As long as there's any American ownership in the chain, this is not to be trusted.

I'm assuming AWS wouldn't fully divest from this European business unit and split it off as a completely separate entity?

The US CLOUD Act says that if Amazon has the technical ability to access those machines, they must do so if the US government asks them to.

So, unless it’s a separate legal entity, and also shares no authentication, software deployment, or related infrastructure with the US part of Amazon, it’s either not providing sovereignty or is being offered in violation of US law.

It’s unclear to me if they’d have to comply with requests to (for example) backdoor their IAM service backend and push the binaries to Europe, or not. (I’m not a lawyer.)

I'm not sure I understand how an American company would be able to provide any service that could be "sovereign European".

How I can imagine it works: Amazon only provides the packaged software, the infra and the ops are officially driven by a 100% European company. AWS probably provides support, but they don't have the encryption keys not any access to the installation.

In theory Amazon could license the stack to a European Operator while having no operative access themselves.

I think this is already done in some cases altough the political reliability has not yet been tested.

I guess the question then becomes: what happens if some future US government pressures Amazon to revoke the license. Unless and until there's a good answer to that, it'd still be better to develop something locally.

If I run your software, you can have no operational control, but you can sneak a root kit or some kind of stuff I dont want to have there

They must have something like this for China, right?

Sort of. AWS operates the China regions more or less like any other region, with oversight by the Chinese holding companies.

The EUSC will be more restricted, similar to GovCloud. Only EU citizens can access/operate it.

Specific example: an alarm fires for your service. If it’s in China, anyone on the team can go look at the logs. If it’s in GovCloud, only teammates who are American can look at the logs. In the EUSC, only Europeans can.

By providing the software to be installed in clusters owned and operated by European companies.

The sovereign cloud spec designed by the folks at France's ANSSI agency is tight.

Whoops, the European company just got bought out by a US entity. Tough luck! [1]

Is this part of the spec? If not, it's as loose as a tent. And by "part of the spec" I mean "all your assets will be forcefully nationalized the second you or a parent company of yours becomes less than X% European owned", where X is well above 50.

[1] https://www.dutchnews.nl/2025/11/dutch-looking-into-conseque...

As a rule of thumb, I wouldn't assume that any scenario you came up with on the spot was overlooked by an agency whose job it is to not overlook complex scenarios, let alone trivially simple ones.

To start with... states can and will absolutely block the sale of strategic national companies to foreign actors. But I'm sure you knew that.

The Microsoft effort was not terrible - run by EU nationals etc but yeah calling it sovereign is optimistic.

And it certainly would not survive strong political pressure from the EU and US governments. Local governments still can be adversely impacted.

Is this new? Microsoft already offer that and I think already for quite a while.