More independence from the United States: How sovereign is AWS’s planned “European Cloud” really?

The US company Amazon is planning a further expansion of its cloud infrastructure in Germany. Via its subsidiary Amazon Web Services (AWS), three new data centers are to be built in the state of Brandenburg, Germany. The facilities are part of a so-called “European Sovereign Cloud.” AWS is promoting this as a cloud for European customers that is physically and organizationally separated from the existing US infrastructure.

AWS justifies the project with rising demand for cloud services that meet European data protection and security requirements. Public authorities, publicly owned companies, and operators of critical infrastructure in particular increasingly have to store and process data within the European Union. The new cloud is intended to enable these organizations to use modern IT services without violating regulatory requirements.

According to AWS, the “European Sovereign Cloud” is to be operated entirely within the EU. Data, metadata, as well as administrative and billing information are to remain exclusively in European data centers. Operations are to be handled by staff based in Europe. AWS also promises that the infrastructure is technically and organizationally separated from other AWS regions and could remain functional even in the event of geopolitical tensions or restrictions in transatlantic data flows. A central element is encryption: customers are to retain control of their keys so that AWS itself has no access to unencrypted data.

European sovereignty made in the USA?

In the debate on digital sovereignty, these commitments are indeed seen by some as progress. Supporters view the planned cloud as a way to reduce risks such as uncontrolled data outflows or operational dependencies on non-European infrastructures. At the same time, fundamental criticisms remain. Skeptics point out that AWS remains a US company and is therefore fundamentally subject to US law. Even if data is stored in Europe, corporate structures, software dependencies, or legal obligations in the United States could still exert influence. Added to this is concern about economic dependency and long-term lock-in to proprietary cloud services, which makes switching to European providers more difficult.

Among the critics is the german digital rights expert Markus Beckedahl. He has expressed doubts that a cloud from a US provider can truly be considered sovereign. European data centers and stronger technical segregation may be sensible, he argues, but they do not change the underlying power imbalance. As long as key technologies, software, and corporate control remain with a US company, the promised independence remains limited.

The planned “European Sovereign Cloud” by AWS thus illustrates the ambiguity of the term sovereignty. For many users, it could offer more control and legal certainty than traditional cloud offerings. However, it is unlikely to deliver full digital independence from the United States. The new data centers in Brandenburg are therefore less a break with existing dependencies than an attempt to mitigate them politically and technically.