Design approach

The first AWS European Sovereign Cloud Region will be located in Germany in the State of Brandenburg, and its customers will benefit from the full power of AWS with the same familiar architecture, expansive service portfolio, third-party tools and software, and APIs provided in existing AWS Regions.

Infrastructure

The physical infrastructure of the AWS European Sovereign Cloud will be distinct and dedicated to the AWS European Sovereign Cloud. Though separate from the existing AWS global infrastructure, this AWS European Sovereign Cloud infrastructure will maintain the standard Regional model approach used by AWS, which includes multiple redundant fault-isolated Availability Zones connected to one another with redundant low-latency high-bandwidth dedicated metro fiber. An Availability Zone is one or more discrete data centers with independent and redundant power infrastructure, networking, and connectivity in an AWS Region. Availability Zones in an AWS Region are close enough to enable synchronous replication with single-digit millisecond latency. They are designed not to be simultaneously impacted by a scenario such as loss of utility power, water disruption, fiber isolation, earthquakes, fires, tornadoes, or floods. Common points of failure, like generators and cooling equipment, are not shared across Availability Zones and are designed to be supplied by independent power substations. When AWS deploys updates to its services, deployments to Availability Zones in the same Region are separated in time to prevent the risk of correlated failure.

Logical isolation and independence

To support its sovereign goals, the AWS European Sovereign Cloud Region will be independent from other AWS Regions. Existing AWS Regions are designed to be isolated and independent from other AWS Regions. This deliberate separation between AWS Regions works to limit the scope of service failures to a single AWS Region (if not to an even more narrowly defined fault boundary such as an Availability Zone). There are however, a few exceptions (for example, billing and account management) to this general rule for existing AWS Regions. The AWS European Sovereign Cloud goes further in its isolation and independence because it is designed to be more than simply another AWS Region—it will be a new cloud partition that is logically and physically separate from the existing AWS Cloud. This is an essential distinction between the AWS European Sovereign Cloud and our existing AWS Regions and it means the AWS European Sovereign Cloud will have its own independent billing, account, and identity systems from the rest of the AWS Cloud, which will operate completely on the dedicated AWS European Sovereign Cloud stack deployed on AWS European Sovereign Cloud infrastructure. This isolation and autonomy allow for additional access controls to be applied in the AWS European Sovereign Cloud. For that reason, AWS European Sovereign Cloud customers will need to sign up for accounts that are separate from any AWS accounts used to configure and access services in the global AWS Cloud, and global AWS accounts will not enable configuration and access to services in the AWS European Sovereign Cloud.

The AWS European Sovereign Cloud will have no critical dependencies on non-EU infrastructure. Everything needed to operate the AWS European Sovereign Cloud is in the EU: the talent, the technology, the infrastructure, and the leadership. The AWS European Sovereign Cloud will have dedicated networking infrastructure and connectivity from European providers, in addition to sovereign points of presence for direct network connection to the AWS European Sovereign Cloud through AWS Direct Connect, providing customers an autonomous connection to the AWS European Sovereign Cloud. The AWS European Sovereign Cloud will have its own dedicated Amazon Route 53 routing, providing customers with a highly available and scalable DNS, domain name registration, and health-checking web services. The Route 53 name servers for the AWS European Sovereign Cloud will use only European Top Level Domains (TLDs) for their own names. AWS will also launch a dedicated root European Certificate Authority, to support autonomous trust service operations within the AWS European Sovereign Cloud.

Operational and support boundary

A key distinction between the AWS European Sovereign Cloud and the existing AWS global Regions is staffing. All the personnel of the AWS European Sovereign Cloud, including those who provide support and operate AWS European Sovereign Cloud data centers, will be restricted to Qualified AWS European Sovereign Cloud Staff. AWS is investing in hiring a suite of Qualified AWS European Sovereign Cloud Staff who will be responsible for and in control of access to the AWS European Sovereign Cloud. While global AWS teams will continue to develop AWS services, the AWS European Sovereign Cloud will be controlled by Qualified AWS European Sovereign Cloud Staff. We plan for AWS European Sovereign Cloud teams to establish mechanisms for consultation with global technical specialists as needed to drive down issue resolution time and offer the highest level of service to our customers. Policies and mechanisms for engaging with technical specialists who are not Qualified AWS European Sovereign Cloud Staff will be carefully designed, maintained, and monitored.

