This sounds so weird. Is there a legal requirement for this?
Does this offer any type of real protection? Or is there a code of conduct that that intelligence agencies never hire people with foreign nationalities?
AWS claims their cloud is "sovereign" and "independent" while remaining owned by a US corp subject to US law (including the CLOUD Act). That's not how sovereignty works.
EU citizen operators don't change the fact that the underlying technology, patents, and corporate control remain American.
Zero details on pricing, available services, or how they'll handle conflicts between US law and their "sovereignty" promises. For something launching next year, that's concerning.
This may be blindingly obvious, but I’m going to say it anyway: If Amazon was willing to actually give up control of AWS EU, then this kind of announcement would be entirely surplus to requirements. But they will (obviously and rationally) not be giving up control of AWS EU because that would essentially have to be an act of charity, so they need to dress it up a bit.
(Before hitting ‘add comment’ I’m taking a moment to consider if I’m being overly cynical. But no, I really don’t think I am. But my company does compete with AWS, so that is a bias.)
"The Cloud Act is a law that gives the US government authority to obtain digital data held by US-based tech corporations irrespective of whether that data is stored on servers at home or on foreign soil. It is said to compel these companies, via warrant or subpoena, to accept the request."
At the moment that the thing is operated and owned by an US company, they are subject to the law and will of the US government and so obviously not sovereign.
I'm wondering if someone could sue them for "deceptive marketing statement" under European law.
Sadly a lot of company will pretend to believe the marketing of aws to have an excuse to use aws and pretend to be using a safe sovereign cloud.
Also, I have doubt that the European employees and entities with all access and review to source code, and everything. It will probably be European technician running black box servers in an European data center.
If the development is not happening in the EU it is not sovereign. It is a proprietary solution controlled by an US company. If they pull the plug the EU cloud will not receive security updates nor bugfixes or they simply revoke their licenses. Operating in Europe and by Europeans is not enough.
This very much confused me. Isn't the idea behind this movement that Europe doesn't want to be dependent on external companies for critical infrastructure? Won't this just be the equivalent of a shell company completely dependant on Amazon in the US for any future fixes or R&D?
As long as the majority ownership of the child company is not within the EU, I would not consider it sovereign. Sovereign implies that ownership and control is wholly within the borders of the EU.
It's weird how people here react to the CLOUD Act. The CLOUD Act contains two provisions.
One provision relates to MLATs (mutual legal assistance treaties). An MLAT is an agreement between countries to cooperate on gathering and exchanging information to enforce laws. For example an MLAT might provide a way for police from one country to go to another country to interrogate a suspect who resides in that other country.
The CLOUD Act provided a way for the executive branch to enter into bi-lateral MLATs for data exchange as long as the Attorney General and the Secretary of State agreed that the foreign country had sufficient data access protections for data it received related to US citizens.
Before this entering into an MLAT was done the same way as any other treaty. The executive would negotiate the terms, then the President would sign, then the Senate would vote, and if 2/3s of the Senators voted to ratify the President could then ratify the treaty and exchange instruments of ratification with the other country. Only at that point did the MLAT actually go into effect.
This provision makes it much easier to enter into MLATs for data sharing and it can be done entirely by the executive branch. That's a massively lower barrier than requiring a 2/3 Senate vote.
It was this expansion of MLATs that drew most of the opposition to the CLOUD Act from several major civil rights groups.
Yet I almost never see this aspect of the CLOUD Act come up here. Nearly every time it comes up it is over the other provision.
The other provision said that if a warrant or subpoena asks a US company for data that it possesses or controls it had to provide that data regardless of where it actually is storing the data.
That's how it works for physical documents. For example if I'm in Los Angeles and own two physical documents, one of which is in my vacation house in Florida and the other in my vacation house in France, and a US court orders me to turn over those documents (or copies of them), I have to.
I won't be able to successfully resist by saying the one in France is outside the jurisdiction of the court. That's because the court is not asking France for the document, or trying to order anyone outside the US to do anything. It is ordering me to produce the document, which I can do simply by calling my French housekeeper and asking them to get the document and mail it to me.
Asking my French housekeeper to mail me a document I own from my French vacation house is something legal for me to do. I probably even routinely ship documents to and from France.
If you think about it, it pretty much has to work this other. Otherwise any company that wanted to hide anything from regulators could simply ship any possibly incriminating documents they have but cannot legally destroy to a document storage service in another country once they are no longer actively using them.
As far as I know this has never been controversial.
All the CLOUD Act provision on warrants and subpoenas does is say that digital documents work the same way physical documents do.
It is probably actually more important that digital documents work this way than it is for physical documents. With physical documents if I store them in another country they then it is a hassle if I ever need to work with them.
