Frequently Asked Questions

The AWS European Sovereign Cloud, a new, independent cloud for Europe, designed to help public sector organisations and customers in highly regulated industries meet their evolving sovereignty needs. The AWS European Sovereign Cloud will be the only fully-featured, independently operated sovereign cloud, backed by strong technical controls, sovereign assurances and legal protections. We’re designing the AWS European Sovereign Cloud to be separate and independent from our existing AWS Regions, with infrastructure located wholly within the European Union (EU), with the same security, availability and performance that our customers get from existing AWS Regions today. As with all current Regions, customers using the AWS European Sovereign Cloud will benefit from the full power of AWS with the same familiar architecture, expansive service portfolio and APIs that millions of customers use today.

To deliver enhanced operational autonomy and resilience within the EU, only personnel who are EU residents, located in the EU, will have control of day-to-day operations, including access to the data centres, technical support and customer service of the AWS European Sovereign Cloud. We are gradually transitioning the AWS European Sovereign Cloud to be operated exclusively by EU citizens located in the EU. During this transition period, we will continue to work with a blended team of EU residents and EU citizens located in the EU. 

The AWS European Sovereign Cloud is set to launch its first AWS Region in Germany by the end of 2025.

The first AWS Region of the AWS European Sovereign Cloud will be located in the State of Brandenburg, Germany. Learn more in the blog, AWS plans to invest €7.8 billion into the AWS European Sovereign Cloud.

The AWS European Sovereign Cloud is open to all customers, including customers who, due to challenges like specific requirements for data residency and operational autonomy, have either not been able to begin their cloud journey yet or not been able to move some of their more sensitive workloads.

The AWS European Sovereign Cloud infrastructure will be entirely located within the EU, physically and logically separate from other AWS Regions, and will operate as an independent cloud for Europe. AWS is committed to independent and continuous operations; the AWS European Sovereign Cloud will have no critical dependencies on non-EU infrastructure. The AWS European Sovereign Cloud will offer operational autonomy and enhanced data residency.

In addition to independent infrastructure, there will be zero operational control outside of EU borders; the AWS European Sovereign Cloud will be operated entirely by EU residents, located in the EU. We are gradually transitioning the AWS European Sovereign Cloud to be operated exclusively by EU citizens located in the EU. Only AWS employees, residing in the EU, will control day-to-day operations, including access to data centres, technical support and customer service for the AWS European Sovereign Cloud.

The AWS Global Cloud Infrastructure is a secure, extensive and reliable cloud infrastructure, offering over 200 fully featured services from data centres globally. Millions of companies around the world rely and trust existing AWS Regions to host their most-sensitive and regulated data in the cloud. The AWS European Sovereign Cloud will provide the same level of security and reliability but is designed to be independent from existing AWS Regions and with operations located wholly within the EU. The AWS European Sovereign Cloud will provide additional sovereignty controls to help customers meet enhanced data residency and operational control requirements.

The AWS European Sovereign Cloud will provide customers with the capability to meet stringent operational autonomy and data residency requirements. To deliver enhanced data residency and operational control within the EU, the AWS European Sovereign Cloud infrastructure will be operated independently from existing AWS Regions. To assure independent operation of the AWS European Sovereign Cloud, only personnel who are EU residents, located in the EU, will have control of day-to-day operations, including access to data centres, technical support and customer service. We are gradually transitioning the AWS European Sovereign Cloud to be operated exclusively by EU citizens located in the EU. 