The AWS European Sovereign Cloud will be secured by a dedicated European Security Operations Center (SOC) that mirrors AWS global security practices. Security is foundational to digital sovereignty and AWS is architected to be the most secure global cloud infrastructure on which to build, migrate, and manage applications and workloads. AWS has always been secure by design, defining industry-leading practices, technologies, and controls that are deeply integrated across all layers, from the physical data centers to the network design, and service architectures, helping to ensure robust security and data protection for customers' applications and data. To bring these trusted solutions and operations to bear for customers of the AWS European Sovereign Cloud, we will extend our security operations to the dedicated SOC. This SOC will be supported by a dedicated security leader who will be an EU citizen residing in the EU. The security leader will be responsible for advising the managing directors and supporting customers and regulators in Europe on security-related matters.

Data boundary

The AWS European Sovereign Cloud is designed so that customer content is stored and processed exclusively within the AWS European Sovereign Cloud boundary unless the customer chooses otherwise. Customers will have full control over the location of their data and will have the ability to move data out of the AWS European Sovereign Cloud or permit remote access by parties of their choosing.

A unique feature of the AWS European Sovereign Cloud is the additional restrictions placed on customer-created metadata. The AWS European Sovereign Cloud keeps all customer-created metadata, defined as the metadata customers create to manage and configure their resources, within the EU. Customer-created metadata includes roles, permissions, resource labels, and configurations customers use to run on AWS. To better illustrate how customer-created metadata differs from customer content, we will provide an example using Amazon Simple Storage Service (Amazon S3), an object storage service. A customer can store, among other things, image files on Amazon S3. These image files are customer content. When creating an S3 bucket to store image files, the customer can provide a name for the bucket, names for the image objects themselves, declare permissions to decide who is able to access those images, and even assign labels in the form of tags to help them organize and categorize their image data. All this additional information is customer-created metadata, and will not be accessed outside of the EU without the customer's authorization.

Certain data from the AWS European Sovereign Cloud which is neither customer content nor customer-created metadata may leave the EU. AWS operational data such as internal system metrics is one example. This data will be used outside of the AWS European Sovereign Cloud to support use cases such as capacity management, performance monitoring, and security functions which in turn enables AWS global teams to better advise and assist Qualified AWS European Sovereign Cloud Staff in maintaining the highest standards of operational excellence.

AWS is committed to work with our customers and EU data protection agencies to provide the necessary transparency on data flow and the technological controls we provide to restrict them, as we make progress in building the European Sovereign Cloud.

Entity structure, corporate governance, and sub-processors

The first AWS European Sovereign Cloud Region in Germany will be operated by entities established in Germany under German corporate law specifically for this purpose. At the outset, the entity structure of the AWS European Sovereign Cloud is expected to include:

• An AWS European Sovereign Cloud entity that employs AWS European Sovereign Cloud personnel responsible for operating AWS European Sovereign Cloud services

• An AWS European Sovereign Cloud infrastructure entity that owns and operates the underlying AWS European Sovereign Cloud infrastructure

• An AWS European Sovereign Cloud entity to hold the relevant trust certificates

• An AWS European Sovereign Cloud holding entity for the above three entities (AWS European Sovereign Cloud GmbH)

The leaders of the AWS European Sovereign Cloud—who are the managing directors of the AWS European Sovereign Cloud GmbH—will be EU nationals residing in the EU. Kathrin Renz, an AWS Vice President and German resident and national, has been announced as the first leader of the AWS European Sovereign Cloud. Stéphane Israël, former CEO of Arianespace, Europe's leading satellite launch company and a launch provider for Amazon’s Project Kuiper, will also join Amazon in October 2025 to serve as managing director for the AWS European Sovereign Cloud. We're also establishing an AWS European Sovereign Cloud advisory board through the corporate documents (Articles of Association) of the AWS European Sovereign Cloud GmbH. The advisory board will have four members. All members, like the managing directors, will be both current EU residents and EU nationals. One of these four advisory board members will be a disinterested and independent third party. By law, this advisory board will be required to act in the best interest of the AWS European Sovereign Cloud.

The advisory board will receive briefings and provide advisory opinions to the managing directors on sovereignty-related aspects of the operations of the AWS European Sovereign Cloud, including AWS European Sovereign Cloud-specific controls and processes for keeping customer content in the AWS European Sovereign Cloud, AWS European Sovereign Cloud access controls, personnel criteria specific to AWS European Sovereign Cloud operators, and the ability of the AWS European Sovereign Cloud to operate independently.

