Built, operated, controlled, and secured in Europe: AWS unveils new sovereign controls and governance structure for the AWS European Sovereign Cloud

Today, AWS unveiled the independent European governance structure for the AWS European Sovereign Cloud, the creation of a dedicated Security Operations Center, and the establishment of a new parent company for the AWS European Sovereign Cloud that will be locally controlled in the European Union (EU), led by EU citizens, and subject to local laws. Kathrin Renz, who currently serves as vice president of AWS Industries out of Munich, will serve as the company’s first managing director.

AWS has always believed it is essential that customers have control over their data and choices for how they secure and manage that data in the cloud. Our approach from the beginning has been to make AWS sovereign-by-design, when we were the only major cloud provider to allow customers to control the location and movement of their data. We built data protection features and controls for AWS with input from financial services, healthcare, and government customers—who are among the most security and data privacy-conscious organizations in the world. We committed to expanding our capabilities to allow customers to meet their digital sovereignty needs, without compromising on the performance, innovation, security, or scale of the AWS Cloud.

Launching by the end of 2025, the AWS European Sovereign Cloud represents the further delivery of our commitment, combining operational autonomy with our expansive service portfolio to meet Europe's digital sovereignty needs. We’ve had deep engagements with European regulators, including national cybersecurity and data protection authorities, and customers to understand their sovereignty requirements and test our sovereignty approach. We designed the AWS European Sovereign Cloud to meet these stringent regulatory, data residency, and operational needs. The AWS European Sovereign Cloud will be the only fully-featured, independently operated sovereign cloud backed by strong technical controls, sovereign assurances, and legal protections designed to meet the needs of European governments and enterprises. Customers and partners using the AWS European Sovereign Cloud will benefit from the full power of AWS including the same service portfolio, security, availability, performance, familiar architecture, APIs, and innovations such as the AWS Nitro System.

AWS will establish a new European organization and operating model for the AWS European Sovereign Cloud, with a new parent company and three subsidiaries incorporated in Germany. These dedicated European subsidiaries will implement controls for keeping customer content and customer-created metadata within the EU, employ EU resident personnel responsible for operating the AWS European Sovereign Cloud, own and operate the underlying infrastructure, and hold EU-based root certificates and trust services that are needed to authenticate the security and identity of cloud services. The management team leading this new parent company will include the managing director and a government security and privacy official, who will all be EU citizens residing in the EU.

AWS will establish an independent advisory board for the AWS European Sovereign Cloud, legally obligated to act in the best interest of the AWS European Sovereign Cloud. Reinforcing the sovereign control of the AWS European Sovereign Cloud, the advisory board will consist of four members, all EU citizens residing in the EU, including at least one independent board member who is not affiliated with Amazon. The advisory board will act as a source of expertise and provide accountability on sovereignty-related aspects of the AWS European Sovereign Cloud operations, including strong security and access controls and the ability to operate independently in the event of disruption.

Building on deep experience running AWS services for the most sensitive workloads around the world, the AWS European Sovereign Cloud is designed with the unmatched operational resilience our customers expect from AWS. The design of the AWS European Sovereign Cloud enables it to continue operations indefinitely, even in the event of a connectivity interruption between the AWS European Sovereign Cloud and the rest of the world. European customers and governments benefit from the resilient AWS architecture that features multiple Availability Zones with independent power, networking, facilities, and security capabilities that make these critical operations possible. This powerful combination has proven crucial during times of crisis, such as helping to preserve vital Ukrainian government services and developing AI-powered early warning systems for flood prevention in Zaragoza - demonstrating how AWS enables meaningful support when Europe needs it most. The AWS European Sovereign Cloud will feature the same architecture that has proven crucial at critical times, enabling continuous operation in the event of a natural disaster. To support continuity even under extreme circumstances, authorized AWS employees of the AWS European Sovereign Cloud, who are EU residents, will have independent access to a replica of the source code needed to maintain the AWS European Sovereign Cloud services.

Kathrin Renz, the first managing director of the AWS European Sovereign Cloud, is a German national who brings deep global and European expertise to the position with more than two decades of experience in the global technology sector, including key roles in European technology and large enterprises. Based in Germany and acting as the most senior leader of the AWS European Sovereign Cloud, Renz will be legally bound to act in the best interest of the AWS European Sovereign Cloud and will be responsible for overseeing decisions related to corporate governance, compliance, and security, while ensuring the AWS European Sovereign Cloud complies with all applicable laws and regulations in Germany and the EU.

"We’re taking a unique approach with AWS European Sovereign Cloud. Customers tell us they don’t want to choose between feature-limited solutions or the full power of AWS, so we’ve designed the AWS European Sovereign Cloud to address European digital sovereignty requirements while maintaining the services portfolio, security, reliability, and performance that customers expect from AWS," said Kathrin Renz, managing director of AWS European Sovereign Cloud. "Our investment in the AWS European Sovereign Cloud reinforces our commitment to Europe’s digital future – driving cloud and AI adoption is at the heart of Europe’s innovation agenda, and this solution will enable customers to accelerate innovation, while meeting their digital sovereignty needs."

The AWS European Sovereign Cloud infrastructure will be entirely located within the EU, physically and logically separate from other AWS Regions, and operate as an independent cloud for Europe. We are committed to independent and continuous operations; the AWS European Sovereign Cloud will have no critical dependencies on non-EU infrastructure. Everything needed to operate the AWS European Sovereign Cloud is in the EU: the talent, the technology, the infrastructure, and the leadership. In addition to independent infrastructure, there will be zero operational control outside of EU borders; the AWS European Sovereign Cloud will be operated entirely by residents of Europe. Only AWS employees, residing in the EU, will control day-to-day operations, including access to data centers, technical support, and customer service for the AWS European Sovereign Cloud. Cost management tooling, bills, and the console interface will provide Euro currency (EUR) experience. Depending on a customer’s location, they will also be able to make payment in EUR or their preferred currency.

