AWS European Sovereign Cloud: A New Standard for Sovereign Cloud in Europe

Amazon Web Services continues to evolve its cloud services to meet the growing expectations of customers and regulators across Europe. The AWS European Sovereign Cloud represents a significant milestone: a fully independent cloud environment designed to address the most stringent sovereignty, regulatory, and compliance requirements for European customers.

This new cloud is purpose-built for public sector organizations and enterprises operating in highly regulated industries such as finance, healthcare, energy, and critical infrastructure. It extends AWS’s global security, privacy, and compliance foundations with additional governance, technical, and operational controls specifically tailored to European sovereignty expectations.

At the core of this initiative is sovereignty—ensuring that data, operations, and decision-making remain under European control while still benefiting from AWS cloud innovation.

Introducing the Sovereign Reference Framework (ESC-SRF)

To provide transparency and assurance, AWS has developed the European Sovereign Cloud – Sovereign Reference Framework (ESC-SRF). This independently validated framework defines how AWS meets sovereignty requirements across multiple dimensions, including:

• Governance independence
• Operational control
• Data residency
• Technical and logical isolation

The ESC-SRF is built by working backwards from real sovereign use cases and mapping each sovereignty requirement to specific controls. These controls are currently undergoing independent third-party audit to validate that their design and operation fully align with AWS sovereignty commitments.

Customers and partners can also use the ESC-SRF as a baseline framework to define and implement additional sovereignty measures tailored to their own regulatory and business needs.

Transparency Through AWS Artifact

To support customer trust and audit readiness, AWS publishes the ESC-SRF within AWS Artifact, AWS’s self-service portal for security and compliance documentation. Through AWS Artifact, organizations can:

• Access detailed sovereignty criteria and control mappings
• Align internal policies and architectures with ESC-SRF controls
• Demonstrate compliance to regulators, auditors, and supervisory authorities
• Build best-practice sovereignty models on top of AWS services

This transparency allows customers not only to meet sovereignty expectations, but in many cases to exceed regulatory requirements.

A Transparent and Independently Validated Sovereignty Model

The ESC-SRF has been developed using input from:

• European customers
• EU regulatory requirements
• Industry standards and frameworks
• AWS contractual commitments
• AWS partner ecosystem

The framework is industry-agnostic, focusing on foundational sovereignty requirements that apply across sectors. Each sovereignty criterion is implemented through dedicated controls that will be independently validated by third-party auditors.

Key Sovereign Controls Include:

• Independent EU-based AWS corporate structures
• Operations performed exclusively by EU-resident AWS personnel
• Dedicated EU trust and certificate services
• Strict residency for customer data and customer-created metadata
• Technical and operational separation from all other AWS Regions
• Incident response processes operated entirely within the EU

These controls form the foundation of a dedicated AWS European Sovereign Cloud SOC 2 attestation, providing customers with strong, auditable assurances.

How Organizations Can Use the ESC-SRF

The ESC-SRF can be applied both as an assurance model and a design reference framework.

Assurance and Compliance

From an assurance perspective, the ESC-SRF provides end-to-end traceability from sovereignty requirements to technical implementation. Once available, the AWS European Sovereign Cloud SOC 2 report can be used to:

• Support internal and external audits
• Engage with regulators and supervisory authorities
• Reduce ad-hoc evidence requests
• Demonstrate enforceable sovereignty controls

Architecture and Design

From a design perspective, organizations can use the ESC-SRF to:

• Shape sovereign cloud architectures
• Select appropriate AWS configurations
• Define internal governance and operational controls
• Align with regulatory, contractual, and mission-critical requirements

Because the framework is flexible and sector-agnostic, customers can adapt only the criteria relevant to their specific sovereign use cases. The ESC-SRF can also be combined with the AWS Well-Architected Framework to ensure best practices in security, reliability, performance, and operational excellence.

A Strong Foundation for Europe’s Digital Future

The publication of the Sovereign Reference Framework reinforces AWS’s Digital Sovereignty Pledge, delivering transparency, accountability, and independently validated assurances—all designed, implemented, and operated within the European Union.

With the AWS European Sovereign Cloud, organizations can confidently modernize their IT environments while maintaining full control over data, operations, and governance.

As an official AWS partner, Softprom supports customers across Europe in designing, implementing, and operating sovereign cloud solutions on AWS, helping align cloud innovation with regulatory compliance and long-term business strategy.