Design goals - Overview of the AWS European Sovereign Cloud

Design goals

Our approach to designing the AWS European Sovereign Cloud is to build upon the sovereign-by-design features of our existing global infrastructure and over a decade of experience operating multiple independent clouds for the most critical and restricted workloads. We designed the AWS European Sovereign Cloud to meet the stringent regulatory, data residency, and operational needs of our customers without compromise to the performance, innovation, security, or scale of the AWS Cloud. The AWS European Sovereign Cloud will be the only fully featured, independently operated sovereign cloud backed by strong technical controls, sovereign assurances, and legal protections designed to meet the needs of European governments and enterprises.

To that end, we are pursuing the following design goals for the AWS European Sovereign Cloud:

  1. The AWS European Sovereign Cloud will be a fully featured AWS Cloud, wholly operated in the EU by qualified EU residents (Qualified AWS European Sovereign Cloud Staff), offering the same scale, features, and functionality of a typical AWS Region. This scale and feature set is essential to offer customers the tools and functionality they need for even their most complex use cases, to provide transparency and auditability for customers' regulators, and to protect customers against real world threats such as distributed denial-of-service (DDoS) attacks, malware, and ransomware.

    Note

    We are gradually transitioning the AWS European Sovereign Cloud to be operated exclusively by EU citizens located in the EU. During this transition period we will continue to work with a blended team of EU residents and EU citizens located in the EU.

  2. Logical and physical access to AWS systems within the AWS European Sovereign Cloud will be restricted to Qualified AWS European Sovereign Cloud Staff located within the EU.

  3. Customer support services will be provided by Qualified AWS European Sovereign Cloud Staff located within the EU.

  4. The AWS European Sovereign Cloud will allow customers to keep their customer-created metadata (such as the roles, permissions, resource labels, and configurations they use to run AWS) in the EU.

  5. The AWS European Sovereign Cloud will be capable of operation without dependency on global AWS systems so that the AWS European Sovereign Cloud will remain viable for operating workloads indefinitely even in the face of exceptional circumstances that could isolate the AWS European Sovereign Cloud from AWS resources located outside the EU, such as catastrophic disruption of transatlantic communications infrastructure or a military or geopolitical crisis threatening the sovereignty of EU member states.

  6. The AWS European Sovereign Cloud will be organized as a corporate entity under EU law, with EU nationals residing in the EU serving as managing directors. The AWS European Sovereign Cloud will also have an independent advisory board. The managing directors and advisory board will both be legally bound to act in the best interest of the AWS European Sovereign Cloud.