AWS European Sovereign Cloud

Abstract image of cloud

The AWS European Sovereign Cloud is the specialized sovereign offering from Amazon Web Services (AWS), designed to address the growing demand for digital sovereignty in Europe.

With this solution, AWS seeks to support European governments, public entities, and businesses in maintaining full control over their data while still being able to use the accustomed AWS’s cloud services.

The AWS European Sovereign Cloud is not fully operational yet. Launch is planned for end of 2025.

Key Features of the AWS European Sovereign Cloud

  1. Data Residency and Sovereignty
    • The AWS European Sovereign Cloud is basically a separate AWS instance, ensuring that customer data, including metadata, remains entirely within Europe. This approach is designed to comply with local and EU-specific regulations, including GDPR and other data sovereignty requirements.
    • The data is processed, stored, and managed in EU-based infrastructure, ensuring that no data is transferred across borders unless explicitly authorized by the customer.
  2. Independent EU Cloud Operations
    • The cloud is operated by a dedicated team of EU-based personnel. This operational independence ensures that European customers retain full oversight and control over their data.
    • By implementing strict access controls, AWS ensures that the management of the cloud services is governed within the European jurisdiction, limiting external or non-EU personnel intervention.
  3. Compliance With EU Regulations and Standards
    • The AWS European Sovereign Cloud is designed to align with stringent regulatory expectations, including GDPR, NIS2 (Network and Information Security Directive), and sector-specific compliance frameworks.
    • AWS provides tools and documentation to help organizations navigate complex compliance requirements, simplifying the process of demonstrating adherence during audits or reviews.
  4. High-Level Security and Encryption
    • Data within the AWS European Sovereign Cloud is secured using advanced encryption standards, ensuring it remains protected both at rest and in transit.
    • Customers can leverage their own encryption keys through AWS Key Management Service (KMS), allowing full control over who can decrypt or access their data.
    • The sovereign cloud adheres to high-level cybersecurity principles, protecting customer workloads from evolving threats.
Extent of AWS European Sovereign Cloud controls
copyright AWS

Available Services

The AWS European Sovereign Cloud is launching with around 70 services. These include the basics, e.g. for IAM, key management and networking and the classical compute and storage services, e.g. Amazon EC2, Amazon S3, AWS Lambda, Cloudwatch und CloudFormation. Furthermore, some AI services are going to be available at launch.

AWS European Sovereign Cloud Regions

The launch region of AWS European Sovereign Cloud is going to be in Brandenburg, Germany. As of now, no further regions are announced. AWS is following the usual pattern and setting up 3 availability zones for the Brandenburg region. An availability zone can consist of one or more data centres.

With this single region, there may be some interesting discussions with the compliance department about how to meet geo-redundancy requirements, laid out for example in the Kriterien für die Standortwahl von Rechenzentren of the Bundesamt für Informationssicherheit (BSI).

Conclusion

The AWS European Sovereign Cloud is a critical step in AWS’s commitment to supporting European customers amidst increasing regulatory and governmental focus on data sovereignty and digital independence.

Despite the sovereign model, organizations remain dependent on AWS as a third-party provider for their cloud infrastructure. Some organizations may continue to weigh this dependency against fully independent solutions.

Since the AWS European Sovereign Cloud operates as an entirely separate environment, migrations are required for organizations wishing to leverage its capabilities. This process demands significantly more effort than simply transferring resources to a different AWS region, particularly when migrating elements such as IAM (Identity and Access Management). Additionally, the AWS European Sovereign Cloud does not offer the full suite of AWS services at launch. In fact, the range of services currently available is comparable to offerings from other providers, such as OVHcloud, Open Telekom Cloud, and Scaleway.

To top