Amazon Web Services has launched the AWS European Sovereign Cloud, describing it as cloud infrastructure that is physically and logically separate from other AWS Regions and located entirely in the EU, with the first Region planned in Brandenburg, Germany. AWS said it plans to invest more than €7.8 billion by 2040 to support the initiative.
Governance and operational controls
AWS said the sovereign cloud will operate under dedicated European legal entities established under German law, led by managing directors Stéphane Israël and Stefan Hoechbauer, and overseen by an advisory board comprised exclusively of EU citizens, including two independent third-party representatives.
AWS also said only AWS employees residing in the EU will control day-to-day operations, including data-center access and customer support, and that, under “exceptional circumstances,” authorized EU-resident staff would have independent access to a replica of source code required to maintain services.
Reuters reported AWS described the design as enabling operations to continue even in extreme scenarios such as a broader digital disconnection, as European customers raise concerns about foreign jurisdiction and data access.
Jurisdiction and data-access concerns
Those concerns are often linked to the U.S. CLOUD Act, which the U.S. Justice Department clarified that providers subject to U.S. jurisdiction can be compelled to disclose data responsive to valid U.S. legal process regardless of where it is stored.
EU rules point the other way: GDPR Article 48 says third-country court orders seeking personal data may be recognized or enforceable in the EU only if based on an international agreement such as a mutual legal assistance treaty.
Regulatory enforcement backdrop
Recent enforcement actions include major fines. The European Data Protection Board said Meta’s Facebook was hit with a record €1.2 billion GDPR fine tied to transfers of personal data to the U.S. in May 2023. In April 2025, the European Commission imposed its first Digital Markets Act fines, including €200 million on Meta over its “consent or pay” model.
What it means for cloud buyers
For cloud buyers, sovereignty requirements are tightening alongside switching and resilience rules. The European Commission says the EU Data Act has been applicable since September 12, 2025, including provisions affecting cloud switching and interoperability. EU financial-sector resilience requirements under DORA have applied since January 17, 2025, increasing scrutiny of ICT and third-party risk management.