AWS re:Invent 2025 - AWS European Sovereign Cloud: From concept to reality (SEC201)

AWS European Sovereign Cloud: Delivering Sovereignty at Hyperscale

Sovereignty Matters for Critical Workloads

• Sovereign nations and unions like the EU are a pinnacle of human achievement, but require safeguarding to protect autonomy and security
• Sovereign customers face enhanced requirements around security, autonomy, and continuity to protect against threats like breaches, malware, and ransomware
• AWS wants to empower sovereign customers with full access to its hyperscale services and capabilities without compromises

AWS's Sovereign by Design Approach

• AWS has designed its infrastructure and services to be "sovereign by design" from the ground up:
  • Data residency: Customer data stays within the region it was placed, with no cross-region data movement
  • Data access: AWS has no technical means to access customer data, treating it as "radioactive"
  • Regional isolation: Each AWS region operates autonomously with no cascading impacts between them
• This approach has enabled AWS to serve many public sector and sovereign customers within its standard commercial regions

The AWS European Sovereign Cloud

• A dedicated, physically and logically separated cloud infrastructure for Europe, operated exclusively by EU personnel within the EU
• Key features:
  • Independent identity, access, and billing systems
  • Enhanced data residency, with customer-created metadata staying within the EU
  • Operational autonomy with 100% EU citizen staffing and no external dependencies
  • Independent governance structure with an advisory board and dedicated legal entities
  • End-to-end Euro pricing and payment options
  • Dedicated trust services provider, DNS, and security operations center within the EU
• Designed to accelerate compliance and certification for EU-based workloads

Technical Deep Dive

• Global services like billing, IAM, and DNS have been replicated with dedicated EU-based instances
• Regional services like EC2 and S3 are fully isolated within the European Sovereign Cloud
• Dedicated European root certificate authority and DNS service provide sovereignty at the infrastructure level
• Fully autonomous network and connectivity, with backup links separate from the global AWS backbone
• Comprehensive documentation of sovereignty controls to streamline regulatory compliance

Business Impact and Use Cases

• The European Sovereign Cloud represents a $7.8 billion investment by AWS in Europe's digital future
• Targeted at public sector and highly regulated industries with strict sovereignty requirements
• Key best practices:
  • Carefully evaluate workloads that require the additional sovereignty controls
  • Qualify instance types and reserve capacity for business continuity
• Enables critical infrastructure, sensitive systems, and workloads that go beyond standard commercial region sovereignty levels

Getting Started

• Customers can start building on the European Sovereign Cloud today using the same APIs and SDKs as other AWS regions
• Full service list, white papers, and other resources available at https://aws.amazon.com/europe/sovereign-cloud/
• AWS encourages customers to engage with their account managers to explore building on the European Sovereign Cloud