NSLs
Nope. Nothing to do with NSLs, because they are an individualised legal warrant. Abused, sure...
From https://noyb.eu/en/next-steps-users-faqs :
...companies that fall under a US “mass surveillance” law can no longer use the SCCs . This is because the SCCs cannot override US law.
Transfers to US companies that fall under a US “mass surveillance” law like FISA 702 (also called 50 USC §1881a) are usually illegal. The companies that cannot rely on them are the so-called “electronic communication service providers”. This is a broad term under US law and covers most IT and cloud providers.
Examples of these providers include AT&T, Amazon (AWS), Apple, Cloudflare, Dropbox, Facebook, Google, Microsoft, Verizon Media (known as Oath & Yahoo) or Verizon. The links of each of the companies will take you to their transparency reports that tell you how often they were subject to US government data access requests.