AWS forms EU-based cloud unit as customers fret about Trump 2.0

In a nod to European customers' growing mistrust of American hyperscalers, Amazon Web Services says it is establishing a new organization in the region "backed by strong technical controls, sovereign assurances, and legal protections."

Ever since the Trump 2.0 administration assumed office and implemented an erratic and unprecedented foreign policy stance, including aggressive tariffs and threats to the national sovereignty of Greenland and Canada, customers in Europe have voiced unease about placing their data in the hands of big US tech companies.

The Register understands that data sovereignty is now one of the primary questions that customers at European businesses ask sales reps at hyperscalers when they have conversations about new services.

At the end of April, Microsoft responded to what it classified as "geopolitical and trade volatility" between the US and Europe by offering customers privacy safeguards and claiming it will fight the US government in court to protect customer data if needed.

Google Cloud followed suit last month, updating its sovereign cloud services by adding an air-gapped solution, among other measures intended to soothe the nerves of customers in the EU trading bloc.

Not to be outdone, AWS is forming a new European organization with a locally controlled parent company and three subsidiaries incorporated in Germany, as part of its European Sovereign Cloud (ESC) rollout, set to launch by the end of 2025. Kathrin Renz, an AWS Industries VP based in Munich, will lead the operation as the first managing director of the AWS ESC. The other leaders, we're told, include a government security official and a privacy official – all EU citizens.

The cloud giant stated: "AWS will establish an independent advisory board for the AWS European Sovereign Cloud, legally obligated to act in the best interest of the AWS European Sovereign Cloud. Reinforcing the sovereign control of the AWS European Sovereign Cloud, the advisory board will consist of four members, all EU citizens residing in the EU, including at least one independent board member who is not affiliated with Amazon.

"The advisory board will act as a source of expertise and provide accountability for AWS European Sovereign Cloud operations, including strong security and access controls and the ability to operate independently in the event of disruption."

The AWS ESC allows the business to continue operations indefinitely, "even in the event of a connectivity interruption between the AWS European Sovereign Cloud and the rest of the world."

Authorized ESC staff who are EU residents will have independent access to a replica of the source code needed to maintain services under "extreme circumstances."

The services will have "no critical dependencies on non-EU infrastructure," with staff, tech, and leadership all based on the continent, AWS said.

"The AWS European Sovereign Cloud will have its own dedicated Amazon Route 53, providing customers with a highly available and scalable Domain Name System (DNS), domain name registration, and health-checking web services," the company said.

"The Route 53 name servers for the AWS European Sovereign Cloud will use only European Top Level Domains (TLDs) for their own names. AWS will also launch a dedicated 'root' European Certificate Authority, so that the key material, certificates, and identity verification needed for Secure Sockets Layer/Transport Layer Security certificates can all run autonomously within the AWS European Sovereign Cloud."

The sovereign cloud will be supported by a dedicated European Security Operations Center (SOC), led by an EU citizen residing in the EU, who will advise the managing director and assist customers and regulators on security matters.

Regardless of Amazon's data sovereignty pledge, the parent company remains under American ownership, and may still be subject to the Cloud Act, which requires US companies to turn over data to law enforcement authorities with the proper warrants, no matter where that data is stored.

As Frank Karlitschek, CEO of Germany-based Nextcloud, told us in March: "The Cloud Act grants US authorities access to cloud data hosted by US companies. It does not matter if that data is located in the US, Europe, or anywhere else."

• Under Trump 2.0, Europe's dependence on US clouds back under the spotlight
• Time to ditch US tech for homegrown options, says Dutch parliament
• Euro techies call for sovereign fund to escape Uncle Sam's digital death grip
• 'Close to impossible' for Europe to escape clutches of US hyperscalers

Meanwhile, the rift between European politicians and US hyperscalers continues to grow.

Despite Microsoft's privacy pledges in late April, it reportedly blocked International Criminal Court (ICC) Chief Prosecutor Karim Khan from getting access to his email last month in compliance with US sanctions.

The move "shows us that the EU cannot trust US operating system providers," said Member of European Parliament Aura Salla in a blog post on May 26.

"The US applied sanctions in February to ICC staff in response to their investigations into Israeli politicians. This challenges the trust of all users of Microsoft's cloud technologies in Europe," she added.

"With this decision, Microsoft is raising awareness in Europe on how totally reliant and vulnerable we are in our dependence on US technology companies. We must finally put our companies first and build European alternatives. Europe cannot rely on the mercy of the US or Chinese governments' decisions. This also requires protective actions.

"We no longer have the same trust with the Trump administration – meaning that we need to review our data transfer agreement with the US. Europe must wake up and understand we can only rely on ourselves. This is a significant factor for both European competitiveness and comprehensive security. European data should no longer be given to the Americans for their development work free of charge."

The EU is not currently in a state to rely on homegrown tech infrastructure, as we revealed weeks ago, so it seems the hyperscalers have time to convince customers in the region that they can be trusted before an alternative solution truly gathers momentum. ®