European organisations are now considering cloud options beyond just cost, scale, and performance. The focus has shifted towards questions of control, such as where data is stored, who has access to it, and how vulnerable critical systems are to foreign laws and political pressure.
This shift in focus has led to the rise of “sovereign cloud” offerings in the European Union. These services aim to keep data within national or regional borders and restrict access to authorised personnel. This concept has gained importance as regulators increase scrutiny on US tech companies and their impact on Europe’s digital infrastructure.
Amazon has introduced a European version of its sovereign cloud through Amazon Web Services, known as the AWS European Sovereign Cloud. This setup, based in Brandenburg, Germany, caters to customers with strict data and governance requirements.
Sovereign cloud services typically involve storing and processing data within a specific jurisdiction without transferring it elsewhere. This distinction is crucial for public agencies, defence organisations, utilities, and regulated industries like finance and healthcare.
AWS emphasizes that its European sovereign cloud is separate from other AWS regions, both physically and logically. The service is under the control of a local parent company within the EU, managed by EU citizens. In extreme cases, EU-resident employees can access a replica of the source code to maintain the service independently.
While these details are important for CIOs and compliance teams, organisations are cautious about fully trusting them. Many companies already heavily rely on AWS and other major cloud providers, prompting boards and regulators to raise concerns about dependence and oversight. Opting for a sovereign cloud option from an established provider may reduce friction for teams while demonstrating enhanced safeguards to regulators.
However, some buyers may view this move as a partial solution rather than a complete break. Despite the infrastructure being located in Europe, AWS remains a US company subject to US laws. This raises questions about the practical extent of legal separation and whether governance structures adequately address concerns about access and control.
European policymakers have long warned about the risk of depending on foreign cloud providers for sensitive workloads. This concern has escalated as the EU advocates for stricter enforcement of competition and data regulations. AWS, Microsoft, and Google collectively hold about 70% of the European cloud market, drawing regulatory attention.
European regulators are actively investigating cloud services from Amazon and Microsoft under the Digital Markets Act, aimed at curbing the dominance of tech giants. The introduction of sovereign cloud structures raises the question of whether they alleviate regulatory pressure or simply run parallel to it.
From a regulatory standpoint, the effectiveness of sovereign cloud offerings depends on whether they influence outcomes, not just architecture. While local data storage and restricted access address privacy and security concerns, competition authorities are concerned about market dominance, customer lock-in, and the ability of smaller providers to compete.
AWS promotes its sovereign cloud as resilient in the face of global disruptions, claiming it can operate even if communication with the outside world is severed. This feature is crucial for governments and operators of critical infrastructure, focusing on continuity planning rather than performance.
Amazon has committed to investing 7.8 billion euros in the German sovereign cloud project by 2040 and plans to expand to Belgium, the Netherlands, and Portugal. This indicates AWS’s anticipation of growing demand from European customers amid ongoing political pressure for digital sovereignty.
The emergence of sovereign cloud options reflects a shift in how organisations assess cloud risks. While cost savings and speed remain important, they are now balanced against regulatory exposure, audit complexity, and long-term reliance. The success of AWS’s approach in addressing these pressures will depend on how regulators respond in practice.
(Photo by Christian Lue)
See also: Data centre construction: implications for enterprise strategy in 2026
Want to learn more about Cloud Computing from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and is co-located with other leading technology events, click here for more information.
CloudTech News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here.
