A Parent Company with Three Subsidiaries in Germany and a Leadership Team Focused on European Sovereignty
An American technology giant is shaping its vision for a “European Sovereign Cloud” by establishing an organizational framework that emphasizes local management and European leadership. The parent corporation has formed a new subsidiary structure in Germany, comprising three distinct branches dedicated to infrastructure, research and development, and trust and certification services. The leadership team includes at least one government-appointed security executive and currently features Kathrin Renz as the General Director—a role she fulfills as a citizen of the European Union. Renz’s extensive background includes senior roles at Siemens, where she was responsible for development initiatives, and Nokia, where she presided over the Enterprise division. Presently, she holds the position of Vice President at AWS Industries within the EMEA zone, based out of Munich.
In addition to Renz, a four-member advisory committee has been appointed, with each member ensured to be a citizen of the EU. This governance structure aims to reinforce the project’s commitment to European sovereignty and to integrate local expertise into the cloud initiative.
In-House Personnel and a Dedicated Security Operations Center
To bolster security and operational oversight, the initiative will include a dedicated Security Operations Center (SOC). Specific details about this SOC are sparse; however, it is confirmed that its leader will be an EU citizen. This specialized SOC will operate independently, managing unique IAM (Identity and Access Management) systems and certification authorities exclusive to this cloud environment. It will feature local AWS Direct connectivity points, a distinct DNS infrastructure with server names utilizing only European Top-Level Domains (TLDs), and its proprietary billing and usage measurement systems. The overarching goal is to ensure that all client metadata—such as roles, permissions, tags, and configurations—remains within the European Union, safeguarding data sovereignty and compliance.
Unlike other major cloud providers such as Google and Microsoft, both of which have established local joint ventures in France (S3NS for Google, Bleu for Microsoft), AWS is deliberately focusing on developing a wholly European-centric infrastructure. For deployment within specific countries or for stricter isolation needs, AWS recommends utilizing its Outposts offering or dedicated local zones, ensuring compliance with regional regulations and data sovereignty principles.
This European sovereign cloud project aims for compliance with industry standards such as SOC 1, SOC 2, SOC 3, and the German “SecNumCloud” C5 certification. AWS has committed a substantial investment—nearly €8 billion—over the coming decades, up to 2040, to support the development and expansion of this infrastructure.
At the service level, several key offerings are anticipated to be available at launch, including:
- Compute: EC2, Lambda
- Storage: EBS, EFS, S3
- Networking: VPC, Direct Connect, Route 53, Elastic Load Balancer (ELB)
- Databases: Aurora, DynamoDB, ElastiCache, Neptune, Redshift, RDS
- Analytics: Athena, EMR, Kinesis Data Streams, OpenSearch Service, Glue, Lake Formation
- Artificial Intelligence: Bedrock, SageMaker, Amazon Q
- Security and Compliance: Artifact, Cognito, GuardDuty, IAM, KMS, Secrets Manager, WAF
*Note: This initiative has received approval from various European authorities, including Czech and Romanian cybersecurity agencies (ANSSI), the German federal government’s IT security agency (BSI), and the Finnish Ministry of Finance, as well as commitments from major software vendors like Adobe and SAP.
EU-Based Personnel and a Dedicated Security Infrastructure
The leadership and operational staffing for this cloud project will be composed entirely of EU citizens, emphasizing local participation and control. AWS has also announced plans to establish a dedicated Security Operations Center (SOC), the details of which remain limited, though its head will also be a citizen of the Union. This SOC will implement exclusive IAM policies, certification authorities, and resident infrastructure, including local points of presence (PoPs). The DNS servers of this cloud service will use only European TLDs, further emphasizing data localization. Billing and usage measurement systems will be independent and tailored to meet European privacy and security standards. Crucially, the project promises that the metadata generated by clients—such as roles, permissions, tags, and configurations—will be stored exclusively within the EU, reinforcing the commitment to data sovereignty and regulatory compliance.
While Google and Microsoft have formed local joint ventures in France (S3NS and Bleu respectively), AWS maintains a broader European focus by developing this all-encompassing sovereign cloud infrastructure at the continental level. For deployments requiring specific country-level isolation or compliance with national regulations, AWS recommends utilizing its Outposts solutions or dedicated local zones, which offer tailored infrastructure within individual countries.
This initiative is committed to achieving adherence to SOC 1, SOC 2, SOC 3 standards, as well as the German “SecNumCloud” C5 certification. AWS has pledged to invest close to €8 billion by 2040 in support of this project, reflecting a significant strategic commitment to the European market and data governance.
Initial services that will be available at launch include:
- Compute Services: EC2, Lambda
- Storage Options: EBS, EFS, S3
- Networking: VPC, Direct Connect, Route 53, Elastic Load Balancer
- Database Solutions: Aurora, DynamoDB, ElastiCache, Neptune, Redshift, RDS
- Analytics Platforms: Athena, EMR, Kinesis Data Streams, OpenSearch Service, Glue, Lake Formation
- Artificial Intelligence and Machine Learning: Bedrock, SageMaker, Amazon Q
- Security and Compliance Tools: Artifact, Cognito, GuardDuty, IAM, KMS, Secrets Manager, WAF
*This project has received validation and support from policy makers and cybersecurity agencies across Europe, including, notably, the Czech and Romanian national security agencies, the German BSI, the Finnish Ministry of Finance, and technology partners such as Adobe and SAP.