When launching a new Region, we start with the core services needed to support critical workloads and applications and then continue to expand our service catalogue based on customer and partner demand. The AWS European Sovereign Cloud will initially feature services from a range of categories, including, but not limited to:

• Artificial intelligence: Amazon SageMaker, Amazon Q, Amazon Bedrock
• Compute: Amazon EC2, AWS Lambda
• Containers: Amazon Elastic Kubernetes Service (Amazon EKS), Amazon Elastic Container Service (Amazon ECS)
• Database: Amazon Aurora, Amazon DynamoDB, Amazon Relational Database Service (Amazon RDS)
• Security AWS Key Management Service (AWS KMS), AWS Private Certificate Authority
• Storage – Amazon Simple Storage Service (Amazon S3) and Amazon Elastic Block Store (Amazon EBS)

Read the blog post for more details the AWS European Sovereign Cloud services roadmap. Additional services will be added based on customer demand and compliance requirements.

No, customers who have an existing AWS account will need to create a new account to use the AWS European Sovereign Cloud. Accounts for the AWS European Sovereign Cloud are independent and not interoperable with other AWS Regions

No, there are no special requirements to sign up for an account or use the AWS European Sovereign Cloud.

Yes, AWS provides a wide range of resources, programs, and AWS Partners to help customers adopt the cloud effectively. From lifting and shifting workloads to migrating entire data centers, customers get the organisational, operational, and technical capabilities needed for a successful migration to AWS. For example, we offer the AWS Cloud Adoption Framework (AWS CAF) to provide best practices for organisations to develop an efficient and effective plan for cloud adoption, and AWS Migration Hub to help assess migration needs, define migration and modernisation strategy, and leverage automation.

Cost-management tooling, bills and the console interface will provide a euro currency (EUR) experience. Depending on the customers’ location, they will also be able to make payments in EUR or their preferred currency.

To ensure a consistent experience for all European customers, the AWS contracting party for all AWS accounts in the AWS European Sovereign Cloud associated with a customer location in the EU will be Amazon Web Services EMEA SARL (‘AWS Europe’), with its principal place of business in Luxembourg.

The management team leading the new parent company of the AWS European Sovereign Cloud will include the managing director and a government security and privacy official, who will all be EU citizens residing in the EU. AWS vice president and EU citizen, Kathrin Renz, will serve as the first managing director of a new company established for the AWS European Sovereign Cloud. Renz is a German national who brings deep global and European expertise to the position with more than two decades of experience in the global technology sector, including key roles in European technology and large enterprises. Based in Germany and acting as the most senior leader of the AWS European Sovereign Cloud, Renz will be legally bound to act in the best interest of the AWS European Sovereign Cloud and will be responsible for overseeing decisions related to corporate governance, compliance and security, while ensuring the AWS European Sovereign Cloud complies with all applicable laws and regulations in Germany and the EU. Find out more in our blog post.

The AWS European Sovereign Cloud infrastructure will be entirely located within the EU, physically and logically separate from other AWS Regions, and will operate as an independent cloud for Europe. With a commitment to independent and continuous operations, the AWS European Sovereign Cloud will have no critical dependencies on non-EU infrastructure. There will be zero operational control outside of EU borders; the AWS European Sovereign Cloud will be operated entirely by residents of Europe. Only AWS employees, residing in the EU, will control day-to-day operations, including access to data centres, technical support and customer service for the AWS European Sovereign Cloud. We are gradually transitioning the AWS European Sovereign Cloud to be operated exclusively by EU citizens located in the EU. During this transition period we will continue to work with a blended team of EU residents and EU citizens located in the EU. 

The AWS European Sovereign Cloud will have dedicated networking infrastructure and connectivity from European providers, as well as sovereign Points of Presence for direct network connection to the AWS European Sovereign Cloud, via AWS Direct Connect, allowing customers to have an autonomous connection to the AWS European Sovereign Cloud. The AWS European Sovereign Cloud will have its own dedicated Amazon Route 53, providing customers with a highly available and scalable Domain Name System (DNS), domain name registration, and health-checking web services. The Route 53 name servers for the AWS European Sovereign Cloud will only use European Top Level Domains (TLDs) for their own names.

The AWS European Sovereign Cloud is operated only by personnel who are European Union (EU) residents located in the EU, subject to EU law. Based on evolving customer requirements for digital sovereignty in Europe, we are adding EU citizenship to our hiring requirements for AWS European Sovereign Cloud employees operating the cloud. Our EU citizen personnel will work from EU locations subject to EU law, as before.

