Contact →

How it works

AWS European Sovereign Cloud

We design, build, and operate sovereign cloud environments on AWS European Sovereign Cloud compliant with EU law, governed by EU residents, and protected from extraterritorial access. Plus a controlled bridge to keep your existing AWS estate working alongside it.

Talk to a Sovereign Cloud Expert
Large tree with exposed roots spreading across the ground in a natural landscape, symbolizing strong foundations, resilience, and interconnected systems.

Numbers

Built for Sovereign Cloud Operations

Infrastructure, governance, and funding designed for regulated cloud environments

€500K+

MAP 2.0 funding eligibility for qualifying migrations

+27%

CAGR forecast for Sovereign Cloud to 2027 (IDC)

100%

EU-resident operations, support, and technical services

€7.8B

AWS committed investment in European infrastructure, jobs and skills

Talk to an expert

your challenges

Why Standard Cloud Regions Fall Short

GDPR, NIS2, and sector regulations have raised the bar. Region selection alone is no longer a defensible control for regulated workloads.

Assess your readiness
AWS-European-Sovereign-Cloud

US CLOUD Act exposure

Under the 2018 CLOUD Act, US authorities can request data from American companies regardless of where it is stored, including EU-based AWS regions.  
AWS-European-Sovereign-Cloud

GDPR and NIS2 compliance gaps

Standard commercial cloud regions do not satisfy the stricter residency, operator-access, and audit obligations now codified in EU regulation.  
AWS-European-Sovereign-Cloud

No guarantee of EU data residency

For banking, healthcare, and public sector workloads, pointing to a regional endpoint is no longer sufficient proof of data residency.  
AWS-European-Sovereign-Cloud

Outage and geopolitical fragility

The us-east-1 outage of October 19-20, 2025 showed how far a single foreign-controlled partition can cascade into EU operations through shared IAM and STS. 
Rovo-Maintenance-Support-CBTW-Atlassian

No bridge for your existing AWS estate

Moving to a separate partition without a controlled, auditable path back to commercial AWS strands data, identity, and recovery workflows.  

what you get

Sovereign by Design for Compliance, Continuity, and Operational Control

Contact an expert

Governed by EU law

Workloads run in the Brandenburg, Germany partition under a dedicated German parent company. EU-resident operators only, subject to EU law, with full extraterritorial protection.

Working cross-partition bridge

A controlled, auditable backup and recovery path between AWS ESC and standard AWS partitions. Already running in our sandbox.

Sovereign failover by design

Architecture built to keep operating independently of the commercial AWS partition during a major regional outage. Separate AWS Organizations, IAM stack, and in-region billing.

MAP 2.0 funding, fully managed

Migrations above €500K qualify for AWS MAP 2.0. Below that, MAP Lite applies. We run the procurement, the Customer Sign-off, and the two-tranche credit flow: first tranche (25%) at €50K spend, second tranche (75%) at migration completion, with credits calculated on account revenue rather than resource tagging.

Our Approach

Four pillars of digital sovereignty

Our architecture and operating model address each dimension of sovereign cloud:

Talk to an Expert
Data residency and secure data storage icon

Data residency

Where your data lives

  • Geographic storage within EU legal boundaries

  • Cross-border transfer controls at partition level

  • Data classification and handling requirements

  • Jurisdictional control over all access 

Secure operator access and identity control icon

Operator access

Who can reach your data

  • Zero standing access for AWS or any third party

  • Vault-issued short-lived STS credentials, no static IAM

  • Full audit trail on every access attempt

  • Legal protections against unauthorized access

Cloud resiliency and infrastructure continuity icon

Resiliency

What keeps you running

  • Operations independent from commercial partition outage

  • Separate AWS Organizations and billing systems

  • Tested failover path validated in our live sandbox

  • Survivability through geopolitical disruption by design  

perational independence and governance icon

Independence

Who governs the environment

  • Dedicated German parent company, EU leadership

  • EU-only staffing for operations and support

  • Complete compliance documentation chain

  • Full transparency of operations and governance 

Collaboration

Built on Tools Your Team Already Knows

Logo Amazon ECS
Logo AWS Fargate
Logo AWS Lambda
Logo Terraform
Logo Datadog
Logo AWS KMS and Secrets Manager
Logo PostgreSQL RDS

