Chris Farris

Early next year, AWS will launch one of the largest changes to its cloud product in decades. For the first time, they will launch a new partition, the European Sovereign Cloud (ESC), open to anyone. This article covers why you mmight want to use it, what are some of the threats to consider, mitgations, and alternatives to consider.

What is the European Sovereign Cloud?

The European Sovereign Cloud is a new AWS Partition. It will be located in Germany and run by EU nationals.

Partitions are entirely independent versions of AWS. They are logically separated, and global services such as IAM and S3 don’t work across partitions. That’s what makes them different from AWS Regions.

AWS has other partitions: AWS GovCloud, which supports US Government non-classified work; the China partitions, operated by Chinese companies for companies with a China presence; and numerous isolated partitions for classified intelligence efforts for the US and UK Governments.

Unlike other partitions, the ESC will be open to all. You do not need to be an EU-based company or resident to open an account.

This new European Sovereign Cloud will include several features designed for the European market. It will be a separate legal entity, with all operational control of the partition vested in it. Only EU citizens will be hired to manage and operate the ESC¹. Unlike the US GovCloud partition, even the billing will be completely separate from the AWS commercial partition². There will be no technical dependencies between the ESC and the commercial partition (so you’ll be immune to those biannual us-east-1 outages).

AWS outlines this as part of its digital sovereignty program.

From an enterprise perspective, this will have some interesting implications. Enterprise Discounts signed with AWS won’t necessarily apply to the ESC. Support queues will be different³, so your US-Based Technical Account Manager (TAM) won’t have visibility into support cases without engaging an ESC peer.

From a technical perspective, there will be some significant differences. IAM will not work across partitions, so cross-account role assumptions and resource policy trusts won’t work between accounts in the commercial and ESC partitions. The global S3 namespace will be different.

Why we need a European Sovereign Cloud

The ESC has been in the works long before the most recent US Presidential election. It was announced as far back as October 2023. At the time, European entities and regulators were concerned about highly sensitive workloads being operated by foreign companies. Yet they still wanted to leverage the vast innovation and speed-to-market that public cloud provides. But while AWS is clearly the most secure option, there were legitimate concerns about doing business with U.S. companies. The unstated intent of the ESC was to ensure an operational firewall between those subject to the US CLOUD Act and those operationally capable of providing the data.

As 2025 progressed, the need for a sovereign cloud for Europe has only increased. The current US Government sees a united, strong, and classically liberal Europe as a threat. The President’s agenda of grievances against his actual and perceived enemies has affected European and international institutions, including the International Criminal Court. Big Tech executives who have attached themselves to the MAGA movement are opposed to Europe’s focus on competition, privacy, and human rights. Europe can and should do more to make doing business more efficient, but these self-proclaimed masters of the technology universe believe they are above any oversight by their inferiors in Brussels.

Finally, Europe cannot rely on the United States as a defense partner anymore. The recently released National Security Strategy explicitly identifies a united Europe as a threat and will encourage and support anti-EU far-right parties. In a cyber or military conflict with Russia, it’s unclear to me if the US will support Europe, remain neutral, or actively assist Russian aggression.

Okay, but is the ESC actually secure from U.S. interference?

We already addressed the US CLOUD Act. It allows a US Court to request data in the control of a company with a US Presence. There are a few defenses there. First “Technology providers caught by the legislation can challenge legal process, if complying would create a potential conflict of laws. The CLOUD Act expressly preserves the ability of providers to challenge a legal process in US court on the basis of international comity. “

Second, the ESC’s architecture makes certain forms of information access technically impossible. The AWS Nitro system (built in Europe) makes it nearly impossible for ESC operators to access information protected by Nitro.

A more pressing concern would be a denial of availability. If the US determines that your organization is not in “the national interest” and imposes sanctions, you could find that your access to all AWS services is locked out or terminated. Sanctions would also affect your ability to conduct banking, access email, and other aspects of the global ecosystem.

<continue>

In a worst-case scenario, with an independent legal entity and operationally independent infrastructure, the EU can “seize the means of computation and storage” should the United States become a hostile power. This is not without modern precedent. After the full-scale invasion of Ukraine, Germany nationalized the assets and operations of Gazprom in its country. While this “nuclear option” would damage AWS on both sides of the Atlantic, it is an option of last resort.

The likelihood of an ESC nationalization is remote, and everyone from Brussels, Washington, Seattle, and Brandenburg knows what is at stake. That doesn’t mean that companies that the current US Government doesn’t like have nothing to fear.

The case against the European Sovereign Cloud

The primary case against the ESC is that the managing director can be replaced at any time by her bosses in Seattle. While she has a legal obligation to the ESC’s interests, she also has an incentive to keep her job. I don’t fully accept that as a reason to avoid the ESC; it is an issue that European and German lawmakers need to address. We need a law that prohibits employers from terminating employees for violating privacy or security laws. No matter how much Big Tech complains about the Digital Services Act, US companies operating in Europe are subject to the laws of Europe and its member states.

