That is the reason exporting PII to American cloud providers is illegal, yes. That's exactly what the EU is now trying to work out. This includes concessions to give European citizens certain rights when it comes to American intelligence agencies and such. That's part of the reason why companies use Irish subsidiaries to bring a point of presence into the EU (without having to bother paying too much tax); directly dealing with the American companies would be blatantly illegal.
The main reason American companies are barred from processing personal information for European consumers is that Europeans don't have the necessary rights under American law to safeguard their data. Through an executive order and other political tools, this is being changed. Once that's done, there's no legal reason why the USA can't receive a competency decision from the EU.
Various DPAs are sceptical about the work being done on the American side exactly because of the way this is implemented (executive rather than legislative branch) and the possibility that existing laws will make effective protection impossible anyway. I personally wouldn't trust the country behind the Hague Invasion Act to protect the rights of foreign citizens.
The main reason American companies are barred from processing personal information for European consumers is that Europeans don't have the necessary rights under American law to safeguard their data. Through an executive order and other political tools, this is being changed. Once that's done, there's no legal reason why the USA can't receive a competency decision from the EU.
Various DPAs are sceptical about the work being done on the American side exactly because of the way this is implemented (executive rather than legislative branch) and the possibility that existing laws will make effective protection impossible anyway. I personally wouldn't trust the country behind the Hague Invasion Act to protect the rights of foreign citizens.