The AWS European Sovereign Cloud is designed to provide customers with an autonomous cloud that operates independently in Europe, for Europe. Replicating a broadly practised mitigation mechanism that is established in EU institution and government hiring practices, operational control and access will be restricted to EU citizens located in the EU to ensure that all operators have enduring ties to the EU and to meet the needs of our customers and partners.

To assure independent operation of the AWS European Sovereign Cloud, these new hiring requirements will apply to personnel who will have control of day-to-day operations, including access to data centres, technical support and customer service. As we make this change, we will continue to work as a blended team of EU residents and EU citizens, with all personnel working from EU locations, before gradually completing our transition to EU citizen operations for the AWS European Sovereign Cloud.

An AWS Region is a physical geographical location where we have a cluster of data centres. Each Region is made up of separate and discrete locations known as Availability Zones (AZs), which refer to data centre infrastructure in separate and distinct geographical locations with enough distance to significantly reduce the risk of a single event impacting availability, yet near enough for business continuity applications that require rapid failover. Each AZ has independent power, cooling and physical security, and is connected to national backbone networks via high-speed fibre-optic networks.

AWS builds data centres in multiple geographical regions as well as across multiple Availability Zones within each region to offer maximum resiliency against system disruptions. AWS designs its data centres with significant excess bandwidth connections so that if a major disruption occurs, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites, minimising the impact on customers.

Though separate, the AWS European Sovereign Cloud will offer the same industry-leading architecture built for security and availability as other AWS Regions. This will include multiple Availability Zones (AZs), infrastructure that is placed in separate and distinct geographic locations, with enough distance to significantly reduce the risk of a single event impacting customers’ business continuity. Each AZ will have multiple layers of redundant power and networking to provide the highest level of resiliency. All AZs in the AWS European Sovereign Cloud will be interconnected with fully redundant, dedicated metro fibre, providing high-throughput, low-latency networking between AZs. All traffic between AZs will be encrypted.

Customers who need more options to address stringent isolation and in-country data residency needs will be able to leverage AWS Dedicated Local Zones or AWS Outposts to deploy AWS European Sovereign Cloud infrastructure in locations they select.

Yes, security has always been our top priority. AWS has a proven track record of innovation to address specialised workloads around the world. To meet additional data residency, operational autonomy and resiliency needs in Europe, AWS is collaborating closely with European regulators and national cybersecurity agencies to build the AWS European Sovereign Cloud.

Across AWS, you’ll see that the same security isolations are employed as would be found in a traditional data centre. These include physical data centre security, separation of the network, isolation of the server hardware and isolation of storage.

We have a shared responsibility model with the customer; AWS manages and controls the components from the host operating system and virtualisation layer down to the physical security of the facilities in which the services operate, and AWS customers are responsible for building secure applications. We provide a wide variety of best practices documents, encryption tools and other guidance our customers can leverage in delivering application-level security measures. In addition, AWS partners offer hundreds of tools and features to help customers to meet their security objectives, ranging from network security, configuration management, access control and data encryption.

The AWS European Sovereign Cloud will be secured by a dedicated European Security Operations Centre (SOC) that mirrors our global security practices. Security is foundational to digital sovereignty and AWS is architected to be the most secure global cloud infrastructure on which to build, migrate and manage applications and workloads. AWS has always been secure by design, defining industry-leading practices, technologies and controls that are deeply integrated across all layers, from the physical data centres to the network design and service architectures, ensuring robust security and data protection for customers’ applications and data. To bring these trusted solutions and operations to customers of the AWS European Sovereign Cloud, we will extend our security operations to the dedicated SOC. This SOC will be supported by a dedicated security leader who will be an EU citizen residing in the EU. The security leader will be responsible for advising the managing director and supporting customers and regulators in Europe on security-related matters.

