I'm the VP / Distinguished Engineer leading the design, delivery, and operations of the European Sovereign Cloud. I'm in Hamburg right now for the AWS Summit tomorrow.
To answer some questions here in one go - for the European Sovereign Cloud, EU laws always apply. The only people with operational control or access (physical, or logical) are EU people in the EU, and decisions about how lawful orders are handled are also made by EU people in the EU. This is one of the biggest pieces of what it means to be a "Sovereign Cloud" and comes directly from the requirements of our customers. Another is that there are no technical dependencies on non-EU infrastructure.
Of course another answer is that for data access it's also great to build systems like KMS, Nitro, Wickr, CMK encryption, etc ... where we as an operator simply have no access to customer data in the first place. And those protections stand too.
> Regardless of Amazon's data sovereignty pledge, the parent company remains under American ownership, and may still be subject to the Cloud Act, which requires US companies to turn over data to law enforcement authorities with the proper warrants, no matter where that data is stored.
How does that work with "decisions about how lawful orders are handled are also made by EU people in the EU"? Will the EU cloud division go rogue once the US attempts to use the CLOUD Act or something?
I always take it as a very bad sign when someone senior working on a project comes to defend their company in a public forum and then mysteriously loses access to their keyboard when half a dozen people immediately raise an objection.
Doesn't an EU brach of a foreign company has to comply with EU laws anyhow. The problem is the parent company being US based and susceptible to US government bullying. As long as it is still Amazon owned nothing fundamental changes really.
Thanks for being here. Hopefully you can answer some more questions.
If company is owned by US entity (AWS/Amazon), can it also block customers by the US government request, similar to how MSFT blocked ICC access to its email service?
Perhaps if Amazon.com Inc. own 100% of the shares as a financial holding but not as a corporate subsidiary, no voting rights, no board seat, no influence whatsoever etc. then there is a chance US requests would have to go via EU courts ...
On paper (aka the laws of the United State) FISA applies to things that physically reside in the US.
"The FISA Court’s only jurisdiction is “to hear applications for and grant orders approving electronic surveillance anywhere within the United States.” 50 U.S.C. § 1803 (a) (1)."
No technical dependencies on non-EU infrastructure seems very unlikely. Does the EU edition not rely on the same software that American AWS owns? Isn't it owned by AWS?
under the US Cloud Act: if the company is owned or operated by a US company, or it is majority controlled by US citizens then "sovereign" is simply not true
just like airlines: the licensing regime for very large cloud providers should require majority control by european shareholders
hopefully those writing the "sovereign service audit checklists" are competent enough to see through this subterfuge
The goal is to design the services and corporate structure in such a way that, if the parent company was forced by US law to try to get ESC data, the operator would be forced by EU law to not comply. In extremis, the partition would be shut down, rather than release the data.
Need managed services beyond scope of the above? There will be plenty of business (smaller and larger) offer you managed solution on top of other cloud providers.
But are they really a sensible alternative to AWS/azure when it comes to developer support etc.? Based on the offerings of European alternatives it seems that everything upto IAAS and limited PAAS offerings can be sourced European, but the real value-add is in development tooling, pipeline support etc. (e.g. AWS CDK) The lock-in on those tools are huge and Europe really need to step up to provide an alternative to that. Love to be proven wrong though.
That all sounds nice, but if the government (US) doesn't honor it's own laws, what
s to stop it from using unreasonable measures to coerce Amazon into doing what it wants?
This whole setup collapses when Bezos calls someone and says "you're fired if you don't do as I say", which he might if Trump leans heavily on him or threatens to take control.
> AWS will establish an independent advisory board for the AWS European Sovereign Cloud, legally obligated to act in the best interest of the AWS European Sovereign Cloud.
The above quote implies that the threat from Bezos should have no effect. Then again, I have no experience in corporate politics. Are you saying that even with that quote the "AWS European Sovereign Cloud" setup is pointless in practice?
Trump doesn't need to be so heavy handed in your imaginary scenario as this is covered by The Cloud Act. The data is still hosted by an American company so with a proper warrant, Amazon will be legally required to hand over data.
In this scenario, the US parent company does not have physical access to the data, so it needs to request it from the EU subsidiary. The subsidiary then refuses the transfer to comply with German law.
The bigger point here is that this is a generational loss of trust. Even if there is some overwhelming political change that pushes Trump and the GOP out by a massive margin, the trust that this won't happen again is gone. Nobody believes that the US can make a promise for more than the length of a presidential term now.
