AWS claims their cloud is "sovereign" and "independent" while remaining owned by a US corp subject to US law (including the CLOUD Act). That's not how sovereignty works.
EU citizen operators don't change the fact that the underlying technology, patents, and corporate control remain American.
Zero details on pricing, available services, or how they'll handle conflicts between US law and their "sovereignty" promises. For something launching next year, that's concerning.
Actually, it is. It will operate as a subsidiary company based in Europe. That means it's 100% subject to European law, not American law. And being staffed by Europeans means they are immune to any US legal threats. I.e. the US can't compel a European employee to reveal data under a subpoena the way it could compel American citizens.
Amazon remains the owner and controls the technology, yes. But as long as things are encrypted correctly and the hardware is in Europe, the data is secure from the US government. Sure Amazon or any cloud provider could build a back door, but that will eventually be discovered whether by hacker or whistleblower and their reputation will be forever ruined and they'll lose all corporate and government business forever. It's not in Amazon's corporate self-interest to allow a back door like that.
> It will operate as a subsidiary company based in Europe. That means it's 100% subject to European law, not American law.
As a subsidiary company, does Amazon retain operational control over that branch?
If so, it's subject to the CLOUD act, and therefore, not compatible with EU rules.
> Amazon remains the owner and controls the technology, yes.
So, basically, the answer is that the EU subsidiary is not independent. Consider Lavabit's story, the US admin would have no issue asking Amazon to trojanize their tech.
> their reputation will be forever ruined
That happened 20 years ago.
> It's not in Amazon's corporate self-interest to allow a back door like that.
Being "100% subject to European law" doesn't override the parent company's obligations under US law. At best, it creates a legal conflict where AWS must violate either US or EU law. Which one will the US parent company prioritize if/when faced with enforcement actions?
The only way this would work is if the European operation were truly independent & separately owned, no corporate control from the US. But I don't think that's what AWS is proposing.
> Sure Amazon or any cloud provider could build a back door, but that will eventually be discovered whether by hacker or whistleblower and their reputation will be forever ruined and they'll lose all corporate and government business forever. It's not in Amazon's corporate self-interest to allow a back door like that.
In which alternate reality is that? This already happened with Snowden's leaks when we learned about Microsoft's, Apple's, and Google's participation in the PRISM program and their market dominance has only grown since then. There were no consequences, the market didn't care, the shareholders didn't care, their customers largely didn't care, and they didn't lose any sleep over it.
> their reputation will be forever ruined and they'll lose all corporate and government business forever
Unfortunately this is not how it works. A cynic in me would say just the opposite, looking how Crowdstrike is doing now after causing one of the biggest technological disasters of the decade by their incompetence.
Yeah this is just window dressing. The NSA will still get their feeds whenever they want.
That said, being fully European doesn't guarantee anything either. They'll just bribe some employees or use an allied intelligence agency within the EU.
At the moment that the thing is operated and owned by an US company, they are subject to the law and will of the US government and so obviously not sovereign.
I'm wondering if someone could sue them for "deceptive marketing statement" under European law.
Sadly a lot of company will pretend to believe the marketing of aws to have an excuse to use aws and pretend to be using a safe sovereign cloud.
Also, I have doubt that the European employees and entities with all access and review to source code, and everything. It will probably be European technician running black box servers in an European data center.
This may be blindingly obvious, but I’m going to say it anyway: If Amazon was willing to actually give up control of AWS EU, then this kind of announcement would be entirely surplus to requirements. But they will (obviously and rationally) not be giving up control of AWS EU because that would essentially have to be an act of charity, so they need to dress it up a bit.
(Before hitting ‘add comment’ I’m taking a moment to consider if I’m being overly cynical. But no, I really don’t think I am. But my company does compete with AWS, so that is a bias.)
"The Cloud Act is a law that gives the US government authority to obtain digital data held by US-based tech corporations irrespective of whether that data is stored on servers at home or on foreign soil. It is said to compel these companies, via warrant or subpoena, to accept the request."
But there _is_ also an attitude difference. In terms of willingness to take risks and innovate, the USA does do very well for itself, and I think the UK does ok too. But that cannot be said for the EU countries I’ve lived in. Stable reliable long term safe jobs seem to be more the name of the game, and starting a company is seen as a big and risky commitment. Whereas in the US and UK you can start a company in your lunch break.
It is a generalisation, and I’m part of a wonderful entrepreneurial community here in Munich. But even there everyone says how risk averse European businesses are. I really really wish it wasn’t true.
The US has an excess of money due to the long-term consequences of the Bretton Woods system: it gets to export the externalities of its money printing to the whole world, so it gets to print a lot more money than other countries. That's combined with an amplification effect, because investor money tends to go to the places that have lots of money that could potentially be the investor's return.
I think that's pretty straightforward. The US VC funding is far greater and easier to obtain than in Europe or other western nations. But it's a bit of a chicken and egg scenario. The US VC space exists partly because of the wild success of silicon valley. Once it got a significant lead it became a self re-enforcing system.