WHY IT MATTERS

“As a global bank, our customer data must be kept within our home country’s legal jurisdiction. We need iron-clad guarantees around data residency, access controls, and audit trails to meet our compliance obligations.”
CBTW, Europe

FAQ

Find the most common answers here

AWS European Sovereign Cloud (ESC) is a separate AWS partition physically located in Brandenburg, Germany, operated under a dedicated German parent company. Unlike a standard EU region, ESC is governed exclusively by EU residents subject to EU law, with an independent control plane, a separate IAM stack, and its own billing systems. It is structurally protected from the US CLOUD Act: because the operating entity is not a US company, US authorities cannot compel data disclosure regardless of where the data is stored.

Not with our approach. We build and operate a controlled, auditable cross-partition bridge between your ESC environment and your existing commercial AWS partition. Your regulated workloads run in the sovereign environment while your broader AWS estate continues to function alongside it. The bridge uses Terraform, HashiCorp Vault, and short-lived STS credentials, with no static IAM and a full audit trail on every cross-boundary operation.

No. ESC is designed as a complement to your existing AWS estate, not a forced replacement. The typical starting point is identifying the specific workloads that carry regulatory risk, those subject to GDPR data residency requirements, NIS2 audit obligations, sector-specific rules, or workloads where CLOUD Act exposure is a board-level concern. We scope the migration around those workloads and build the cross-partition bridge to keep everything else running as-is.

Yes, ESC carries a cost premium over standard AWS regions such as eu-central-1 (Frankfurt). Based on early pricing calculator data, the uplift sits at roughly 15% across common services , New AWS ESC Price Calculator: https://pricing.calculator.aws.eu/#/

AWS Migration Acceleration Program (MAP) 2.0 provides credits to offset the "double-bubble" cost of running old infrastructure and AWS simultaneously during a migration. For ESC migrations, the threshold is €500K in migration scope (meaning the expected AWS revenue from migrated workloads, not consulting fees). Above that, full MAP 2.0 applies with a two-tranche credit model. Below €500K, MAP Lite applies. We manage the entire procurement process on your behalf.

It means no one (not AWS, not CBTW, not any system) holds permanent credentials that could be used to access your environment at any time. Instead, our architecture uses HashiCorp Vault to generate short-lived STS credentials on demand, scoped to the exact operation being performed and expiring automatically after use. Every access attempt is logged in a full audit trail. Through AWS Nitro System Hypervisor Architecture not even AWS can have access to company data.

 

It depends on the scope and complexity of the workloads being moved. A focused migration of one or two regulated workloads can move in weeks. Larger migrations covering multiple teams, data pipelines, and identity systems are typically phased. We start every engagement with a scoping phase to define the migration boundary, assess cross-partition bridge requirements, and produce a phased roadmap before any infrastructure work begins.

The ESC infrastructure is located in Brandenburg, Germany, and is governed by EU law, accessible to organizations across the EU, not only German companies. AWS has committed to also launching new “Sovereign Local Zones” in Belgium, the Netherlands, and Portugal. Early adopters include regulated sectors: EWE AG (energy and telco, 11,000+ employees), Medizinische Universitat Lausitz - Carl Thiem (state medical university, ~1,200 beds), and Sanoma Learning (K12 EdTech, 11 countries, ~25M students). Banking, healthcare, public sector, and critical infrastructure are the primary verticals seeing immediate regulatory pressure.

Ask more infos

get in touch

Start your sovereign cloud conversation

Do you want to scope a migration, evaluate ESC for a specific workload, or try to understand your CLOUD Act exposure? We can clarify this with you.

Collaboration Betters The World is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the information you requested from us. In order to process your request and contact you, please tick box below to consent for the processing of your personal information.