Amazon Web Services (AWS) has announced the launch of its European Sovereign Cloud, set to debut by late 2025, backed by a substantial €7.8 billion investment.

This new cloud initiative aims to meet stringent European data sovereignty and regulatory requirements, implementing the Sovereign Requirements Framework (SRF) to align with customer and regulatory expectations.

The AWS European Sovereign Cloud will allow customers to store their data and metadata within the EU, ensuring compliance with European data residency requirements such as GDPR and Germany’s Federal Data Protection Act.

To further enhance compliance, the cloud will operate under a German-based structure managed by EU citizens, with Kathrin Renz appointed as the first managing director based in Munich.

Renz, an AWS Vice President and EU citizen, will lead a governance structure that includes a German-incorporated parent company and a leadership team composed entirely of EU citizens.

The governance structure will also feature an independent advisory board to oversee operations and ensure accountability, reinforcing AWS's commitment to European values.

A dedicated Security Operations Center (SOC) will be established to enhance security and compliance with local laws and standards.

To ensure operational autonomy, AWS will establish a European Certificate Authority and utilize its own instance of Amazon Route 53, avoiding dependencies on non-EU systems.

AWS emphasizes that the sovereign cloud will utilize dedicated networking and European-based security measures, including the SOC led by EU citizens.

This cloud will support a range of services, including artificial intelligence, designed to help European organizations drive innovation while ensuring data sovereignty.

This development intensifies competition with Microsoft, which has also enhanced its data sovereignty measures in Europe amidst evolving regulatory demands.

Concerns over data sovereignty and foreign control over infrastructure are prevalent, with over 60% of UK IT leaders advocating against U.S. cloud service providers due to the implications of the U.S. CLOUD Act.