To compete, other countries need their own VC system which is a bit tricky. It requires likely a level of government funding or other incentives to get it off the ground and ramping up. Then also, you need to incentivize VCs to stay in your country.
If the development is not happening in the EU it is not sovereign. It is a proprietary solution controlled by an US company. If they pull the plug the EU cloud will not receive security updates nor bugfixes or they simply revoke their licenses. Operating in Europe and by Europeans is not enough.
Always was. Its telling that they think that they were not previously subject to EU laws when their EU subsidiary did business with someone located in the EU.
Readit News
Actually, it is. It will operate as a subsidiary company based in Europe. That means it's 100% subject to European law, not American law. And being staffed by Europeans means they are immune to any US legal threats. I.e. the US can't compel a European employee to reveal data under a subpoena the way it could compel American citizens.
Amazon remains the owner and controls the technology, yes. But as long as things are encrypted correctly and the hardware is in Europe, the data is secure from the US government. Sure Amazon or any cloud provider could build a back door, but that will eventually be discovered whether by hacker or whistleblower and their reputation will be forever ruined and they'll lose all corporate and government business forever. It's not in Amazon's corporate self-interest to allow a back door like that.
As a subsidiary company, does Amazon retain operational control over that branch?
If so, it's subject to the CLOUD act, and therefore, not compatible with EU rules.
> Amazon remains the owner and controls the technology, yes.
So, basically, the answer is that the EU subsidiary is not independent. Consider Lavabit's story, the US admin would have no issue asking Amazon to trojanize their tech.
> their reputation will be forever ruined
That happened 20 years ago.
> It's not in Amazon's corporate self-interest to allow a back door like that.
They wouldn't have a say in the matter.
The only way this would work is if the European operation were truly independent & separately owned, no corporate control from the US. But I don't think that's what AWS is proposing.
Already was - I pay Amazon Web Services EMEA SARL ("AWS Europe") an entity established in Luxembourg.
> That means it's 100% subject to European law.
Always have been. What is it with tech companies thinking the law doesn't apply to them because muah internet?
> US can't compel a European employee
Courts compel companies not employees, companies get fined and CEOs go to jail for failure to comply.
In which alternate reality is that? This already happened with Snowden's leaks when we learned about Microsoft's, Apple's, and Google's participation in the PRISM program and their market dominance has only grown since then. There were no consequences, the market didn't care, the shareholders didn't care, their customers largely didn't care, and they didn't lose any sleep over it.
Unfortunately this is not how it works. A cynic in me would say just the opposite, looking how Crowdstrike is doing now after causing one of the biggest technological disasters of the decade by their incompetence.
Deleted Comment
You should be ashamed of yourself for shilling for this shit. Curtis Yarvin would be proud.
That said, being fully European doesn't guarantee anything either. They'll just bribe some employees or use an allied intelligence agency within the EU.
Dead Comment
I'm wondering if someone could sue them for "deceptive marketing statement" under European law.
Sadly a lot of company will pretend to believe the marketing of aws to have an excuse to use aws and pretend to be using a safe sovereign cloud.
Also, I have doubt that the European employees and entities with all access and review to source code, and everything. It will probably be European technician running black box servers in an European data center.
and pay a premium for the pleasure of course
(Before hitting ‘add comment’ I’m taking a moment to consider if I’m being overly cynical. But no, I really don’t think I am. But my company does compete with AWS, so that is a bias.)
It would be a dumb move though because they need a worldwide CDN for customers from other countries outside the EU too.
https://www.theregister.com/2025/07/25/microsoft_admits_it_c...
https://news.ycombinator.com/item?id=43465403
But there _is_ also an attitude difference. In terms of willingness to take risks and innovate, the USA does do very well for itself, and I think the UK does ok too. But that cannot be said for the EU countries I’ve lived in. Stable reliable long term safe jobs seem to be more the name of the game, and starting a company is seen as a big and risky commitment. Whereas in the US and UK you can start a company in your lunch break.
It is a generalisation, and I’m part of a wonderful entrepreneurial community here in Munich. But even there everyone says how risk averse European businesses are. I really really wish it wasn’t true.
Sincerely, someone in Canada who did this.
To compete, other countries need their own VC system which is a bit tricky. It requires likely a level of government funding or other incentives to get it off the ground and ramping up. Then also, you need to incentivize VCs to stay in your country.
At least my 2cents.
"AWS rescined my offer due to the lack of citizenship"
"At the beginning of June, I had the opportunity to interview at AWS for a Systems Engineer position (working on the EU Sovereign Cloud project)."
> the AWS European Sovereign Cloud is operated only by personnel who are European Union (EU) residents located in the EU, subject to EU law.
Always was. Its telling that they think that they were not previously subject to EU laws when their EU subsidiary did business with someone located in the EU.
The key thing is, at the moment US staff can do admin actions (e.g. SSH into physical hosts). Under this new framework, they can't.