Another reason companies may not want to leverage the AWS European Sovereign Cloud is that their money and the ESC’s profits will flow back to Seattle and enrich Amazon’s shareholders. By sucking these profits out of the continent and back to North America, we are hobbling our ability to create homegrown alternatives. We are vassals on Jeff Bezos’s feudal cloud lands.

Finally, there is the question of sabotage of AWS by the US National Intelligence community. As we learned from the Snowden leaks, the US Government has several creative ways to spy on its adversaries, which Europe may now be.

Alternatives

The alternatives cited are typically the European providers. OVHCloud, Stackit, Scaleway, and Hetzner. None of these has the depth and breadth of services as a US hyperscaler. If you’re comfortable using multiple providers and sticking to containers and VMs, these might suit your needs.

The other US providers have a few ways to ensure sovereignty, depending on regulatory requirements. They partner with local companies to operate their European clouds. This is similar to AWS’s operational model in China. Azure runs National Partner Clouds in France and Germany. Bleu, a joint venture of Orange and Capgemini, operates the French version. In Germany, their National Partner Cloud is operated by an SAP subsidiary, Delos Cloud. European residents operate their general Sovereign Public Cloud, but without the same billing and logical isolation of an AWS Partition.

GCP is available in Germany through T-Systems. Oracle provides Oracle Alloy, which local partners can deploy.

The Case for the European Sovereign Cloud

The primary case I will make for using the ESC is that it is the best available technical platform, with the most independent controls. AWS runs the most secure cloud.

By creating a new legal entity to own and operate the ESC, AWS has created an independent entity that can be regulated or even nationalized with ease. By requiring EU citizens to operate the ESC and ensuring they are contractually bound to act in the ESC’s best interests, they mitigate malicious influence from both the US and the parent company, Amazon.

By creating this as a separate partition, AWS has implemented strong data residency controls, ensuring that even metadata and usage patterns are under the ESC’s control, not those of elements in Seattle or Washington.

Europe’s dependence on the United States is a complex issue that goes well beyond cloud platforms. <finish this thought>

While it predates Trump 2.0, the Draghi Report highlighted the situation thusly:

Given the dominance of US providers, the EU must find a middle way between promoting its domestic cloud industry and ensuring access to the technologies it needs.

It is too late for the EU to try and develop systematic challengers to the major US cloud providers: the investment needs involved are too large and would divert resources away from sectors and companies where the EU’s innovative prospects are better.

However, for reasons of European sovereignty, the EU should ensure that it has a competitive domestic industry that can meet the demand for “sovereign cloud” solutions. To achieve this goal, the report recommends adopting EU-wide data security policies for collaboration between EU and non-EU cloud providers, allowing access to US hyperscalers’ latest cloud technologies while preserving encryption, security and ring-fenced services for trusted EU providers. At the same time, the EU should legislate mandatory standards for public sector procurement, thereby levelling the playing field for EU companies against larger non-EU players. Outside of “sovereign” market segments, it is recommended to negotiate a low barrier “digital transatlantic marketplace”, guaranteeing supply chain security and trade opportunities for EU and US tech companies on fair and equal conditions. To make these opportunities equally attractive beyond large tech companies, SMEs on both sides of the Atlantic should benefit from the same easing of regulatory burdens for small companies that is proposed above. (The future of European competitiveness PDF - pg 34)

Links

• AWS Digital Sovereignty Pledge: Announcing a new, independent sovereign cloud in Europe by Matt Garman and Max Peterson (October, 24, 2023)
• AWS plans to invest €7.8B into the AWS European Sovereign Cloud, set to launch by the end of 2025 (May 14, 2024)
• Announcing initial services available in the AWS European Sovereign Cloud, backed by the full power of AWS (July 3, 2024)
• Built, operated, controlled, and secured in Europe: AWS unveils new sovereign controls and governance structure for the AWS European Sovereign Cloud (June 03, 2025)
• Introducing the Overview of the AWS European Sovereign Cloud whitepaper (November 5, 2025)
• Embracing our broad responsibility for securing digital infrastructure in the European Union (December 10, 2025
• Amazon Corporate Website: Law Enforcement Information Requests
• AWS Website: Overview of the AWS European Sovereign Cloud

News Coverage

• The Atlantic: The Longest Suicide Note in American History (Dec 16, 2025)
• The Guardian: How Amazon turned our capitalist era of free markets into the age of technofeudalism (November 27, 2025)
• The Register: Europe’s cloud customers eyeing exit from US hyperscalers (April 17, 2025)
• The Register: Europe gets serious about cutting digital umbilical cord with Uncle Sam’s big tech (Dec 22, 2025)