AWS Just Answered Europe’s Concerns About Data Privacy With New $9.2B Sovereign Cloud Initiative

Amazon Web Services (AWS) and SAP are investing nearly $9.2 billion (7.8 billion euros) to build the AWS European Sovereign Cloud, a new infrastructure designed to answer Europe’s strict sovereignty problem with the U.S.

All of the data physically live in Europe are staffed and operated by EU residents and are legally independent from U.S. operations while still able to leverage the trusted tech of AWS.

European regulators have pushed back against U.S. hyperscalers for a long time because they fall under laws like the CLOUD Act, which lets U.S. authorities demand access to data stored anywhere in the world. So even if that data sits in Germany, if it’s on AWS, the U.S. can technically access that information.

Partnering with SAP — the enterprise giant whose software runs banks, supply chains, and HR departments — gives AWS the local tools it needs to provide for European businesses, creating an entirely new stack that still has globally trusted infra behind it.

“By deploying the SAP Sovereign Cloud portfolio on the AWS European Sovereign Cloud, customers gain access to our comprehensive suite of sovereign cloud solutions, further strengthened by our trusted, long-standing partnership with Amazon Web Services,” said Thomas Saueressig, a member of the Executive Board of SAP SE.

AWS’s David Brown added: “SAP and AWS share a mutual vision – we want to ensure that our customers have access to some of the most advanced sovereignty solutions available, so organizations can focus on innovation and driving tangible outcomes.”

The AWS European Sovereign Cloud will first launch by the end of this year in Brandenburg, Germany.

AWS European Sovereign Cloud isn’t the first of its kind, but it’s the clearest signal yet that U.S. hyperscalers are taking Europe’s complaints seriously.

Regulators long argued that U.S. surveillance rules (the CLOUD Act, FISA, and executive orders) provide “insufficient and inadequate consumer data protection of EU citizens.” That means, for years, international AWS clients have been stuck in a tradeoff: Use the best infrastructure and risk their data privacy rights, or stay local and sacrifice scale and performance.

History proves the point: In 2015, the European Court of Justice killed the Safe Harbor deal, which was widely seen as a legal loophole that let U.S. companies legally transfer and store personal data about EU citizens on U.S. soil, in exchange for a promise to follow a set of privacy principles similar to EU standards.

Its replacement, Privacy Shield, didn’t last either after privacy activist Max Schrems argued that the framework was basically meaningless. Even though U.S. companies promised to “self-certify,” the underlying problem — the U.S. government having access — wouldn’t change.

Microsoft v. United States proved that point exactly in 2013, when U.S. law enforcement obtained a warrant and demanded Microsoft provide access to the contents of an email account whose data lived in Ireland.

Microsoft complied to an extent, only willingly offering metadata. It refused to share the actual email contents, arguing that a U.S. warrant should not reach data held overseas. The case went through courts for the next five years until 2018 when Congress passed the CLOUD Act.

AWS Europe Sovereign Cloud may be an enterprise-level answer to a long-running headache from its clients, but mid-tier U.S. hosts should expect tougher questions from their clients, too. They’re going to start asking questions like, “Where does my data live, who can access it, and what laws apply?”

For many clients, the honest answers still won’t be what they want to hear. But AWS’s multibillion-dollar investment only further suggests that sovereignty across all industries will become a requirement among fellow hyperscalers, and likely a standard every provider will eventually have to address.