To facilitate a consistent experience for European customers, the AWS contracting party for AWS accounts in the AWS European Sovereign Cloud associated with a customer location in the EU will be Amazon Web Services EMEA SARL (AWS Europe), with its principal place of business in Luxembourg.

There are a limited number of services where data transfer is an essential function of the service, for example, services sending notifications to end users like Amazon Simple Notification Service (Amazon SNS), which sends notifications from application-to-application or application-to-person. For these services in existing AWS Regions, AWS contracts with certain unaffiliated third-party service providers as listed on our current AWS Sub-processors page. AWS, in accordance with the General Data Protection Regulation (GDPR), will continue to provide transparency on which services fall into this category, and which third-party sub-processors are relevant to the AWS European Sovereign Cloud in these limited cases, and it is in each customer's discretion as to whether they want to use that service.

Approach to law enforcement requests

The AWS European Sovereign Cloud approach to law enforcement requests will consist of technical, operational, legal, and contractual measures.

Technical measures

As part of the technical design, access to the AWS European Sovereign Cloud physical infrastructure and logical system is managed by Qualified AWS European Sovereign Cloud Staff and can only be granted to Qualified AWS European Sovereign Cloud Staff located in the EU. AWS European Sovereign Cloud-restricted data will not be accessible, including to AWS employees, from outside the EU.

All computing on Amazon Elastic Compute Cloud (Amazon EC2) in the AWS European Sovereign Cloud will run on the Nitro System, which eliminates any mechanisms for AWS employees to access customer data on EC2. An independent third party (the UK-based NCC Group) completed a design review confirming the security controls of the Nitro System ("As a matter of design, NCC Group found no gaps in the Nitro System that would compromise these security claims"), and AWS updated its service terms to assure customers "there are no technical means or APIs available to AWS personnel to read, copy, extract, modify, or otherwise access" customer content on the EC2 Nitro System.

Customers also have additional mechanisms to prevent access to their data using cryptography. AWS provides advanced encryption, key management services, and hardware security modules that customers can use to protect their content further. Customers have a range of options to encrypt data in transit and at rest, including options to bring their own keys and use external key stores. Encrypted content is rendered useless without the applicable decryption keys.

The AWS European Sovereign Cloud will also benefit from AWS transparency protections over data movement. We commit in the AWS Service Terms that access to the EC2 Nitro System APIs is "always logged, and always requires authentication and authorization." The AWS European Sovereign Cloud also offers immutable, validated logs that make it impossible to modify, delete, or forge AWS CloudTrail log files without detection.

Operational measures

As previously stated, AWS European Sovereign Cloud operations will be controlled by Qualified AWS European Sovereign Cloud Staff who are located in, and residents of, the EU. We are gradually transitioning the AWS European Sovereign Cloud to be operated exclusively by EU citizens located in the EU. During this transition period we will continue to work with a blended team of EU residents and EU citizens located in the EU. Qualified AWS European Sovereign Cloud Staff, including the managing directors of the AWS European Sovereign Cloud, will be subject to EU law. Law enforcement requests that pertain to AWS European Sovereign Cloud-restricted data will require relevant Qualified AWS European Sovereign Cloud Staff to be included in the chain of review and potential approval. Qualified AWS European Sovereign Cloud Staff are bound by EU law and trained on how to manage requests consistent with local and EU law.

Legal and contractual measures

The AWS European Sovereign Cloud will include legal and contractual protections as well. For example, AWS reviews every law enforcement request individually and independently. AWS commits to use every reasonable effort to redirect any governmental body requesting AWS European Sovereign Cloud-restricted data to the applicable customer; promptly notify the applicable customer about the AWS European Sovereign Cloud-restricted data request, and if AWS is prohibited from notifying a customer about the request, AWS will use all legally valid efforts to obtain a waiver of prohibition to allow AWS to communicate as much information as possible to the customer, and use all legally valid efforts to challenge any request that conflicts with the law of the European Union or applicable Member State law. Since we began reporting the statistic in July 2020, no law enforcement request has resulted in the disclosure to the United States government of AWS enterprise or government content data stored outside the United States. For more information, see the latest Amazon Information Request Report.