Amazon Web Services (AWS) has announced its much-publicized “AWS European Sovereign Cloud,” a supposedly sovereign cloud designed specifically for Europe, operated exclusively by EU citizens, from locations within the EU, and under community jurisdiction. They promise “zero reliance on non-European infrastructure” and claim it will be a fully independent platform tailored for public and regulated sectors that require maximum data protection.
The launch is scheduled for late 2025, with an investment of €7.8 billion until 2040. But the big question remains: can a U.S.-based company, subject to U.S. federal law, truly offer digital sovereignty in Europe?
Sovereignty or legal window dressing?
Digital sovereignty is unequivocal: it’s a country or region’s ability to fully control its data, digital infrastructure, and critical systems without external interference. In this context, AWS’s announcement, although ambitious, raises skepticism among cybersecurity experts, digital policy specialists, and critical infrastructure regulators.
No matter if a separate legal entity is created in Europe, AWS remains a subsidiary of Amazon.com, Inc., headquartered in Seattle, and therefore subject to laws like the 2018 Cloud Act. This federal law allows the U.S. government to access data stored by American companies, even if the data is physically located on servers outside the U.S.
“They can hire only European citizens and operate from data centers in the EU, but that doesn’t change the fundamental fact: they still answer to a U.S. parent company,” says David Carrero, cloud infrastructure expert and co-founder of Stackscale (Aire Group).
The paradox of delegated sovereignty
In their official statement, AWS promises:
- 100% of operational staff with European citizenship
- Infrastructure fully located within the EU
- Technical access and support only by EU citizens
- “Independent” operational control
However, the ultimate legal control is not transferred, because it cannot be transferred without AWS fully disentangling from Amazon—which is not on the table. This presents a paradox: can a foreign company offer sovereignty without ceding ownership or governance?
Even if the European entity acts as a “separate company,” experts warn that there is no absolute shield against extraterritorial pressures. Moreover, the history of collaboration between tech giants and U.S. security agencies fuels distrust, especially among European governments, critical businesses, and organizations handling sensitive data.
Europe reacts: beyond marketing
AWS’s move comes at a sensitive time. The EU has been promoting digital autonomy through projects like GAIA-X, and some governments are beginning to demand that strategic data be stored in infrastructures under European control. AWS’s announcement appears to be a direct response to this trend, trying to retain market share amid more stringent regulations.
But many local actors remind us that real control is achieved through regulation and legal sovereignty, not internal company policies. Companies like OVHcloud (France), T-Systems (Germany), and Stackscale (Spain) and (Netherlands) already offer 100% European cloud solutions, where not only personnel and infrastructure but also capital and governance are fully European.
“Creating a European bubble within a U.S. giant isn’t digital sovereignty, it’s conditional sovereignty,” industry sources add.
Innovation or institutional market capture?
AWS’s new proposal is also seen as an attempt to capture the European institutional market, which has been more cautious about relying on foreign platforms for critical services like government, healthcare, justice, or defense.
By offering “the same innovation power as AWS but with sovereignty,” the company aims for the best of both worlds: maintain global control while aligning with European regulatory frameworks. However, critics warn of a potential false sense of independence and call for increased transparency regarding the project’s governance.
Frequently Asked Questions (FAQs)
What is the Cloud Act, and how does it affect U.S. tech clouds?
The Cloud Act allows the U.S. government to request access to data stored by U.S. companies, regardless of where the servers physically are. This challenges the actual sovereignty of data hosted by foreign subsidiaries.
What makes a cloud truly sovereign?
A sovereign cloud is operated, governed, and controlled entirely from and by entities within the country or region. This includes personnel, infrastructure, ownership, and legal jurisdiction—all under local legal frameworks.
Can AWS circumvent U.S. laws with this new cloud?
No. Even if they establish a legally separate entity operated by Europeans, AWS remains a part of Amazon.com, Inc., and thus cannot evade responsibilities under U.S. legislation like the Cloud Act.
Are there genuinely sovereign options available in Europe?
Yes. Companies such as OVHcloud, T-Systems, Stackscale, Scaleway, Arsys, Oasix, Aruba Cloud, among others, offer cloud services where ownership, location, control, and jurisdiction are fully European.
Critical conclusion:
Although the AWS European Sovereign Cloud project marks an interesting step toward localizing cloud services, sovereignty isn’t bought with a press release or guaranteed by European passports. True digital independence demands more than good intentions: it requires full legal and operational control, which no company bound by U.S. legislation can fully deliver.
More info in AWS.