But the US CLOUD Act could still theoretically compel Amazon (or its EU subsidiaries) to provide access to data
Amazon Web Services has announced sweeping plans to establish an independently operated European cloud operation, marking the latest significant shift in how US hyperscalers are changing their approach to data sovereignty concerns across the continent.
The AWS European Sovereign Cloud, set to launch by the end of 2025, will operate with complete independence from Amazon’s global infrastructure, featuring local European leadership, dedicated governance structures, and a specialised Security Operations Centre designed exclusively for European operations.
Kathrin Renz, currently vice president of AWS Industries based in Munich, will be the first managing director of the new sovereign cloud operation. According to the company, Renz will be legally bound to act in the best interests of the European operation and will oversee corporate governance, compliance and security decisions in line with appropriate German and EU regulations.
Amazon will establish a new parent company incorporated in Germany, supported by three subsidiaries that will implement controls for keeping customer content and metadata within the EU. The infrastructure will be entirely located within European borders, physically and logically separate from other AWS regions, with no critical dependencies on non-EU infrastructure. The governance structure includes an independent advisory board consisting of four EU citizens residing in Europe, including at least one member unaffiliated with Amazon.
Dedicated SOC
A dedicated European Security Operations Centre (SOC) will mirror global security practices while maintaining complete operational independence. The centre will be led by an EU citizen residing in Europe, who will advise the managing director and support customers and regulators on security matters.
AWS reminds interested parties it has spent €250 billion since 2010 in Europe and the first AWS European Sovereign Cloud region will launch in Brandenburg, Germany, backed by a €7.8 billion investment.
Sovereignty controls
AWS is also introducing a Sovereign Requirements Framework, developed, it says, from customer expectations, regulatory requirements and industry guidance. This framework will enable verifiable trust through consistent control implementation across services and operations, with independent third-party audits providing auditable evidence of compliance.
The new AWS European Sovereign Cloud will offer the complete suite of Amazon’s services, including AI capabilities through Amazon Bedrock, Amazon Q, and Amazon SageMaker. The sovereign cloud will operate with dedicated networking infrastructure from European providers and sovereign points of presence for direct network connections. It will feature its own Amazon Route 53 service using exclusively European Top Level Domains and a dedicated European Certificate Authority for SSL/TSL certificate management.
Once operational, the AWS European Sovereign Cloud will be available to all customers and partners, representing what Amazon describes as the only fully-featured, independently operated sovereign cloud backed by technical controls, sovereign assurances and legal protections specifically designed for European governments and enterprises.
Sovereign, not sovereign
The initiative represents Amazon’s response to growing European demands for digital sovereignty in the current geopolitical climate. Already Microsoft has been making noises in April that it would be giving customers safeguards if the US administration attempted to cut access to digital platforms stating it would contest any such moves by the US government including going to court if necessary to ensure “continuity of access”. Europe accounts for about 25% of Microsoft’s business.
Google Cloud followed suit last month, updating its sovereign cloud services by adding an air-gapped solution. AWS’s pivot looks good on paper but there are some undeniable truths that still dampen some enthusiasm. Despite European incorporation, Amazon.com remains the ultimate parent company. The US CLOUD Act could theoretically compel Amazon (or its EU subsidiaries) to provide access to data, depending on how ownership and control are legally interpreted. So while AWS asserts strong technical and legal safeguards, but there is no guarantee of insulation from US law.
In addition, the governance model introduces independence in operations and oversight, but ultimate ownership by a US entity introduces sovereignty risk by association – unlike Iliad, OVHcloud, Open Telekom Cloud and so on. AWS’s ESC also will not be operational until end of 2025, which may be too late for customers facing immediate regulatory or policy compliance needs.
As a result, AWS ESC may slow customer defections in Europe, but it is unlikely to fully satisfy digital sovereignty hardliners in France, Germany, or EU policymaking circles. This potentially leaves room for European-native cloud providers to differentiate on true legal and political independence.
