. prosecutors are subject to mutual legal assistance treaties, or MLATs, which demand that they ask governments for a local subpoena or search warrant. The process can be slow, and the proposed legislation would bypass MLATs.

Apple is likely to oppose the new law vocally, given its normal stances on privacy and data security. At the same time it may have no choice but to acquiesce, since it probably considers the European market too profitable to abandon.