AWS European Sovereign Cloud to be operated by EU citizens
59 comments
·August 4, 2025dabedee
crazygringo
> That's not how sovereignty works.
Actually, it is. It will operate as a subsidiary company based in Europe. That means it's 100% subject to European law, not American law. And being staffed by Europeans means they are immune to any US legal threats. I.e. the US can't compel a European employee to reveal data under a subpoena the way it could compel American citizens.
Amazon remains the owner and controls the technology, yes. But as long as things are encrypted correctly and the hardware is in Europe, the data is secure from the US government. Sure Amazon or any cloud provider could build a back door, but that will eventually be discovered whether by hacker or whistleblower and their reputation will be forever ruined and they'll lose all corporate and government business forever. It's not in Amazon's corporate self-interest to allow a back door like that.
pyrale
> It will operate as a subsidiary company based in Europe. That means it's 100% subject to European law, not American law.
As a subsidiary company, does Amazon retain operational control over that branch?
If so, it's subject to the CLOUD act, and therefore, not compatible with EU rules.
> Amazon remains the owner and controls the technology, yes.
So, basically, the answer is that the EU subsidiary is not independent. Consider Lavabit's story, the US admin would have no issue asking Amazon to trojanize their tech.
> their reputation will be forever ruined
That happened 20 years ago.
> It's not in Amazon's corporate self-interest to allow a back door like that.
They wouldn't have a say in the matter.
crazygringo
> If so, it's subject to the CLOUD act, and therefore, not compatible with EU rules.
I'm assuming the CLOUD act is the entire reason why they're explicitly going with European-only staff.
That way Amazon can honestly say it has no operational control to violate EU law because there's no American employee they can command.
Operational control isn't all-or-nothing. European employees will do whatever Amazon tells them unless it breaks European law, in which case they won't. Amazon is intentionally setting it up in a way that it won't be able to do anything about that.
dabedee
Being "100% subject to European law" doesn't override the parent company's obligations under US law. At best, it creates a legal conflict where AWS must violate either US or EU law. Which one will the US parent company prioritize if/when faced with enforcement actions?
The only way this would work is if the European operation were truly independent & separately owned, no corporate control from the US. But I don't think that's what AWS is proposing.
skissane
> Being "100% subject to European law" doesn't override the parent company's obligations under US law. At best, it creates a legal conflict where AWS must violate either US or EU law. Which one will the US parent company prioritize if/when faced with enforcement actions?
IANAL/etc, but the subsidiary and the parent are different people (legal personhood). The US parent is only responsible for the EU subsidiary’s actions under US law to the extent it has effective control of them. If the parent tells the subsidiary to obey a US legal order, and the management of the subsidiary refuses on the grounds of EU law - then the management of the parent has done what US law requires them to do. The US management might consider firing the EU management and replacing them with new managers - but if the job requirement is “must be willing to break local law”, nobody with an appropriate background is going to apply, so if they fire them they won’t be able to replace them, hence they are legally justified in not firing them.
It is normally true that a wholly-owned subsidiary just does whatever the parent’s executive management demands, but this is one of the rare cases where that generalisation breaks down. (If we consider non-wholly-owned subsidiaries, it becomes a much more common thing.)
crazygringo
> At best, it creates a legal conflict where AWS must violate either US or EU law.
No, that's the whole point of this setup. Amazon will not be violating US law when its European subsidiary says no, we won't respond to your subpoena. It would be if Amazon USA owned the European data centers directly and employed American workers. But it will do neither. The US courts can't compel companies to do things they have no legal authority over. It doesn't matter that Amazon owns the subsidiary -- fundamentally, the subsidiary is a foreign entity.
adrr
Amazon has ownership of the company not a management stake. If you had a startup and filled all your boards seats with only EU board members. That doesn't mean the CEO and other officers are bound by EU law. Sure they could fire CEO and other officers but I bet the bylaws of the company requires officers to be EU citizens.
petcat
The EU is being squeezed by USA and China on all sides whilst staring down the barrel of a Russian invasion on their eastern borders. They're in a really bad place and don't have a lot of options. It's why they were so quick to succumb to Trump's lopsided trade agreement.
blitzar
> It will operate as a subsidiary company based in Europe.
Already was - I pay Amazon Web Services EMEA SARL ("AWS Europe") an entity established in Luxembourg.
> That means it's 100% subject to European law.
Always have been. What is it with tech companies thinking the law doesn't apply to them because muah internet?
> US can't compel a European employee
Courts compel companies not employees, companies get fined and CEOs go to jail for failure to comply.
null
ljm
So Amazon becomes a supranational entity.
You should be ashamed of yourself for shilling for this shit. Curtis Yarvin would be proud.
wkat4242
Yeah this is just window dressing. The NSA will still get their feeds whenever they want.
