What AWS actually built
On 15 January 2026 AWS opened its European Sovereign Cloud, with the first region in Brandenburg, Germany. This is not a marketing repaint of existing regions. Amazon describes it as a new, independent cloud for Europe, entirely located within the EU and physically and logically separate from other AWS regions, operated exclusively by EU residents with zero operational control from outside EU borders and no critical dependencies on non-EU infrastructure.
The corporate engineering is equally deliberate: a new parent company with three German GmbH subsidiaries led by EU citizens, managing directors Stephane Israel and Stefan Hoechbauer, and an advisory board that seats two independent European members, among them a retired French general, alongside three Amazon appointees. More than 90 services were available at launch, with expansion planned to Belgium, the Netherlands and Portugal.
The money underlines the seriousness: 7.8 billion euros committed in Germany, roughly 2,800 jobs supported annually. Whatever one concludes about the sovereignty question, this is the most substantial answer a US hyperscaler has yet given to Europe's concerns.
Brussels published the rubric
Five months later, on 1 June 2026, the European Commission published an explainer of its Cloud Sovereignty Framework, the tool it used to evaluate providers in its own procurement. The framework grades cloud offerings against 48 criteria grouped into eight categories: strategic, legal and jurisdictional, data and AI, operational, supply chain, technological, security and compliance, and environmental sustainability. Results map to SEAL ratings, with SEAL-2 marking the highest level of data sovereignty, SEAL-3 the highest technological autonomy, and SEAL-4 full sovereignty.
This is not a thought experiment. In April 2026 the Commission awarded a 180 million euro contract for sovereign cloud services for EU institutions to four providers, evaluated against exactly these criteria. Sovereignty in Europe now has a scoring sheet, a buyer using it, and real money flowing through it.
The criterion money cannot buy
Read the eight categories against the AWS build and something stands out. Operations, data location, supply chain, technology: these are categories where engineering and investment can move the score, and AWS has visibly engineered for them. The category that resists engineering is legal and jurisdictional, because it asks a question no subsidiary structure changes: who ultimately owns the operator, and which non-EU laws can compel that owner.
That is the axis on which the European debate will keep turning, and recent turbulence around transatlantic data transfer arrangements has only sharpened it. The point here is not that a US-owned sovereign cloud is useless, far from it: for many workloads its guarantees are more than sufficient. The point is that the answer is no longer a yes or a no. It is a grade, and different workloads need different grades.
How to buy cloud after this
The framework hands private buyers a free tool. You do not need to be an EU institution to use the eight categories as your own checklist: classify your workloads by the sovereignty grade they actually require, from marketing site to payroll to the systems a regulator or a crisis could turn into a jurisdiction question. Most companies discover only a thin slice needs the top grades.
Then change one question in vendor conversations. Not: is your cloud sovereign? Every brochure says yes. Instead: against the Commission's Cloud Sovereignty Framework, which SEAL level would this offering reach, and in which category would it score lowest? A vendor who answers precisely is worth shortlisting. A vendor who answers with the word sovereign is telling you the label is doing the work the architecture should do.
Read next: Your Microsoft Renewal Is a Sovereignty Lever · Europe Is Building a Federated Cloud



