- AWS European Sovereign Cloud›
- Compliance
AWS European Sovereign Cloud Compliance
Overview
The AWS European Sovereign Cloud compliance programme helps customers to understand the robust controls in place within the AWS European Sovereign Cloud to maintain security and compliance. The AWS European Sovereign Cloud is designed to help public sector and regulated industry customers in Europe to host sensitive data and critical workloads while meeting stringent data residency and operational autonomy requirements.
The AWS European Sovereign Cloud: Sovereign Reference Framework (ESC-SRF) aligns sovereignty criteria across key domains including governance independence, operational control, data residency and technical isolation, providing a structured foundation for compliance programmes. This enables customers with enhanced sovereignty requirements to establish and operate within a secure, compliant AWS control environment designed specifically to meet stringent European Union digital sovereignty standards.
Compliance programmes
Compliance with European laws, regulations and privacy programmes relevant to sovereign cloud operations. AWS European Sovereign Cloud customers remain responsible for complying with applicable compliance laws, regulations and privacy programs in their jurisdictions.
Published security or compliance requirements designed for specific European regulatory purposes, industries or functions operating within the sovereign cloud environment.
At AWS, customer trust is our top priority. We deliver services to millions of active customers, including enterprises, educational institutions and government agencies in over 190 countries. Thousands of customers who are subject to GDPR use AWS services for these types of workloads. We have achieved internationally-recognized certifications and accreditations, demonstrating compliance with rigorous international standards.
Services in scope for the AWS European Sovereign Cloud
We include generally available AWS European Sovereign Cloud services in our compliance scope based on expected use cases, customer feedback and demand. Services not currently listed in scope can still be used within the sovereign cloud environment. Under the Shared Responsibility Model, your organisation must assess whether a service will process or store customer data and evaluate its impact on your compliance posture within the data residency and operational autonomy framework of the AWS European Sovereign Cloud.
This section provides a list of AWS services in scope of AWS European Sovereign Cloud assurance programmes. Unless specifically excluded, generally available features of each of the services deployed in the AWS European Sovereign Cloud are considered in scope of the assurance programmes, and are reviewed and tested at the next opportunity for assessment. Refer to the AWS Documentation for the features of an AWS service available in the European Sovereign Cloud.
Services in scope
✓ = This service is currently in scope and is reflected in current reports. For more specific details on status, please refer to each compliance programme tab below.
|
SERVICES/PROGRAMMES
|
SOC
|
ISO 27001
|
|---|---|---|
|
Amazon API Gateway
|
✓ |
✓ |
|
Amazon Athena
|
✓ |
✓ |
|
Amazon Bedrock [excludes Amazon Bedrock Marketplace]
|
✓ |
✓ |
|
Amazon CloudWatch
|
✓ |
✓ |
|
Amazon Cognito
|
✓ |
✓ |
|
Amazon Data Firehose
|
✓ |
✓ |
|
Amazon DynamoDB
|
✓ |
✓ |
|
Amazon Elastic Block Store (EBS)
|
✓ |
✓ |
|
Amazon Elastic Compute Cloud (EC2)
|
✓ |
✓ |
|
Amazon Elastic Container Registry (ECR)
|
✓ |
✓ |
|
Amazon Elastic File System (EFS)
|
✓ |
✓ |
|
Amazon Elastic Kubernetes Service (EKS)
|
✓ |
✓ |
|
Amazon ElastiCache
|
✓ |
✓ |
|
Amazon Elastic MapReduce (EMR)
|
✓ |
✓ |
|
Amazon EventBridge
|
✓ |
✓ |
|
Amazon EC2 Auto Scaling
|
✓ |
✓ |
|
Amazon FSx
|
✓ |
✓ |
|
Amazon GuardDuty
|
✓ |
✓ |
|
Amazon Kinesis Data Streams
|
✓ |
✓ |
|
Amazon Managed Service for Apache Flink
|
✓ |
✓ |
|
Amazon Managed Streaming for Apache Kafka
|
✓ |
✓ |
|
Amazon Neptune
|
✓ |
✓ |
|
Amazon OpenSearch Service
|
✓ |
✓ |
|
Amazon Relational Database Service (RDS)
|
✓ |
✓ |
|
Amazon Redshift
|
✓ |
✓ |
|
Amazon Route 53
|
✓ |
✓ |
|
Amazon SageMaker AI [excludes Studio Lab, Public Workforce and Vendor Workforce for all features]
|
✓ |
✓ |
|
Amazon Simple Email Service (SES)
|
✓ |
✓ |
|
Amazon Simple Notification Service (SNS)
|
✓ |
✓ |
|
Amazon Simple Queue Service (SQS)
|
✓ |
✓ |
|
Amazon Simple Storage Service (S3)
|
✓ |
✓ |
|
Amazon Simple Workflow Service (SWF)
|
✓ |
✓ |
|
Amazon Virtual Private Cloud (VPC)
|
✓ |
✓ |
|
AWS Artifact
|
✓ |
✓ |
|
AWS Backup
|
✓ |
✓ |
|
AWS Batch
|
✓ |
✓ |
|
AWS Certificate Manager (ACM)
|
✓ |
✓ |
|
AWS Cloud Map
|
✓ |
✓ |
|
AWS CloudFormation
|
✓ |
✓ |
|
AWS CloudTrail
|
✓ |
✓ |
|
AWS CodeDeploy
|
✓ |
✓ |
|
AWS Config
|
✓ |
✓ |
|
AWS Control Tower
|
✓ |
✓ |
|
AWS Database Migration Service (AWS DMS)
|
✓ |
✓ |
|
AWS DataSync
|
✓ |
✓ |
|
AWS Direct Connect
|
✓ |
✓ |
|
AWS Directory Service [excludes Simple AD]
|
✓ |
✓ |
|
AWS Glue
|
✓ |
✓ |
|
AWS Health Dashboard
|
✓ |
✓ |
|
AWS Identity and Access Management (IAM)
|
✓ |
✓ |
|
AWS Key Management Service (KMS)
|
✓ |
✓ |
|
AWS Lake Formation
|
✓ |
✓ |
|
AWS Lambda
|
✓ |
✓ |
|
AWS Licence Manager
|
✓ |
✓ |
|
AWS Organizations
|
✓ |
✓ |
|
AWS Private Certificate Authority
|
✓ |
✓ |
|
AWS Resource Access Manager (RAM)
|
✓ |
✓ |
|
AWS Secrets Manager
|
✓ |
✓ |
|
AWS Security Hub CSPM
|
✓ |
✓ |
|
AWS Shield
|
✓ |
✓ |
|
AWS Step Functions
|
✓ |
✓ |
|
AWS Storage Gateway
|
✓ |
✓ |
|
AWS Systems Manager
|
✓ |
✓
|
|
AWS Transfer Family
|
✓ |
✓ |
|
AWS WAF
|
✓ |
✓ |
|
AWS X-Ray
|
✓ |
✓ |
|
Elastic Load Balancing (ELB)
|
✓ |
✓ |
|
EC2 Image Builder
|
✓ |
✓ |
For information about AWS's comprehensive global compliance programmes across all AWS Regions and services, visit the AWS Compliance Programmes page