Technically and legally independent: How Amazon's EU cloud works

Contents

The governance structure of the independent Amazon Cloud for Europe is in place: there will be a separate parent company for the AWS European Sovereign Cloud, which Kathrin Renz will head as the first Managing Director. She was previously Vice President, AWS Industries in Munich. According to dpa, the new company will be based in Potsdam; Amazon has not yet announced where exactly the new data centers will be located. The initial investment will amount to 7.8 billion euros. The new EU cloud is set to go live at the end of 2025.

EU law for the new AWS Cloud

AWS emphasizes that the new cloud will only be subject to local legal requirements and will only be managed by EU citizens. In addition to the management of Renz, there will be a security and data protection officer and an advisory board. The latter will also be made up exclusively of EU citizens, and at least one member will be independent of Amazon. The task of the advisory board will be to act as an expert committee to account for the operation of the sovereign EU cloud.

The new company will be divided into an infrastructure company, a research, and development company and a trust certificate company. The staff for operations and support are also located in the EU only. AWS emphasizes this in particular for the administration of the EU-based root certificates and trust services: A separate Amazon Route 53 – of the provider's DNS service – will be set up and the EU cloud will only use European TLDs. Amazon also wants to set up its CA/certification authority so that the necessary key material, certificates, and identity checks can remain autonomous and local.

In general, Amazon promises that the AWS Sovereign Cloud will remain physically and logically separate from other AWS regions – operations will run completely independently and without critical dependencies on non-EU infrastructure. In addition to the regular data, the metadata created by the customer will never leave the EU. There will also be dedicated tools for cost management. Amazon had already promised an independent system for measuring usage when the EU cloud was first announced in October 2023.

Security from and for Europe

The company's own European Security Operations Center (SOC) is intended to support management and customers, as well as EU regulatory authorities regarding security. The latter include the BSI, with which Amazon concluded a cooperation agreement at the beginning of 2025. In this way and with compliance programs and certifications such as BSI C5, AWS aims to create trust.

What is completely new, however, is its Sovereign Requirements Framework (SRF), a “comprehensive catalog of technical, legal and operational sovereignty controls developed based on the sovereignty expectations of our customers, the requirements of regulatory authorities in the EU, guidance from leading industry standards and frameworks, and the needs of our implementation partners”, according to the announcement. Amazon intends to have the promises of the AWS European Sovereign Cloud independently verified and certified. Customers will be able to view the test reports via AWS Artifact.

No restrictions planned

When the EU Cloud 2023 was first announced, Max Peterson, Vice President, Sovereign Cloud at AWS, emphasized that the European Sovereign Cloud should offer the same security, availability, and performance as the existing AWS regions. “Customers should not have to make any compromises in the […] portfolio of cloud services”. Renz now emphasizes once again that “the service portfolio offers the security, reliability, and performance that customers expect from AWS.” This also includes a “wide range of AWS partner solutions”.

Following the launch of the sovereign EU cloud, it will be explicitly open to all customers and partners. There are no details on prices yet, except that invoices and console interfaces will be provided in euros. However, depending on their location, customers can also make their payments in their preferred currency. All the information already available on the AWS Sovereign Cloud can be found in the official announcement from Amazon.

In addition to Amazon, Google is currently also involved as a sovereign cloud provider in Europe. The US company has secured a major contract from the German Armed For ces, whose private cloud will be physically isolated from the public internet and other Google systems and installed and operated in the Armed Forces' own data centers. Meanwhile, Microsoft wants to gain trust in the EU, among other things, by securing its source code in Switzerland and investing heavily in Europe.

(fo)