That said, being fully European doesn't guarantee anything either. They'll just bribe some employees or use an allied intelligence agency within the EU.
tw04
[flagged]
greatgib
At the moment that the thing is operated and owned by an US company, they are subject to the law and will of the US government and so obviously not sovereign.
I'm wondering if someone could sue them for "deceptive marketing statement" under European law.
Sadly a lot of company will pretend to believe the marketing of aws to have an excuse to use aws and pretend to be using a safe sovereign cloud.
Also, I have doubt that the European employees and entities with all access and review to source code, and everything. It will probably be European technician running black box servers in an European data center.
blitzar
> believe the marketing of aws to have an excuse to use aws and pretend to be using a safe sovereign cloud
and pay a premium for the pleasure of course
adamcharnock
This may be blindingly obvious, but I’m going to say it anyway: If Amazon was willing to actually give up control of AWS EU, then this kind of announcement would be entirely surplus to requirements. But they will (obviously and rationally) not be giving up control of AWS EU because that would essentially have to be an act of charity, so they need to dress it up a bit.
(Before hitting ‘add comment’ I’m taking a moment to consider if I’m being overly cynical. But no, I really don’t think I am. But my company does compete with AWS, so that is a bias.)
wkat4242
Well it wouldn't have to be charity. They could just divest or sell it.
It would be a dumb move though because they need a worldwide CDN for customers from other countries outside the EU too.
gitremote
"The Cloud Act is a law that gives the US government authority to obtain digital data held by US-based tech corporations irrespective of whether that data is stored on servers at home or on foreign soil. It is said to compel these companies, via warrant or subpoena, to accept the request."
https://www.theregister.com/2025/07/25/microsoft_admits_it_c...
tensor
But it's still ultimately supporting a US company. The world needs a diversity of companies not just subsidiaries of the same few US companies.
CamperBob2
True. Someone should look into why all these companies tend to be started in the US, and not in the EU.
adamcharnock
I left a comment fairly related to this a while back:
https://news.ycombinator.com/item?id=43465403
But there _is_ also an attitude difference. In terms of willingness to take risks and innovate, the USA does do very well for itself, and I think the UK does ok too. But that cannot be said for the EU countries I’ve lived in. Stable reliable long term safe jobs seem to be more the name of the game, and starting a company is seen as a big and risky commitment. Whereas in the US and UK you can start a company in your lunch break.
It is a generalisation, and I’m part of a wonderful entrepreneurial community here in Munich. But even there everyone says how risk averse European businesses are. I really really wish it wasn’t true.
verelo
lol…try hire someone in Germany. You’ll get it in about 5 minutes.
Sincerely, someone in Canada who did this.
mschuster91
Hiring someone in Germany is dead easy (assuming the candidate is an EU/EEA citizen - foreigners from outside the EU/EEA are a nightmare because the immigration authorities are swamped in cases). You hand the candidate a contract, ask for a few informations (e.g. tax identifier code, health insurance code) and your accountant (or, if larger, HR dep't) deals with the rest.
The problem is firing someone in Germany, which can be pretty difficult once a company exceeds 5/10 employees. You basically need either cause (e.g. sabotage, theft, other criminal activity) or the company needs to be in dire economic situations.
tensor
I think that's pretty straightforward. The US VC funding is far greater and easier to obtain than in Europe or other western nations. But it's a bit of a chicken and egg scenario. The US VC space exists partly because of the wild success of silicon valley. Once it got a significant lead it became a self re-enforcing system.
To compete, other countries need their own VC system which is a bit tricky. It requires likely a level of government funding or other incentives to get it off the ground and ramping up. Then also, you need to incentivize VCs to stay in your country.
At least my 2cents.
wkat4242
I don't think we should have so much VC anyway. Most of that is just basically gambling. Most of these startups crash and burn. Here in Europe we frown on that, just like we frown on taking out loans and credit cards.
Here in Europe the best credit rating is for the person who's never needed a loan or credit before. It proves they're smart with money. But US citizens have to roll money between credit cards monthly.
The VC in the US mainly existed because interest was so low that money was easy to throw around and see if it stuck. That's no longer the case but these companies are from the time it was.
I don't think we should try to become another America. We don't want unconstrained ratrace capitalism here. And we can never out-US the US (even though China does manage to do that). We should just make alternatives in our own way. Solid with good foundations, play the game by our rules not someone else's.
ay
There’s a “EU Inc” initiative which is aiming to fix things. Fingers crossed.
nradov
They would also need to reform other rules such as bankruptcy.
tzs
It's weird how people here react to the CLOUD Act. The CLOUD Act contains two provisions.
One provision relates to MLATs (mutual legal assistance treaties). An MLAT is an agreement between countries to cooperate on gathering and exchanging information to enforce laws. For example an MLAT might provide a way for police from one country to go to another country to interrogate a suspect who resides in that other country.
