Today, AWS announced that the AWS European Sovereign Cloud is now generally available. But that’s not all. To emphasize that it means business, it also announced three Local Zones spread across Europe. Together, this new offering should enable European organizations to have complete control over their own data.
The AWS European Sovereign Cloud is a new type of cloud region. The region that is now generally available does not replace existing AWS regions in Europe, but offers all the functionality that is also available in existing regions, while being completely separate from those ‘normal’ regions. AWS has established the European Sovereign Cloud region in Berlin/Potsdam.
Read also: European Sovereign Cloud: how is AWS taking on the competition?
AWS European Sovereign Cloud is a European organization
The European Sovereign Cloud is part of a completely new German parent company. It is therefore not a direct subsidiary of the American parent company. The parent company also has several subsidiaries. One focuses on infrastructure, one deals with certificate management, and one operates as the employer of all European staff for the AWS European Sovereign Cloud.
You can think of it as an independently operating company that purchases from AWS. This implies that it also has its own financial policy and financial management. In other words, the revenue it generates remains with this parent company and does not flow to the headquarters in the US, even though it will ultimately end up in Amazon.com’s quarterly and annual figures. After all, Amazon is and remains the ultimate owner of AWS European Sovereign Cloud GmbH.
Physical, technical, and logical separation
In terms of its corporate structure, the European Sovereign Cloud is therefore completely separate from the regular cloud regions. Things like IAM and DNS are examples of services that AWS has redeveloped and redesigned specifically for the new sovereign cloud. It will also have its own European SOC. Billing will also be handled regionally, and customers will need to create a separate account for the European Sovereign Cloud. They will also need to do this if they already have an AWS account for using cloud services from standard regions.
According to AWS, the AWS European Sovereign Cloud is also completely independent from a technical standpoint. This applies, for example, to the network connections used by the European Sovereign Cloud, which are provided by European providers. The promise is that everything runs regionally and is handled regionally. Furthermore, AWS promises that it is more or less impossible to discontinue the service. It gives specific employees of the AWS European Sovereign Cloud (all of whom are EU residents) access to the source code needed to keep its services running.
More fundamentally, the Nitro System also plays an important role. All AWS cloud regions are built on this system. This foundation alone ensures that no one, not even AWS employees, can access customer data without the customer’s permission. In addition, customers have the option of managing the decryption keys themselves. This renders encrypted data useless, even if someone were able to access it.
New Local Zones
To show that it means business, AWS is not only announcing the general availability of the new sovereign cloud region today. It is also announcing that Local Zones will be added. Belgium, the Netherlands, and Portugal will be equipped with these new sovereign Local Zones. We do not yet know exactly when this will happen. In addition to these new Local Zones, which are part of the AWS European Sovereign Cloud, customers with even stricter requirements can also opt for AWS Dedicated Local Zones, the new AWS AI Factories, or AWS Outposts.
Is it sovereign enough?
The big question that will undoubtedly be on many people’s minds is whether all of the above is sovereign enough. Ultimately, AWS and the AWS European Sovereign Cloud are part of the American company Amazon. That company therefore ultimately has to listen to what the US government expects, desires, and demands.
The CLOUD Act in particular is causing a stir in this regard. It allows the US government to ask Amazon to provide customer data, regardless of where that data is located. Note that this does not mean that it can simply request all kinds of data at any time. It is a law that applies to fairly specific purposes, including the fight against terrorism. The US government must also submit such requests according to a normal process. So it is not the case, at least if everyone acts according to the rules, that it can casually disregard the law.
However, in our opinion, European companies are rightly concerned about the legal dilemma that companies such as Amazon find themselves in. On the one hand, there is GDPR/AVG in Europe, and on the other, the CLOUD Act in the US. This could well cause friction, even though AWS itself states that since it started keeping statistics (about five years ago), it has never transferred any customer information. It also states that it can only comply with requests if it is technically possible to access that data. And that is not the case with the Nitro base of the AWS cloud, the company says.
We are attending the launch of the AWS European Sovereign Cloud in Berlin today to gain some more insight into (among other things) the above questions and claims. So, to be continued soon.