This week here are AWS summits all over Europe. It's a good time to show up wherever AWS representatives stand and ask questions about this initiative, maybe give them some praise (may help their little hearts to hue slightly less black). And ask about IAM, and about legal guaranties, and if it comes to that, what (legal and otherwise) remedies are in place for breach of European regulations by USA authorities.
A particular question I'll ask is if they see tariffs potentially increasing the price of their services both in USA and worldwide. After all, if tariffs make goods more expensive in USA, that could propagate to the services they export.
I'm not an expert on trade and tariffs, but my basic understanding from is that tariffs only apply to goods that cross borders. At the moment, most customers outside of the US have experienced a decrease in price because the dollar has lost strength. Most cloud services are priced in dollars.
At AWS it runs really deep that we don't increase prices. We're like Costco with the hot dog. I've been amazed at the lengths we've gone to over the last few years. As all of our fundamental costs like energy, land, salaries, have experienced inflation globally, we've prioritized cost-savings and efficiency programs that meant we haven't had to pass that on as price increases. We did introduce a new fixed-price for IPv4 addresses, but it's not a significant charge for most customers and is just driven by the finite and now dwindling availability of IPv4 addresses.
Readit News
To answer some questions here in one go - for the European Sovereign Cloud, EU laws always apply. The only people with operational control or access (physical, or logical) are EU people in the EU, and decisions about how lawful orders are handled are also made by EU people in the EU. This is one of the biggest pieces of what it means to be a "Sovereign Cloud" and comes directly from the requirements of our customers. Another is that there are no technical dependencies on non-EU infrastructure.
Of course another answer is that for data access it's also great to build systems like KMS, Nitro, Wickr, CMK encryption, etc ... where we as an operator simply have no access to customer data in the first place. And those protections stand too.
> Regardless of Amazon's data sovereignty pledge, the parent company remains under American ownership, and may still be subject to the Cloud Act, which requires US companies to turn over data to law enforcement authorities with the proper warrants, no matter where that data is stored.
How does that work with "decisions about how lawful orders are handled are also made by EU people in the EU"? Will the EU cloud division go rogue once the US attempts to use the CLOUD Act or something?
Nothing changed.
If company is owned by US entity (AWS/Amazon), can it also block customers by the US government request, similar to how MSFT blocked ICC access to its email service?
Disclaimer: Not a lawyer or PR person.
Encryption does not protect data at runtime. Otherwise AWS is just glorified backup storage of e2ee data.
"The FISA Court’s only jurisdiction is “to hear applications for and grant orders approving electronic surveillance anywhere within the United States.” 50 U.S.C. § 1803 (a) (1)."
"AWS re:Invent 2023 - AWS European Sovereign Cloud: A closer look (SEC216)" - https://youtu.be/qNHWeDf-fTQ
That would be enough reason for non-EU customers to set up there!
just like airlines: the licensing regime for very large cloud providers should require majority control by european shareholders
hopefully those writing the "sovereign service audit checklists" are competent enough to see through this subterfuge
Deleted Comment
MS tried same with their Azure.
This BS on another level.
Use OVH, Hertzner, Scaleway, etc.
Need managed services beyond scope of the above? There will be plenty of business (smaller and larger) offer you managed solution on top of other cloud providers.
This whole setup collapses when Bezos calls someone and says "you're fired if you don't do as I say", which he might if Trump leans heavily on him or threatens to take control.
The above quote implies that the threat from Bezos should have no effect. Then again, I have no experience in corporate politics. Are you saying that even with that quote the "AWS European Sovereign Cloud" setup is pointless in practice?
An advisory board is very different from a governing board.
Depends if PR is pointless.
A particular question I'll ask is if they see tariffs potentially increasing the price of their services both in USA and worldwide. After all, if tariffs make goods more expensive in USA, that could propagate to the services they export.
At AWS it runs really deep that we don't increase prices. We're like Costco with the hot dog. I've been amazed at the lengths we've gone to over the last few years. As all of our fundamental costs like energy, land, salaries, have experienced inflation globally, we've prioritized cost-savings and efficiency programs that meant we haven't had to pass that on as price increases. We did introduce a new fixed-price for IPv4 addresses, but it's not a significant charge for most customers and is just driven by the finite and now dwindling availability of IPv4 addresses.
Deleted Comment
"France singles out digital services for EU’s tariff response" - https://www.euractiv.com/section/tech/news/france-singles-ou...