With digital documents it is easy to store everything in another country and instantly make a local copy when I need to work with a document, and when I'm done working save any changes back to the foreign storage and delete local copies.
I'm reasonably sure most other countries either have something equivalent to this part or they have laws that prevent companies in the country from storing documents outside the country. Otherwise it would be standard procedure for companies in the country to store all their digital data outside the country, ideally somewhere that does not have an MLAT with their home country. That way as long as they did nothing that drew the attention of regulators or ...
Sovereignty with AWS? Seriously? Go for CNCF-backed solutions instead—take Cozystack: open-source, no license bait-and-switch (it’s under CNCF, not like Mongo or Terraform), and you get a full cloud stack (VMs, DBs, K8s) on your own or rented servers.
20 comments
[ 4.0 ms ] story [ 36.0 ms ] thread> the AWS European Sovereign Cloud is operated only by personnel who are European Union (EU) residents located in the EU, subject to EU law.
(Before hitting ‘add comment’ I’m taking a moment to consider if I’m being overly cynical. But no, I really don’t think I am. But my company does compete with AWS, so that is a bias.)
Appeasing a nationalists appetite is impossible.
https://www.theregister.com/2025/07/25/microsoft_admits_it_c...
I'm wondering if someone could sue them for "deceptive marketing statement" under European law.
Sadly a lot of company will pretend to believe the marketing of aws to have an excuse to use aws and pretend to be using a safe sovereign cloud.
Also, I have doubt that the European employees and entities with all access and review to source code, and everything. It will probably be European technician running black box servers in an European data center.
But ultimately it’s still very much a US hyperscaler.
Would US gov/US big biz entrust their data to huawei if they promise a similar us location based scheme? I think not
"AWS rescined my offer due to the lack of citizenship"
"At the beginning of June, I had the opportunity to interview at AWS for a Systems Engineer position (working on the EU Sovereign Cloud project)."
One provision relates to MLATs (mutual legal assistance treaties). An MLAT is an agreement between countries to cooperate on gathering and exchanging information to enforce laws. For example an MLAT might provide a way for police from one country to go to another country to interrogate a suspect who resides in that other country.
The CLOUD Act provided a way for the executive branch to enter into bi-lateral MLATs for data exchange as long as the Attorney General and the Secretary of State agreed that the foreign country had sufficient data access protections for data it received related to US citizens.
Before this entering into an MLAT was done the same way as any other treaty. The executive would negotiate the terms, then the President would sign, then the Senate would vote, and if 2/3s of the Senators voted to ratify the President could then ratify the treaty and exchange instruments of ratification with the other country. Only at that point did the MLAT actually go into effect.
This provision makes it much easier to enter into MLATs for data sharing and it can be done entirely by the executive branch. That's a massively lower barrier than requiring a 2/3 Senate vote.
It was this expansion of MLATs that drew most of the opposition to the CLOUD Act from several major civil rights groups.
Yet I almost never see this aspect of the CLOUD Act come up here. Nearly every time it comes up it is over the other provision.
The other provision said that if a warrant or subpoena asks a US company for data that it possesses or controls it had to provide that data regardless of where it actually is storing the data.
That's how it works for physical documents. For example if I'm in Los Angeles and own two physical documents, one of which is in my vacation house in Florida and the other in my vacation house in France, and a US court orders me to turn over those documents (or copies of them), I have to.
I won't be able to successfully resist by saying the one in France is outside the jurisdiction of the court. That's because the court is not asking France for the document, or trying to order anyone outside the US to do anything. It is ordering me to produce the document, which I can do simply by calling my French housekeeper and asking them to get the document and mail it to me.
Asking my French housekeeper to mail me a document I own from my French vacation house is something legal for me to do. I probably even routinely ship documents to and from France.
If you think about it, it pretty much has to work this other. Otherwise any company that wanted to hide anything from regulators could simply ship any possibly incriminating documents they have but cannot legally destroy to a document storage service in another country once they are no longer actively using them.
As far as I know this has never been controversial.
All the CLOUD Act provision on warrants and subpoenas does is say that digital documents work the same way physical documents do.
It is probably actually more important that digital documents work this way than it is for physical documents. With physical documents if I store them in another country they then it is a hassle if I ever need to work with them.
With digital documents it is easy to store everything in another country and instantly make a local copy when I need to work with a document, and when I'm done working save any changes back to the foreign storage and delete local copies.
I'm reasonably sure most other countries either have something equivalent to this part or they have laws that prevent companies in the country from storing documents outside the country. Otherwise it would be standard procedure for companies in the country to store all their digital data outside the country, ideally somewhere that does not have an MLAT with their home country. That way as long as they did nothing that drew the attention of regulators or ...