4 hours ago
6
Customers want their data kept and processed strictly within the EU
AWS is pushing its European Sovereign Cloud, revealing some of the customers it has signed up to operate sensitive workloads on the platform and the continent's over how much sovereign control over data the Amazon subsidiary really offers.
The service became generally available to European customers in January, amid growing alarm over the Trump administration’s open hostility to Europe and the continent's near-total dependence on US cloud platforms.
AWS claims the European Sovereign Cloud represents a physically and logically separate cloud infrastructure, with all components located entirely within the EU.
It started with just a single Region, located in the state of Brandenburg, Germany, but plans to extend its footprint across the EU.
Organizations that have signed up for the service include University Hospital Essen, Schufa, a German credit information bureau, and smart energy and water meter biz Diehl Metering.
Schufa has built a new credit scoring system that uses the AWS Cloud to hold the sensitive financial data of more than 69 million German consumers, while Diehl is operating services such as monitoring and billing for its public sector customers, helping critical infrastructure like waterworks and municipal utilities to manage water and energy data from a single centralized system.
University Hospital Essen says it is using the platform for working with patient health data and also developing new AI technologies to improve patient care.
“The AWS European Sovereign Cloud will support this mission by allowing us to work with health data at scale, while meeting German and European sovereignty expectations,” said Prof Jens Kleesiek, the hospital’s director of its Institute for Artificial Intelligence in Medicine, in a statement.
There are, however, legitimate doubts about whether clouds operating under the aegis of any US company can really offer full sovereignty in Europe. Concerns often center on the US CLOUD Act, under which the authorities can compel any American organization to provide access to data they hold - including data stored outside the United States - subject to due legal process.
An AWS spokesperson told The Register earlier this year that its European Sovereign Cloud includes multiple layers of protection – legal, operational, and technical – to safeguard data; that not even AWS employees can access customer data; and that it provides advanced encryption to allow customers to protect their content.
A Microsoft executive was forced to admit under oath in a French Senate inquiry last year that it cannot guarantee data on French citizens would not be handed over to the American government if requested, and the same US legal rules – namely, the US Cloud Act – apply to AWS.
“The AWS ESC is a fully isolated infrastructure with a separate legal entity in Germany. Although it does offer a certain level of legal insulation, it is still entirely owned by the US mother company. This is an important limitation to its immunity from the CLOUD Act and other US-led prescriptions,” said Forrester senior analyst Dario Maisto.
Technology biz Thales unveiled on Thursday that it is launching its own European sovereign cloud service in Germany, working with Google Cloud.
This is based on the model already used by S3NS, a Thales subsidiary, whereby Google Cloud software and services are operated on dedicated local infrastructure controlled by a local entity.
In this case, Thales says it will be a new German entity, legally and operationally independent from Google Cloud, that will be staffed and managed by local German personnel. It is available in preview now and aims for general availability by the end of 2026.
This new arrangement is perhaps because there are still doubts over whether the S3NS platform is entirely free from potential CLOUD Act interference.
“The joint venture between Thales and Google - S3NS - offers (some) Google services on French sovereign infrastructure. The JV is owned for its vast majority by Thales, which is basically a French government-owned company. This legal configuration grants much better legal insulation and immunity from the CLOUD Act, although this is yet to be tested in court since Google still has a minority share,” Forrester's Maisto told The Register.
The CLOUD Act worries have little to do with sovereignty in its strictest sense, he added, but rather with data privacy and data protection, which is regulated under the US-EU data privacy framework.
Earlier this year, the European Commission awarded four contracts to Europe-based tech firms designed to advance cloud sovereignty in the EU, while spending on sovereign cloud infrastructure services is forecast to more than triple from 2025 to 2027. ®
English (US) ·