BSI Backs AWS for Sovereign EU Cloud Development
In a significant move for European digital autonomy, Germany’s Federal Office for Information Security (BSI) announced its support for Amazon Web Services (AWS) in the development of its European Sovereign Cloud. The collaboration, confirmed on January 19, 2026, signals a critical step towards establishing cloud infrastructure that adheres to stringent European data sovereignty and security standards, aiming to provide greater control and reduce reliance on non-EU entities for sensitive data and operations.

The BSI states it will closely monitor the technical implementation of AWS’s sovereignty features for its recently launched European Sovereign Cloud. According to the BSI, this oversight will ensure the cloud infrastructure meets defined requirements for digital sovereignty. The BSI also announced its intention to publish general sovereignty criteria, based on the EU Cloud Sovereignty Framework, which will serve as a future assessment basis for cloud solution procurement and certification across Europe.

  • Separate technical infrastructure: Completely decoupled from the global AWS instance (company claim).
  • Independent operation: Including update management, maintenance, and security patches, to be handled by EU residents (company claim).
  • Technical control mechanisms: Designed to protect against data outflow, external control, or shutdown (kill switch) (company claim).
  • Strict update and access controls: To ensure data integrity and security (company claim).

The push for cloud sovereignty in Europe has intensified amid concerns over extraterritorial laws like the U.S. CLOUD Act and a desire to strengthen the EU’s digital strategic autonomy. AWS formally launched its European Sovereign Cloud in mid-January 2026, with its first region in Brandenburg, Germany, and plans for further expansion into Belgium, the Netherlands, and Portugal. While AWS claims its European Sovereign Cloud is physically and logically separate, operated by EU residents, and has no critical dependencies on non-EU infrastructure, some critics, such as Florian Schweitzer, a Cloud Security Expert at Certitude Consulting, question whether the announced separation is sufficient to fully mitigate risks associated with U.S. ownership and legal reach. Other major cloud providers like Microsoft and Google are also developing sovereign cloud offerings to meet these evolving European demands. The European Commission has also initiated a substantial tender for sovereign cloud service providers, reflecting the growing regulatory pressure.

In the coming months, the BSI plans to evaluate how effectively AWS implements the required sovereignty measures. Concurrently, the authority will work towards publishing its general sovereignty criteria, which are expected to standardize the assessment and procurement of cloud solutions throughout the EU. This ongoing evaluation and the forthcoming criteria will be crucial in shaping the landscape for cloud services seeking to meet Europe’s stringent digital sovereignty requirements.

Follow us on Bluesky , LinkedIn , and X to Get Instant Updates

RELATED ARTICLESMORE FROM AUTHOR