AWS has announced key components of its independent European governance for the AWS European Sovereign Cloud, including a new EU-controlled parent company and a dedicated Security Operations Center. With this strategic move, AWS aims to launch its first region in Brandenburg, Germany, by the end of 2025, specifically to meet the stringent digital sovereignty requirements of European governments and enterprises.
The AWS European Sovereign Cloud is designed to combine operational autonomy with the expansive service portfolio of the AWS Cloud. AWS emphasizes its long-standing “sovereign-by-design” approach, where customers control data location and movement. These stringent requirements are primarily driven by industry concerns over data access and extraterritorial laws, such as the U.S. CLOUD Act. This new cloud builds on that commitment, offering the same performance, innovation, security, and scale AWS customers expect.
A new European organization and operating model will be established for the AWS European Sovereign Cloud, comprising a new parent company and three subsidiaries incorporated in Germany, all of which will be led by EU citizens residing in the EU and subject to local laws. Kathrin Renz, currently Vice President of AWS Industries, will serve as the company’s first managing director, legally bound to act in the best interest of the AWS European Sovereign Cloud.
Furthermore, the model ensures that customer content and metadata remain within the EU, with operations managed exclusively by personnel residing in the EU. Its dedicated infrastructure will be entirely located within the EU, physically and logically separate from other AWS Regions, with no critical dependencies on non-EU infrastructure. It will also feature independent services, such as its own Amazon Route 53 (utilizing European Top-Level Domains) and a dedicated “root” European Certificate Authority for SSL/TLS certificates, alongside Euro currency billing.
An independent advisory board, comprising at least four EU citizens (including one independent member not affiliated with Amazon), will be established. This board will provide expertise and accountability on sovereignty-related aspects and act in the best interest of the AWS European Sovereign Cloud. The design also enables continuous operation even in the event of a connectivity interruption with the rest of the world.
The AWS European Sovereign Cloud will feature a dedicated European Security Operations Center (SOC) mirroring global security practices. This SOC will be led by an EU citizen residing in the EU, who will be responsible for advising the managing director and supporting customers and regulators on security matters.
AWS has also closely collaborated with European regulators, including the German Federal Office for Information Security (BSI), signing a co-operation agreement to further governance and technical standards for operational separation and data flow management. To provide verifiable trust and adherence to sovereignty controls, AWS is introducing the Sovereign Requirements Framework (SRF). The AWS European Sovereign Cloud will maintain key certifications, including ISO/IEC 27001:2013, SOC 1/2/3 reports, and BSI C5 attestation, with independent third-party audits based on the SRF, available via AWS Artifact.
(Source: About Amazon News)
The AWS European Sovereign Cloud initiative comes amidst a significant and ongoing push in Europe for greater technological sovereignty. David Linthicum, a prominent industry analyst, commented on this broader trend in a tweet on X:
The growing push in Europe to reduce reliance on US-based cloud providers is a bold and important move toward technological sovereignty. By promoting homegrown solutions, the EU is striving for greater control over sensitive data and reduced dependency on external powers. However, this shift raises an important question: Could Europe be sacrificing access to the advanced capabilities offered by leading US cloud providers in the process? US cloud giants have set the standard for cutting-edge innovation in areas such as artificial intelligence, machine learning, and scalable global infrastructure.
Linthicum further noted that while Europe’s push to develop its own cloud ecosystem (citing initiatives like Gaia-X) is a step in the right direction, it faces “steep challenges in terms of infrastructure investment, scalability, and competing with over a decade of expertise and innovation.” He concluded that:
Striking the right balance will be critical. Europe must ensure its sovereignty efforts don’t unintentionally limit access to crucial capabilities that drive innovation and competitive advantage in a globally connected economy.
This initiative from AWS comes as other major cloud providers are also making significant commitments to address European concerns about digital sovereignty. For instance, Microsoft recently announced five digital commitments to strengthen its support for Europe’s technological landscape, including a 40% expansion of its European datacenter capacity, a pledge to uphold digital resilience (including a “European cloud for Europe” overseen by a European board), and the completion of its EU Data Boundary project.
The first AWS European Sovereign Cloud Region is set to launch in the State of Brandenburg, Germany, by the end of 2025, backed by a €7.8 billion investment – a commitment that ensures customers can meet their evolving digital sovereignty needs without compromising on the full power of AWS.
It will offer a comprehensive suite of services, including artificial intelligence (Amazon Bedrock, Amazon Q, Amazon SageMaker), compute, containers, database, networking, and security. These services, built on AWS’s sovereign-by-design foundation, will simplify how customers achieve digital sovereignty while gaining the security, control, compliance, and resilience they need. Customers will also benefit from a wide range of AWS Partner Solutions. Once launched, the AWS European Sovereign Cloud will be open to all customers and partners, reinforcing AWS’s long-term commitment to Europe’s digital future.
