Amazon Web Services Launches Independent European Cloud as Calls for Data Sovereignty Grow


The AWS Sovereign Cloud will be physically and logically separate from other AWS clouds and has been designed to comply with Europe’s stringent data laws.

Image: Stack Commerce

Amazon Web Services has launched an independent cloud for Europe designed for public sector customers and companies operating in highly regulated industries within the European Union. The AWS Sovereign Cloud will operate both “physically and logically” separate from AWS’s existing cloud regions and has been engineered specifically to meet the data residency and regulatory requirements of European customers.

The new service will offer European customers more granular control over their data as well as greater operational autonomy, with a key facet being that only Europe-based Amazon personnel will be able to manage and provide support for the platform.

The AWS European Sovereign Cloud will launch its first supported region in Germany and will be available to all European AWS customers; AWS didn’t offer an exact timeline for the rollout.

Jump to:

Europe’s push for data sovereignty

The AWS European Sovereign Cloud will enable European customers to keep all their metadata within the EU and will even come with its own billing and usage metering systems, AWS said.

The launch comes as the EU makes a concerted push towards “data sovereignty,” whereby data belonging to European companies and citizens remains under the EU’s jurisdiction and conforms to the bloc’s strict data protection standards.

This includes the General Data Protection Regulation, Europe’s foremost data privacy and protection legislation that mandates stringent controls over the collection, storage and processing of personal data belonging to EU residents.

DOWNLOAD: EU GDPR Compliance Checklist from TechRepublic Premium

“The AWS European Sovereign Cloud reinforces our commitment to offering AWS customers the most advanced set of sovereignty controls, privacy safeguards, and security features available in the cloud,” Max Peterson, vice president of Sovereign Cloud at AWS, said in a press release.

“With this new offering, customers and Partners across Europe will have more choice to achieve the operational independence they require, without compromising on the broadest and deepest cloud services that millions of customers already know and use today,” noted Peterson in the press release.

AI and shift to public cloud exacerbate data concerns

As businesses shift more of their operations to public cloud platforms, the EU has become increasingly concerned about the storage of sensitive data on servers controlled by non-European entities, as well as the dominance of certain U.S.-based companies in Europe’s cloud market.

The need for some cloud functions to transfer data in and out of the EU has heightened these concerns, particularly the notion that entities outside of the EU might be gaining unauthorized access to data belonging to European customers.

In a similar vein, the EU is also seeking to push through comprehensive legislation around the adoption and use of artificial intelligence in Europe in an effort to keep tabs on how data is gathered and used by AI systems and protect citizens against potentially harmful effects.

Tech giants pressured to appease EU policymakers

AWS isn’t the first big tech company to launch a cloud service designed to appease the data concerns of EU regulators and policymakers, who are putting pressure on U.S.-based tech and software giants to conform with Europe’s new Digital Markets Act and Digital Services Act.

Last year, Microsoft launched Microsoft Cloud for Sovereignty, an integrated cloud service designed for public sector customers with region-specific data governance requirements, with EU customers in mind.

Microsoft also announced a set of European Cloud Principles in May 2022 in response to concerns and criticisms regarding its software licensing practices, in which it affirmed its “focus on providing cloud offerings that meet European government sovereign needs in partnership with local trusted technology providers.”

Likewise, Salesforce launched its somewhat elaborately named Hyperforce EU Operating Zone in March 2023. This is a cloud platform for companies operating under EU regulations that require stricter controls over the access, control and use of their data.

Cybersecurity agencies welcome EU cloud independence

AWS customers and partners that have signed up for the dedicated cloud include a number of German government agencies, including the German Federal Office for Information Security and German Federal Ministry for Digital and Transport, as well as the Czech Republic’s National Cyber and Information Security Agency, the National Cyber Security Directorate of Romania, software company SAP and the professional services and consulting outfits Accenture and Deloitte.

Tomas Krejci, deputy director of the NÚKIB, said in the press release that the topic of data sovereignty and residency was “at the forefront of European and national security debates” and that the launch of an independent European cloud would “provide more heavily regulated organizations, such as those in the public sector with an eye on evolving regulation, more choice in their digital sovereignty strategy.”

Meanwhile, Dan Cimpean, director of Romania’s National Cyber Security Directorate, said in the press release the AWS European Sovereign Cloud would “help public and private organizations (in) navigating stringent regulatory requirements to accelerate their transition to the cloud while improving innovation and data security for the benefit of European citizens.”

Customers with specific needs for data isolation and in-country residency will be able to make additional use of AWS Outposts and AWS Local Zones, AWS said.

AWS Outposts bring AWS services directly to on-premises locations, ensuring consistent operations between local and cloud environments, whereas AWS Local Zones are specialized setups placed in customer-chosen locations that reduce the complexity of managing on-premises infrastructure.



Source link