AWS Forms EU-Based Cloud Unit As Customers Fret

An anonymous reader quotes a report from The Register: In a nod to European customers' growing mistrust of American hyperscalers, Amazon Web Services says it is establishing a new organization in the region "backed by strong technical controls, sovereign assurances, and legal protections." Ever since the Trump 2.0 administration assumed office and implemented an erratic and unprecedented foreign policy stance, including aggressive tariffs and threats to the national sovereignty of Greenland and Canada, customers in Europe have voiced unease about placing their data in the hands of big U.S. tech companies. The Register understands that data sovereignty is now one of the primary questions that customers at European businesses ask sales reps at hyperscalers when they have conversations about new services.

[...] AWS is forming a new European organization with a locally controlled parent company and three subsidiaries incorporated in Germany, as part of its European Sovereign Cloud (ESC) rollout, set to launch by the end of 2025. Kathrin Renz, an AWS Industries VP based in Munich, will lead the operation as the first managing director of the AWS ESC. The other leaders, we're told, include a government security official and a privacy official – all EU citizens. The cloud giant stated: "AWS will establish an independent advisory board for the AWS European Sovereign Cloud, legally obligated to act in the best interest of the AWS European Sovereign Cloud. Reinforcing the sovereign control of the AWS European Sovereign Cloud, the advisory board will consist of four members, all EU citizens residing in the EU, including at least one independent board member who is not affiliated with Amazon. The advisory board will act as a source of expertise and provide accountability for AWS European Sovereign Cloud operations, including strong security and access controls and the ability to operate independently in the event of disruption."

The AWS ESC allows the business to continue operations indefinitely, "even in the event of a connectivity interruption between the AWS European Sovereign Cloud and the rest of the world." Authorized ESC staff who are EU residents will have independent access to a replica of the source code needed to maintain services under "extreme circumstances." The services will have "no critical dependencies on non-EU infrastructure," with staff, tech, and leadership all based on the continent, AWS said. "The AWS European Sovereign Cloud will have its own dedicated Amazon Route 53, providing customers with a highly available and scalable Domain Name System (DNS), domain name registration, and health-checking web services," the company said. "The Route 53 name servers for the AWS European Sovereign Cloud will use only European Top Level Domains (TLDs) for their own names," added AWS. "AWS will also launch a dedicated 'root' European Certificate Authority, so that the key material, certificates, and identity verification needed for Secure Sockets Layer/Transport Layer Security certificates can all run autonomously within the AWS European Sovereign Cloud."

The Register also notes that the sovereign cloud will be "supported by a dedicated European Security Operations Center (SOC), led by an EU citizen residing in the EU." That said, the parent company "remains under American ownership and may be subject to the Cloud Act, which requires U.S. companies to turn over data to law enforcement authorities with the proper warrants, no matter where that data is stored."

Out of curiosity

[Ol Olsoc]

Why doesn't the EU form it's very own EU only cloud unit - They are smarter than 'murricans, so they should;d have one as perfect as humans are capable of making.

In addition - if you don't trust anything American any more - you think that nothing is going to go back to your mortal enemies?

You need your own cloud, you need it EU only, and you need to not allow Americans access. Then your citizens will be happy and served with what they want.

Change my mind.

Re:

[dbu]

AWS’s ESC (German parent, EU-only CA, EU SOC, code escrow) delivers 99 % of the real-world sovereignty most companies need without Brussels writing a €50 billion check. If that last 1 % isn’t enough, lobby for a pan-EU hyperscaler... just don’t expect it this decade.

Re:

[JamesTRexx]

If that last 1 % isnâ(TM)t enough

Even if it's reduced to 0.0001%, as long as there's a link to Amazon itself, the Cloud Act negates any bureaucratic and technical prevention of data access from outside the EU.

Re:Out of curiosity

[hey00]

But those who aren't satisfied with the current status won't (or shouldn't, at least) be satisfied with that 99%.

When you think about moving nation-level strategic data to a cloud, it doesn't matter if the probability of it leaking to the US gov is 1% or 60%, as long as it's not 0, it's an issue.

Re:

[drinkypoo]

When you think about moving nation-level strategic data to a cloud

That's not "thinking".

If you have nation-level strategic data, you should be keeping it on your own computers, on your own network. Anything else is irresponsible, not that there is any shortage of irresponsibility in the world.

Re:

[hey00]

I agree, hence the "(or shouldn't, at least)", but tell that to my country's leaders...

Re:

[Ol Olsoc]

But those who aren't satisfied with the current status won't (or shouldn't, at least) be satisfied with that 99%.

When you think about moving nation-level strategic data to a cloud, it doesn't matter if the probability of it leaking to the US gov is 1% or 60%, as long as it's not 0, it's an issue.

Strategic data in the cloud? Zoinks, that's the same as giving it away.

Re:

[r1348]

Apparently American companies are more than willing to comply with EU policy in order to access its market.

Re:

[r1348]

I hope you realize that what AWS is doing in the EU is equivalent to the ITAR GovCloud regions already existing in the US since over a decade.

Re:

[Ol Olsoc]

Apparently American companies are more than willing to comply with EU policy in order to access its market.

So far.

Re:

[r1348]

Feel free to pull out.

Also, I don't see why so much fuss with AWS creating the EU version of the ITAR GovCloud that the US has since over a decade.
If US government and public institutions already expressed the need of having self-contained, sovereign AWS regions, why is it bad if the EU does the same?

Re:

[Ol Olsoc]

Feel free to pull out.

Also, I don't see why so much fuss with AWS creating the EU version of the ITAR GovCloud that the US has since over a decade. If US government and public institutions already expressed the need of having self-contained, sovereign AWS regions, why is it bad if the EU does the same?

