Last week, Amazon Web Services (AWS) announced a new independent cloud offering aimed at easing concerns about digital sovereignty among European customers. While many see it as a step toward better compliance with local regulations, questions remain about how much control it truly provides. The AWS European Sovereign Cloud is designed to give businesses in Europe more confidence that their data stays within regional borders and under local laws.

What the European Sovereign Cloud Offers

The new cloud service is based on a data center in Brandenburg, Germany. AWS has plans to expand with additional facilities in Belgium, the Netherlands, and Portugal. It provides access to about 90 AWS services, but is built to be separate from AWS’s existing global cloud regions. AWS says it’s both physically and logically isolated, with a new legal entity managing it under a different governance model.

This new company is incorporated in Germany and run solely by EU residents. Its governance structure is led by EU citizens who are bound to follow European laws. AWS emphasizes that the service has no critical dependencies on non-EU infrastructure and is designed to keep operating even if there’s a communication disruption with the rest of the world.

Questions About Actual Sovereignty and Risks

Despite these assurances, the fact that the German subsidiary is still owned by AWS, a US company, raises concerns. Experts point out that this ownership structure leaves some risks unaddressed. For example, the US Cloud Act of 2018 could still require AWS to hand over customer data stored in Europe if US authorities request it. This means that, legally, data could be accessed or shared across borders despite the separate infrastructure.

Another concern is the impact of US sanctions. If a European business using AWS services were targeted by US sanctions, AWS might be forced to block access or restrict services, even if the data and operations are based in Europe. There are recent examples of such scenarios, like the International Criminal Court being cut off from Microsoft applications following US sanctions, or Venezuelan customers being blocked by Adobe in line with US policies. In a similar vein, Microsoft temporarily restricted access for an Indian energy company last year.

The creation of a separate legal entity is meant to reduce these risks, but experts say it’s not clear how effective this will be in practice. Many believe that legal challenges will need to be tested in court before any definitive protections are confirmed. The ownership structure and jurisdiction are critical factors, and the current setup may not fully shield European data from US legal reach.

Overall, AWS’s European Sovereign Cloud is seen as a move in the right direction for European businesses seeking more control over their data. However, it’s not a complete solution to sovereignty concerns. Companies and regulators will need to keep a close eye on how these legal and operational boundaries hold up over time. For now, it represents one of several options available for European organizations to meet their compliance needs while navigating the complex landscape of international data laws.

Inspired by

• https://www.computerworld.com/article/4118639/aws-european-cloud-service-launch-raises-questions-over-sovereignty.html

Sources

• businesswire.com