The AWS European Sovereign Cloud is designed to help customers meet their digital sovereignty requirements, including data residency within the EU, operational autonomy, and management by EU-based personnel. However, regulatory requirements can vary depending on your country, jurisdiction, industry or use case. While the AWS European Sovereign Cloud provides tools to support compliance, we recommend customers work closely with their compliance and security teams to ensure all applicable requirements are met for their particular situation.

As with all existing AWS Regions, the AWS European Sovereign Cloud will provide customers with control over the storage, transfer and encryption of their data to meet their data sovereignty needs. With AWS European Sovereign Cloud, AWS is going further and enabling customers to keep all the metadata they create (such as the roles, permissions, resource labels and configurations that they use to run AWS) in the EU. Because the AWS European Sovereign Cloud is an independent AWS Region, no customer-created metadata will leave the Region without customer permission. The AWS European Sovereign Cloud also has independent Identity and Access Management, billing and metering systems.

The AWS European Sovereign Cloud will maintain key certifications such as ISO/IEC 27001:2013, SOC 1/2/3 reports, and BSI C5 attestation, all validated regularly by independent auditors to assure our controls are designed appropriately, operate effectively and help customers satisfy their compliance obligations.

The SRF is a comprehensive set of technical, legal and operational sovereignty controls that were developed from the sovereignty expectations of our customers, requirements of regulatory bodies across the EU, industry-leading framework guidance and the needs of our implementation partners. With the SRF, AWS will demonstrate adherence to sovereignty expectations and enable verifiable trust in a consistent and repeatable manner to customers and regulators through control implementation across services and operations creating auditable evidence.

Yes, AWS commits to independent third-party audits and attestations of the AWS European Sovereign Cloud controls based on the SRF. Customers will have access to assurance reports via AWS Artifact, ensuring full traceability of control design and operating effectiveness.

Yes, AWS will include details about the security controls in our official compliance reports (SOC reports) for the AWS European Sovereign Cloud. These controls were developed based on the SRF to meet sovereignty requirements. The SRF encompasses requirements across multiple domains including operational continuity, data security, access management and infrastructure independence.    

The SRF is industry and sector agnostic, as it’s written to address fundamental sovereignty needs and expectations at the foundational layer of our cloud offerings.

Yes, we are committed to earning customers’ trust with verifiable control over customer content access and increased transparency. We engaged NCC Group, a leading cybersecurity consulting firm to conduct an architecture review of our security claims of the AWS Nitro System and produce a public report. The report confirms that the AWS Nitro System, by design, has no mechanism for anyone at AWS to access your content on Nitro hosts. Find out more by reading our blog post.

The AWS European Sovereign Cloud will provide customers with access to a wide range of Software as a Service (SaaS) and Independent Software Vendor (ISV) offerings through AWS Marketplace, a curated digital catalogue that makes it convenient to find, test, buy and deploy third-party software. Find out more in our blog post. These partner solutions will span key categories including Data & Analytics, Observability & Process Management, Integration & DevOps, AI & Machine Learning, and Security & Identity Management. All solutions are specifically designed to operate within EU boundaries while inheriting the robust security controls and operational independence of the AWS European Sovereign Cloud infrastructure, enabling customers to take full advantage of AWS's breadth and depth while maintaining European sovereignty requirements. Find out more about partner solutions in our blog post.

Yes, AWS Digital Sovereignty Competency Partners specialise in addressing customers’ digital sovereignty requirements while leveraging AWS services and controls. These partners are a community of validated AWS Partners with advanced AWS sovereignty experience, capabilities and services.

Yes, AWS and AWS Migration Competency Partners have helped thousands of organisations migrate to the cloud with a proven approach to help achieve business objectives faster. From assessing and planning, to executing the actual migration, AWS and AWS Partners have the most mature tools and resources to help ensure that you have success both during your migration and as you operate on the cloud.