Actually, it is. It will operate as a subsidiary company based in Europe. That means it's 100% subject to European law, not American law. And being staffed by Europeans means they are immune to any US legal threats. I.e. the US can't compel a European employee to reveal data under a subpoena the way it could compel American citizens.
Amazon remains the owner and controls the technology, yes. But as long as things are encrypted correctly and the hardware is in Europe, the data is secure from the US government. Sure Amazon or any cloud provider could build a back door, but that will eventually be discovered whether by hacker or whistleblower and their reputation will be forever ruined and they'll lose all corporate and government business forever. It's not in Amazon's corporate self-interest to allow a back door like that.
As a subsidiary company, does Amazon retain operational control over that branch?
If so, it's subject to the CLOUD act, and therefore, not compatible with EU rules.
> Amazon remains the owner and controls the technology, yes.
So, basically, the answer is that the EU subsidiary is not independent. Consider Lavabit's story, the US admin would have no issue asking Amazon to trojanize their tech.
> their reputation will be forever ruined
That happened 20 years ago.
> It's not in Amazon's corporate self-interest to allow a back door like that.
They wouldn't have a say in the matter.
The only way this would work is if the European operation were truly independent & separately owned, no corporate control from the US. But I don't think that's what AWS is proposing.
Already was - I pay Amazon Web Services EMEA SARL ("AWS Europe") an entity established in Luxembourg.
> That means it's 100% subject to European law.
Always have been. What is it with tech companies thinking the law doesn't apply to them because muah internet?
> US can't compel a European employee
Courts compel companies not employees, companies get fined and CEOs go to jail for failure to comply.
In which alternate reality is that? This already happened with Snowden's leaks when we learned about Microsoft's, Apple's, and Google's participation in the PRISM program and their market dominance has only grown since then. There were no consequences, the market didn't care, the shareholders didn't care, their customers largely didn't care, and they didn't lose any sleep over it.
Unfortunately this is not how it works. A cynic in me would say just the opposite, looking how Crowdstrike is doing now after causing one of the biggest technological disasters of the decade by their incompetence.
You should be ashamed of yourself for shilling for this shit. Curtis Yarvin would be proud.
That said, being fully European doesn't guarantee anything either. They'll just bribe some employees or use an allied intelligence agency within the EU.
I'm wondering if someone could sue them for "deceptive marketing statement" under European law.
Sadly a lot of company will pretend to believe the marketing of aws to have an excuse to use aws and pretend to be using a safe sovereign cloud.
Also, I have doubt that the European employees and entities with all access and review to source code, and everything. It will probably be European technician running black box servers in an European data center.
and pay a premium for the pleasure of course
(Before hitting ‘add comment’ I’m taking a moment to consider if I’m being overly cynical. But no, I really don’t think I am. But my company does compete with AWS, so that is a bias.)
It would be a dumb move though because they need a worldwide CDN for customers from other countries outside the EU too.
https://www.theregister.com/2025/07/25/microsoft_admits_it_c...
https://news.ycombinator.com/item?id=43465403
But there _is_ also an attitude difference. In terms of willingness to take risks and innovate, the USA does do very well for itself, and I think the UK does ok too. But that cannot be said for the EU countries I’ve lived in. Stable reliable long term safe jobs seem to be more the name of the game, and starting a company is seen as a big and risky commitment. Whereas in the US and UK you can start a company in your lunch break.
It is a generalisation, and I’m part of a wonderful entrepreneurial community here in Munich. But even there everyone says how risk averse European businesses are. I really really wish it wasn’t true.
Sincerely, someone in Canada who did this.
To compete, other countries need their own VC system which is a bit tricky. It requires likely a level of government funding or other incentives to get it off the ground and ramping up. Then also, you need to incentivize VCs to stay in your country.
At least my 2cents.
"AWS rescined my offer due to the lack of citizenship"
"At the beginning of June, I had the opportunity to interview at AWS for a Systems Engineer position (working on the EU Sovereign Cloud project)."