The AWS European Sovereign Cloud will have dedicated networking infrastructure and connectivity from European providers, as well as sovereign Points of Presence for direct network connection to the AWS European Sovereign Cloud, via AWS Direct Connect, allowing customers to have an autonomous connection to the AWS European Sovereign Cloud. The AWS European Sovereign Cloud will have its own dedicated Amazon Route 53, providing customers with a highly available and scalable Domain Name System (DNS), domain name registration, and health-checking web services. The Route 53 name servers for the AWS European Sovereign Cloud will use only European Top Level Domains (TLDs) for their own names. AWS will also launch a dedicated “root” European Certificate Authority, so that the key material, certificates, and identity verification needed for Secure Sockets Layer/Transport Layer Security (SSL/TSL) certificates can all run autonomously within the AWS European Sovereign Cloud. AWS Direct Connect, Amazon Route 53, and the AWS European Certificate Authority will be available at launch on the AWS European Sovereign Cloud.

The AWS European Sovereign Cloud will be secured by a dedicated European Security Operations Center (SOC) that mirrors global security practices. Security is foundational to digital sovereignty and AWS is architected to be the most secure global cloud infrastructure on which to build, migrate, and manage applications and workloads. AWS has always been secure by design, defining industry-leading practices, technologies, and controls that are deeply integrated across all layers, from the physical data centers to the network design, and service architectures, ensuring robust security and data protection for customers' applications and data. To bring these trusted solutions and operations to bear for customers of the AWS European Sovereign Cloud, we will extend our security operations to the dedicated SOC. This SOC will be supported by a dedicated security leader who will be an EU citizen residing in the EU. The security leader will be responsible for advising the managing director and supporting customers and regulators in Europe on security-related matters.

AWS continues to work closely with European regulators, including the German Federal Office for Information Security (BSI), which has established leading security standards for cloud providers in Germany and beyond. Earlier this year, AWS and the BSI signed a co-operation agreement, and a key priority of that agreement was to further the governance, technical standards for operational separation, and data flow management required for the AWS European Sovereign Cloud, enabling compliance with BSI’s digital sovereignty requirements.

One of the foundational components of how AWS delivers assurance and enables verifiable trust is through our compliance programs and assurance frameworks. These programs provide independent validation and assurance that our controls are designed appropriately, operate effectively, and can help customers satisfy their compliance obligations. The AWS European Sovereign Cloud will maintain key certifications such as ISO/IEC 27001:2013, SOC 1/2/3 reports, and BSI C5 attestation, all validated regularly by independent auditors to assure our controls are designed appropriately, operate effectively, and can help customers satisfy their compliance obligations.

To satisfy customer requirements for the AWS European Sovereign Cloud, we are introducing the Sovereign Requirements Framework (SRF). The SRF is a comprehensive set of technical, legal, and operational sovereignty controls that were developed from the sovereignty expectations of our customers, requirements of regulatory bodies across the EU, industry-leading framework guidance, and the needs of our implementation partners. With the SRF, AWS will demonstrate adherence to sovereignty expectations and enable verifiable trust in a consistent and repeatable manner to customers and regulators through control implementation across services and operations creating auditable evidence. From launch, AWS commits to independent third-party audits and attestations of the AWS European Sovereign Cloud controls based on the SRF and will be included in the AWS European Sovereign Cloud specific SOC2 attestation. Customers will have access to assurance reports via AWS Artifact, ensuring full traceability of control design and operating effectiveness.

Amazon’s roots in Europe run deep, and we’ve been contributing to economic growth and job creation for more than 25 years. This includes investing more than €250 billion since 2010 and employing more than 225,000 people across the continent. Many of these employees have been with us for more than a decade and play a role in some of the foundational services we build for customers. For example, the teams at our research and development centers in Ireland and Germany help contribute to developing cutting-edge technology for Amazon Elastic Compute Cloud (Amazon EC2), including the AWS Nitro System that powers all our modern EC2 instances, and Amazon Linux.

Our approach to digital sovereignty is to continue to make AWS sovereign-by-design – as it has been from day one – and for our existing Regions in Europe to operate through European corporate entities subject to local laws. The first AWS European Sovereign Cloud Region builds on this rich European history and will launch in the State of Brandenburg, Germany, by the end of 2025, backed by a €7.8 billion investment. It is designed to provide customers with more choice to meet their evolving digital sovereignty needs, without compromising on the full power of AWS.

Across Europe, organizations are embracing artificial intelligence and machine learning to drive innovation and efficiency. The AWS European Sovereign Cloud will offer a comprehensive suite of services, including for artificial intelligence, compute, containers, database, networking, and security. Artificial intelligence services will include Amazon Bedrock, Amazon Q, and Amazon SageMaker, which are built on our sovereign-by-design foundation and will make it simpler for our customers to meet their digital sovereignty requirements while getting the security, control, compliance, and resilience they need. Customers will also be able to choose from a wide range of AWS Partner Solutions, allowing them to take full advantage of the breadth and depth of AWS. Once launched, it will be open to all customers and partners.

Learn more about the AWS European Sovereign Cloud on aws.eu.