Cloud Providers Expand European Data Sovereignty Offerings
Microsoft and Amazon Web Services (AWS) have announced significant enhancements to their cloud services aimed at addressing European data sovereignty and compliance requirements. Microsoft is introducing new features such as end-to-end AI data processing within Europe as part of the EU Data Boundary, in-country processing for Microsoft 365 Copilot interactions in select countries, and expanding Azure Local capabilities to support larger, more sovereign private clouds. These measures are designed to reassure European customers amid ongoing concerns about the reach of US laws like the CLOUD Act and shifting geopolitical dynamics, particularly following recent changes in US leadership.
AWS has released a whitepaper detailing the design and objectives of its upcoming AWS European Sovereign Cloud, which will launch its first region in Brandenburg, Germany by the end of 2025. The new infrastructure will feature dedicated physical resources, logical isolation from other AWS regions, independent operational controls, and a distinct EU-based corporate governance structure. Both providers are responding to increasing demand from public sector and highly regulated industries in Europe for greater control over data residency, operational autonomy, and protection from extraterritorial legal requests.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Microsoft announces strengthened data sovereignty measures
Microsoft announced additional measures to strengthen data sovereignty offerings, according to reporting by The Register. The announcement reflects a new public step in Microsoft's sovereignty strategy for customers concerned with data control and jurisdiction.
AWS publishes European Sovereign Cloud overview whitepaper
AWS announced and published an overview whitepaper for its European Sovereign Cloud, outlining its approach to sovereignty for European customers. This marks a formal public disclosure of AWS's sovereign cloud positioning and design principles.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
AWS Launches EU Sovereign Cloud Amid European Data Sovereignty Concerns
Amazon Web Services announced the general availability of its **European Sovereign Cloud**, a physically and logically isolated cloud region designed to meet EU data residency and sovereignty requirements. The offering is operated within the EU by EU-resident staff under a new German parent company, with supporting systems such as **metadata, billing, and identity management** kept inside the EU; AWS said it will start with roughly **90 services** available from Germany and later expand via *Local Zones* in Belgium, the Netherlands, and Portugal, plus *Dedicated Local Zones* for single-tenant, highly sensitive workloads. The launch is positioned as a response to European customer concerns about exposure to **U.S. extraterritorial authorities** (e.g., the **CLOUD Act**) and broader geopolitical risk influencing cloud procurement decisions. Commentary in the accompanying opinion piece frames this as part of a wider “tech dependency” problem in which reliance on U.S.-based providers can become a geopolitical vulnerability, reinforcing why EU organizations are seeking stronger sovereignty controls and alternatives—even as some industry leaders remain skeptical that technical and legal measures (including AWS’s references to protections like the **Nitro System**) can fully eliminate foreign-jurisdiction risk.
Mar 21, 2026
European Push for Digital Sovereignty in Cloud Infrastructure
European governments and organizations are intensifying efforts to achieve digital sovereignty in cloud infrastructure, driven by geopolitical uncertainties and concerns over reliance on American hyperscalers such as Microsoft, Google, and Amazon Web Services. With U.S. policy shifts and potential transatlantic tensions, European leaders are prioritizing the development of domestic alternatives and strategies to ensure control over sensitive data and critical workloads. Despite these ambitions, local cloud providers currently hold only a small share of the market, and experts suggest that a new European hyperscaler is unlikely to emerge soon, with existing players like SAP and Deutsche Telekom each controlling only about 2% of the market. In response to these sovereignty concerns, cloud providers are expanding offerings tailored to regulatory and data residency requirements. Amazon Web Services, for example, has introduced Dedicated Local Zones to provide customers with greater control over data location, security, and compliance, supporting sensitive workloads for public sector and regulated industries. These initiatives reflect a broader trend of cloud service adaptation to meet the evolving needs of European customers seeking to balance operational flexibility with strict sovereignty and compliance mandates.
May 12, 2026
AWS Initiatives for European Cloud Sovereignty and NIS 2 Compliance
Amazon Web Services (AWS) has announced the AWS European Sovereign Cloud, a new independent cloud infrastructure designed to address the unique sovereignty, security, and compliance requirements of European public sector organizations and highly regulated industries. The AWS European Sovereign Cloud incorporates the Sovereign Reference Framework (ESC-SRF), which aligns with governance, operational control, data residency, and technical isolation criteria, and is undergoing independent third-party audits to validate its compliance with European regulatory expectations. AWS is also making the ESC-SRF available through AWS Artifact, enabling customers and partners to build upon these sovereignty controls for their own compliance needs. In parallel, AWS has reaffirmed its commitment to supporting customers in meeting the requirements of the EU's NIS 2 Directive, which aims to strengthen cybersecurity across the Union. As NIS 2 is transposed into national law across EU member states, AWS is working closely with national cybersecurity authorities and customers to ensure robust security practices and compliance. These efforts are part of AWS's broader responsibility to secure digital infrastructure in Europe and to help organizations build resilience and trust in the online environment.
Mar 21, 2026