> the AWS European Sovereign Cloud is operated only by personnel who are European Union (EU) residents located in the EU, subject to EU law.
Always was. Its telling that they think that they were not previously subject to EU laws when their EU subsidiary did business with someone located in the EU.
The key thing is, at the moment US staff can do admin actions (e.g. SSH into physical hosts). Under this new framework, they can't.
The CLOUD Act conflicts with EU laws like the GDPR (AFAIK, this has been confirmed more than once in EU courts already), which means that EU organizations (which have to follow the GDPR) might not be allowed to use USA-owned cloud services, even when the data is completely hosted within the EU, because the cloud service sysadmins might be forced through the CLOUD Act to break the GDPR. Requiring that all employees with a high level of access have EU citizenship and residency makes it much harder for a USA court to pressure them into breaking these EU laws.
But ultimately it’s still very much a US hyperscaler.
Would US gov/US big biz entrust their data to huawei if they promise a similar us location based scheme? I think not
One provision relates to MLATs (mutual legal assistance treaties). An MLAT is an agreement between countries to cooperate on gathering and exchanging information to enforce laws. For example an MLAT might provide a way for police from one country to go to another country to interrogate a suspect who resides in that other country.
The CLOUD Act provided a way for the executive branch to enter into bi-lateral MLATs for data exchange as long as the Attorney General and the Secretary of State agreed that the foreign country had sufficient data access protections for data it received related to US citizens.
Before this entering into an MLAT was done the same way as any other treaty. The executive would negotiate the terms, then the President would sign, then the Senate would vote, and if 2/3s of the Senators voted to ratify the President could then ratify the treaty and exchange instruments of ratification with the other country. Only at that point did the MLAT actually go into effect.
This provision makes it much easier to enter into MLATs for data sharing and it can be done entirely by the executive branch. That's a massively lower barrier than requiring a 2/3 Senate vote.
It was this expansion of MLATs that drew most of the opposition to the CLOUD Act from several major civil rights groups.
Yet I almost never see this aspect of the CLOUD Act come up here. Nearly every time it comes up it is over the other provision.
The other provision said that if a warrant or subpoena asks a US company for data that it possesses or controls it had to provide that data regardless of where it actually is storing the data.
That's how it works for physical documents. For example if I'm in Los Angeles and own two physical documents, one of which is in my vacation house in Florida and the other in my vacation house in France, and a US court orders me to turn over those documents (or copies of them), I have to.
I won't be able to successfully resist by saying the one in France is outside the jurisdiction of the court. That's because the court is not asking France for the document, or trying to order anyone outside the US to do anything. It is ordering me to produce the document, which I can do simply by calling my French housekeeper and asking them to get the document and mail it to me.
Asking my French housekeeper to mail me a document I own from my French vacation house is something legal for me to do. I probably even routinely ship documents to and from France.
If you think about it, it pretty much has to work this other. Otherwise any company that wanted to hide anything from regulators could simply ship any possibly incriminating documents they have but cannot legally destroy to a document storage service in another country once they are no longer actively using them.
As far as I know this has never been controversial.
All the CLOUD Act provision on warrants and subpoenas does is say that digital documents work the same way physical documents do.
It is probably actually more important that digital documents work this way than it is for physical documents. With physical documents if I store them in another country they then it is a hassle if I ever need to work with them.
With digital documents it is easy to store everything in another country and instantly make a local copy when I need to work with a document, and when I'm done working save any changes back to the foreign storage and delete local copies.
I'm reasonably sure most other countries either have something equivalent to this part or they have laws that prevent companies in the country from storing documents outside the country. Otherwise it would be standard procedure for companies in the country to store all their digital data outside the country, ideally somewhere that does not have an MLAT with their home country. That way as long as they did nothing that drew the attention of regulators or law enforcement in that other country their documents would be out of reach of their home country regulators.
Appeasing a nationalists appetite is impossible.