The CLOUD Act provided a way for the executive branch to enter into bi-lateral MLATs for data exchange as long as the Attorney General and the Secretary of State agreed that the foreign country had sufficient data access protections for data it received related to US citizens.
Before this entering into an MLAT was done the same way as any other treaty. The executive would negotiate the terms, then the President would sign, then the Senate would vote, and if 2/3s of the Senators voted to ratify the President could then ratify the treaty and exchange instruments of ratification with the other country. Only at that point did the MLAT actually go into effect.
This provision makes it much easier to enter into MLATs for data sharing and it can be done entirely by the executive branch. That's a massively lower barrier than requiring a 2/3 Senate vote.
It was this expansion of MLATs that drew most of the opposition to the CLOUD Act from several major civil rights groups.
Yet I almost never see this aspect of the CLOUD Act come up here. Nearly every time it comes up it is over the other provision.
The other provision said that if a warrant or subpoena asks a US company for data that it possesses or controls it had to provide that data regardless of where it actually is storing the data.
That's how it works for physical documents. For example if I'm in Los Angeles and own two physical documents, one of which is in my vacation house in Florida and the other in my vacation house in France, and a US court orders me to turn over those documents (or copies of them), I have to.
I won't be able to successfully resist by saying the one in France is outside the jurisdiction of the court. That's because the court is not asking France for the document, or trying to order anyone outside the US to do anything. It is ordering me to produce the document, which I can do simply by calling my French housekeeper and asking them to get the document and mail it to me.
Asking my French housekeeper to mail me a document I own from my French vacation house is something legal for me to do. I probably even routinely ship documents to and from France.
If you think about it, it pretty much has to work this other. Otherwise any company that wanted to hide anything from regulators could simply ship any possibly incriminating documents they have but cannot legally destroy to a document storage service in another country once they are no longer actively using them.
As far as I know this has never been controversial.
All the CLOUD Act provision on warrants and subpoenas does is say that digital documents work the same way physical documents do.
It is probably actually more important that digital documents work this way than it is for physical documents. With physical documents if I store them in another country they then it is a hassle if I ever need to work with them.
With digital documents it is easy to store everything in another country and instantly make a local copy when I need to work with a document, and when I'm done working save any changes back to the foreign storage and delete local copies.
I'm reasonably sure most other countries either have something equivalent to this part or they have laws that prevent companies in the country from storing documents outside the country. Otherwise it would be standard procedure for companies in the country to store all their digital data outside the country, ideally somewhere that does not have an MLAT with their home country. That way as long as they did nothing that drew the attention of regulators or law enforcement in that other country their documents would be out of reach of their home country regulators.
phillipseamore
A little BTS from 2 days ago which might imply that this was a very recent decision: https://news.ycombinator.com/item?id=44769960
"AWS rescined my offer due to the lack of citizenship"
"At the beginning of June, I had the opportunity to interview at AWS for a Systems Engineer position (working on the EU Sovereign Cloud project)."
timrogers
Interestingly, the title refers to citizens but the body only refers to residents:
> the AWS European Sovereign Cloud is operated only by personnel who are European Union (EU) residents located in the EU, subject to EU law.
anon191928
it also says this in article "we are adding EU citizenship to our hiring requirements "
blitzar
> subject to EU law
Always was. Its telling that they think that they were not previously subject to EU laws when their EU subsidiary did business with someone located in the EU.
mschuster91
> Its telling that they think that they were not previously subject to EU laws when their EU subsidiary did business with someone located in the EU.
The key thing is, at the moment US staff can do admin actions (e.g. SSH into physical hosts). Under this new framework, they can't.
__turbobrew__
As long as the majority ownership of the child company is not within the EU, I would not consider it sovereign. Sovereign implies that ownership and control is wholly within the borders of the EU.
robertclaus
This very much confused me. Isn't the idea behind this movement that Europe doesn't want to be dependent on external companies for critical infrastructure? Won't this just be the equivalent of a shell company completely dependant on Amazon in the US for any future fixes or R&D?
ManBeardPc
If the development is not happening in the EU it is not sovereign. It is a proprietary solution controlled by an US company. If they pull the plug the EU cloud will not receive security updates nor bugfixes or they simply revoke their licenses. Operating in Europe and by Europeans is not enough.
Teocali
As long as one US employee of Amazon has access to this cloud, this cloud is not sovereign.
AWS claims their cloud is "sovereign" and "independent" while remaining owned by a US corp subject to US law (including the CLOUD Act). That's not how sovereignty works. EU citizen operators don't change the fact that the underlying technology, patents, and corporate control remain American. Zero details on pricing, available services, or how they'll handle conflicts between US law and their "sovereignty" promises. For something launching next year, that's concerning.