Amazon Web Services (AWS) has launched its AWS European Sovereign Cloud, a new “independent” cloud for Europe that, according to the company, will be completely located within the European Union and physically and logically separated from other AWS Regions. The announcement, made at the start of 2026, comes at a time when the term digital sovereignty has shifted from a political slogan to an operational requirement in regulated sectors: public administration, healthcare, finance, defense, or telecommunications.
AWS claims its offering is a direct response to the most stringent requirements for data residency and control, enabling European organizations to access a broad portfolio of cloud and AI services without sacrificing additional guarantees. “Europe needs access to the most robust cloud and AI technology,” stated Stéphane Israël, managing director of the project, emphasizing that customers want “the best of both worlds”: innovation and operational sovereignty under European governance.
A cloud with “European operation” and code replication for continuity
The design of the AWS European Sovereign Cloud revolves around three core technical promises that AWS reiterates as its central argument:
- European operational autonomy: operation managed by residents within the EU, with no critical dependencies outside the territory and capable of functioning “indefinitely” even if communication with the outside is interrupted. In a particularly sensitive point, AWS indicates that authorized personnel would have access, under exceptional circumstances, to a replica of the source code necessary to maintain the services.
- Full residency of data and metadata: AWS ensures that not only data, but also metadata (roles, permissions, tags, configurations), along with sovereign systems for IAM, billing, and usage measurement, will be maintained within the EU.
- Technical and compliance controls: the service relies on AWS Nitro as a security perimeter to strengthen access restrictions, along with encryption, key management, and hardware security modules. AWS also introduces a specific framework, ESC-SRF, which is presented as third-party validated to demonstrate sovereignty guarantees.
At the same time, AWS claims to have established a governance structure in Europe, with a new headquarters and subsidiaries in Germany, and an advisory council with European members, aiming to reinforce operational independence within the framework of EU law.
Germany as the starting point and expansion to Portugal, Belgium, and the Netherlands
The AWS European Sovereign Cloud initiative begins with an initial Region in Brandenburg (Germany) and plans to extend its footprint with Sovereign Local Zones in Portugal, Belgium, and the Netherlands, tailored for low-latency requirements and data residency in specific locations.
AWS also links deployment to investment: corporate communication mentions over €7.8 billion committed in Germany for this initiative, in addition to the economic impact estimated by the company.
On the institutional side, Spain’s Secretary of State for Digitalization and Artificial Intelligence, María González Veracruz, positively valued AWS’s commitment to Europe, aligning it with data governance policies that promote a “reliable, useful, productive, and ethical” AI.
Controversy persists: technical sovereignty versus legal sovereignty
The debate becomes uncomfortable for any “sovereign cloud” operated by a non-European multinational regarding legal sovereignty. The discussion has been ongoing for years due to the extraterritorial effect of US laws — notably the CLOUD Act — and concerns that US authorities could demand access to data managed by American companies, even if stored outside the country.
Reuters frames the launch specifically as a response to European concerns over such legal access, emphasizing that the service aims to be physically and legally separated from the rest of US infrastructure and will be overseen by a German entity with EU citizen staff.
This leads to market criticism: a cloud may be “in Europe” and operated by European staff, but if its ultimate owner and corporate perimeter remain non-EU, the idea of full sovereignty is questionable. Practically, for many organizations, “sovereignty” breaks down into several layers: where data resides, who operates the platform, who governs it, and — most importantly — which jurisdictions can impose obligations.
Comparative table: what “sovereignty” usually means in the cloud (and where models diverge)
| Sovereignty Dimension | What is sought | AWS European Sovereign Cloud approach (according to AWS) | Typical European “pure” provider approach (ownership and headquarters in EU) |
|---|---|---|---|
| Data residency | Data and ideally metadata within the EU | Data and metadata within the EU; sovereign IAM, billing, and measurement systems | Usually data and control within the EU |
| Operation | Personnel, support, and SOC under European control | Operated by EU residents and separated from other Regions | Local/EU operation by default |
| Technical isolation | Logical/physical separation and continuity | Separate Region; continuity even with communication outages; code replica for operation | Design-dependent; generally simpler but with less “hyperscale” |
| Legal jurisdiction and corporate control | Minimize exposure to extracommunity laws | AWS claims a European governance structure; debate remains as it is a US-based group | Lower exposure by not relying on a non-EU parent company |
| Service catalog | Access to advanced services, including AI | Over 90 initial services; APIs and architecture aligned with AWS | Generally more limited catalog but growing in niche and regulated areas |
This table summarizes the expectation mismatch: AWS attempts to combine operational sovereignty and enhanced controls with its attractive service catalog. Critics argue that for highly sensitive use cases, full sovereignty also requires corporate independence and minimizing any dependency outside the EU.
A strategic contest over AI, data centers, and trust
AWS’s move can also be viewed as part of a larger contest. Sovereignty is no longer just about privacy; it’s a competitiveness factor for AI projects, especially when data is the fuel and regulatory compliance is the entry toll. Europe aims to prevent its digital transformation from being exclusively dependent on external infrastructure.
In this race, AWS has chosen to address sovereignty not only with regulatory documents but also via “parallel” infrastructure and a narrative of independence. The key question for clients and regulators is how much weight each layer will carry: whether technical controls and local governance will suffice or if sovereignty will inevitably be linked to ownership, jurisdiction, and supply chain.
Frequently Asked Questions
What exactly is the AWS European Sovereign Cloud, and how does it differ from an AWS Region in the EU?
It is presented as an independent cloud within the EU, physically and logically separated from other Regions, operated by European residents, with sovereign systems for metadata, IAM, and billing.
What role do the “Sovereign Local Zones” announced in Portugal, Belgium, and the Netherlands play?
They are infrastructure extensions designed for data residency and low latency requirements in specific locations, integrated into AWS’s sovereign approach.
Why does the debate over sovereignty persist if data resides in Europe?
Because sovereignty isn’t just about location; it also involves applicable jurisdiction, corporate control, and potential legal obligations outside the EU that could affect providers with non-EU parent companies.
What should regulated companies request before migrating sensitive workloads to a “sovereign cloud”?
Audit-proof evidence of data and metadata residency, operational and support conditions, contractual guarantees, governance models, encryption key control, and clarity on legal and jurisdictional boundaries.