I agree. An EU only cloud, not encumbered nor legally accessible by the US. A total win for the EU. Their cloud, their complete control not dependent on anything connected with the USA. The only downside I can see is they won't be able to make money by fining themselves.

Re:

[r1348]

The EU is just writing the regulation, it's not tasking a specific company to implement it.
AWS already has several commercial regions in the EU that will keep working as they always did. If they decide to implement an EU sovereign cloud, it's because they see a market in it, not because some big bad government is forcing them.

Re:

[test321]

Why doesn't the EU form it's very own EU only cloud unit

There's OVH "As of 2016 OVH owned the world's largest data center in surface area.[3] As of 2019, it was the largest hosting provider in Europe,[4][5] and the third largest in the world based on physical servers.[6] According to W3Techs, OVH has 3.4% of website data center market share in 2024.[7]" https://en.wikipedia.org/wiki/... [wikipedia.org]

Another answer to your question is simply that the EU supports free market and Europeans in general are not anti-American. The distrust is "growing" but probably not very high. If

Re:

[coofercat]

OVH Cloud has its uses (if you want to run always-on servers, it'll cost a tiny fraction of what the same would cost in AWS), but my god, it's no where near AWS in terms of features (even if you discount all the non-features AWS talks about). OVH Cloud also seem to have found a way to offer even worse support than you get from AWS.

What's more, there's a "trendy" aspect to AWS - that is, no one aspires to work with OVH Cloud, whereas people fall over themselves to get AWS Certified so they can work on AWS. I

Re:

[nicubunu]

There are multiple cloud providers inside EU, some well known are OVHcloud or Scaleway, and many countries have their own governmental clouds, this move by Amazon is trying to preempt those clouds to grow too much and threaten the American solutions.

Re:

[Ol Olsoc]

There are multiple cloud providers inside EU, some well known are OVHcloud or Scaleway, and many countries have their own governmental clouds, this move by Amazon is trying to preempt those clouds to grow too much and threaten the American solutions.

It's still an American company, and anything on it is subject to American study.

Re:

[AmiMoJo]

There are plenty of EU based cloud providers. Some multinationals want Amazon specifically though, so they can use the same software everywhere but have data kept in the EU where regulations require it.

Re:

[Ol Olsoc]

There are plenty of EU based cloud providers. Some multinationals want Amazon specifically though, so they can use the same software everywhere but have data kept in the EU where regulations require it.

Are they in power though? The EU has people in power who understand that the US is problematic. Simply enact laws excluding the megascalers, and work through the issues as the EU ends up with a better cloud.

Re:

[zmooc]

There are some attempts. Actually, there are many. Some are moderately successful (notably OVHCloud and ScaleWay) but most are amateurish at best. I think the trouble here is that the existing megascalers (Google, MicroSoft, Amazon) originated from companies that revolved about software development. For some reason, European cloud attempts are run by traditional hosting companies. They lack the software engineering culture/skills/vision required to develop well integrated and automated solutions; they appro

Re:

[Ol Olsoc]

At the same time, those half-assed cloud providers make it difficult for a more innovative software-development-driven company to enter the market. Likely, only Big Tech companies can break through this. And the thing is: Europe simply doesn't have any of them.

Due to this combination, Europe is stuck in a local minimum it will likely never escape from.

If I might go to serious mode from my not so subtle trolling of the EU folks here...

You are spot on. The EU really needs a serious big tech effort. At present, they operate in reaction mode. An American company develops a product, and while using the product - be it AWS, or Windows, or iPhones with their non-Android connectors, demand to regulate the American products.

Is there a tipping point after which the US company tells the EU to slag off?

Even at that, there is merit to building out internal t

*shrug* performative nonsense that changes nothing

[innocent_white_lamb]

It says right in the summary:

"the parent company remains under American ownership and may be subject to the Cloud Act, which requires U.S. companies to turn over data to law enforcement authorities with the proper warrants, no matter where that data is stored."

So if you want to keep your data out of reach of Big Orange, this isn't going to do it. And if you don't care, then you didn't care anyway.

It's just performance art. Nothing actually changed.

Re:

[nicubunu]

Performance and probably lobby.

Re:

[mjwx]

If data sovereignty is a serious issue (I.E. government mandated or serious legal liability) in the UK or EU you're already not using Amazon, Azure or any other American company.

Calling it performance art is a stretch, it's barely window dressing. Microsoft is at least making an effort to pretend they'll respect data sovereignty.

If you're really serious about data security you're not storing anything in any site you do not control because the final line of defence is a guy with a sledge hammer.

Re:

[coofercat]

It also does nothing to solve for the AWS services which are "global" (ie. in the US (us-east-1?)). Unless those things move out of the reach of Big Orange, then it's just a legal entity change, and not terribly useful.

In fairness though, this sort of thing will likely play out very well when the AWS sales people play golf with the CTOs. It might not cut much mustard back in the office, but that won't matter.

"national sovereignty of Greenland and Canada"

[rossdee]

"including aggressive tariffs and threats to the national sovereignty of Greenland and Canada"

Greenland and Canada aren't in EUrope, but maybe it would be good if they could join the EU

They could also be good places to host data centres and clouds.

Just like Trump promised!

[Required Snark]

All the jobs are coming back to the USA! Threats to foreign sovereign states, along with tariffs that change on a whim are bringing high tech jobs and spending back home.

All those EU citizens, German chartered corporations, and office/infrastructure will make an economic contribution to, well I guess not the American economy after all. Chalk up another win for the big fat corrupt orange bully.