AWS flips switch on Euro cloud as customers fret about digital sovereignty

EU-only ops, German subsidiaries, and a pinky promise your data won't end up in Uncle Sam's hands

Amid continued trade and geopolitical volatility between Europe and the US, Amazon Web Services is making its European Sovereign Cloud generally available today and plans to expand so-called Local Zones.

Amazon says the cloud is "entirely located within the EU, and physically and logically separate from other AWS Regions." It will initially offer 90 services from compute to database, networking, security, storage, and AI.

It is "independently operated" by EU residents and "backed by strong technical controls, sovereign assurances, and legal protections designed to meet the needs of European governments and enterprises for sensitive data." Only authorized AWS staff running the European Sovereign Cloud will have access to a "replica of the source code needed to maintain" services.

The footprint of this cloud is being extended from the AWS Region in Germany across the EU to allay customers' concerns. Belgium, the Netherlands, and Portugal are set to kick off AWS Local Zones.

AWS says customers with more stringent requirements for data isolation or data residency can use its Dedicated Local Zones, AI Factories, or Outposts in the preferred locations they select, including on-prem.

For the uninitiated, AWS Local Zones are built to provide low-latency access to services in specific cities. This same capability is provided by AWS Dedicated Local Zones, but these are created for the exclusive use by one customer or community so by their nature are meant to offer additional security, governance and data residency features for sovereign workloads.

Customers will keep all metadata they create (roles, permissions, resource labels, and configurations) only in the EU, including sovereign Identity and Access Management (IAM), billing, and usage metering systems.

EU citizens "obligated to abide by European law" will run a new parent company and three local subsidiaries incorporated in Germany that manage the AWS European Sovereign Cloud. An advisory board was also set up, comprising three Amazon staff and two independent board members.

Stéphane Israël is listed by AWS as managing director of the AWS European Sovereign Cloud and digital sovereignty, alongside Stefan Hoechbauer, vice president of AWS Global Sales Germany and Europe Central, who is was also named as a second managing director of the AWS European Sovereign Cloud.

AWS began to build a new organization in Europe in June last year, as customers in the region became concerned about the effects of the second Trump administration.

Sources told us that digital sovereignty is among the top questions customers in the region ask about when considering workload strategies. Hyperscalers have generated considerable revenues in Europe and so, in addition to AWS, Microsoft and Google also moved to reassure customers.

Microsoft has offered customers privacy safeguards, saying it would fight the US government in court to protect customer data if needed. Google has also updated its sovereign cloud services.

In November, Gartner predicted IT spending in Europe will grow 11 percent next year to hit $1.4 trillion amid a desire for cloud sovereignty.

The IT research biz also found that 61 percent of European CIOs and tech leaders want to increase their use of local cloud providers. Around half (53 percent) said geopolitics would restrict their use of global providers in the future.

Senior Forrester analyst Dario Maisto said around 70 percent of the European cloud market is in the hands of the US hyperscalers, with AWS and Microsoft taking the lion's share. He said organizations are looking at sovereign cloud options, but also alternatives.

"We are also seeing clients switching from hyperscalers to local cloud vendors at a cost to get rid of the dependency on foreign jurisdictions. This opens up a more complex problem, though, as clients will have to migrate the SaaS stack and the workspace suite too, something that is sometimes not even technically possible," he said.

European tech leaders are concerned about US laws having jurisdiction over European operations of US companies. For example, under the CLOUD Act, US authorities can compel access to information held by American cloud providers irrespective of where in the world that data is housed.

Some have cast doubt over how effective the leading hyperscalers' efforts at creating sovereign or local clouds will be.

Last summer, Microsoft admitted in a French court that it couldn't guarantee data on French citizens would not be transmitted to the US government if it received an injunction that was legally justified. This is a further complication, and one that is not only dogging US corporations. Just ask European cloud provider OVH.

Catherine Jestin, executive vice president of digital at Airbus, told The Register late last year that she was talking to lawyers about the effectiveness of hyperscalers' claims about digital sovereignty. "My view is, at this stage, I still don't understand. I know that [AWS] claim they are immune to extraterritorial laws. I still don't understand how it is possible."

An AWS spokesperson told The Register: "The AWS European Sovereign Cloud includes multiple layers of protection – legal, operational, and technical – to safeguard data. The AWS European Sovereign Cloud is powered by the AWS Nitro System which enforces access restrictions so that nobody, including AWS employees, can access customer data running in Amazon EC2. AWS also provides advanced encryption, key management services, and hardware security modules that customers can use to further protect their content. Encrypted content is rendered useless without the applicable decryption keys."