AWS European Sovereign Cloud in Brandenburg:

How Sovereign is Europe’s Data Really?

Amazon Web Services is putting the “AWS European Sovereign Cloud” into operation in Brandenburg. Cloud campuses are being established in Baruth/Mark and Finsterwalde, initially through leased data centers, prospectively with their own infrastructure. Operations are carried out via a German GmbH, the data centers are located exclusively in the EU, and the staff employed are resident in Europe. The claim is clearly formulated: operation, control, and responsibility are to be entirely European.

The timing is no coincidence. Public administrations, operators of critical infrastructure, and regulated companies are under growing pressure to reduce their digital dependency on non-European providers. Political uncertainties, geopolitical tensions, and the increasing importance of digital infrastructures as a power factor are intensifying this debate. At the same time, the reality of global corporate structures remains – and with it, possibilities for influence that cannot be neutralized solely through regional operating models.

Amazon Web Services points to an organizational and technical decoupling of the new cloud from the global AWS partition. Mustafa Isik, Chief Technologist of the AWS European Sovereign Cloud, emphasizes regional operating models, European legal frameworks, independent processes, and full control by EU-based personnel. These measures address real risks, but they primarily shift responsibilities within a still globally active corporation.

For influence does not arise only through direct data access. It acts through software supply chains, dependencies on security-critical updates, through export controls, through licensing models, and through strategic decisions at the corporate level. Especially cloud infrastructures are highly maintenance and update-dependent. Whoever factually exercises this control decides, in case of doubt, on the ability to act of entire organizations.

Markus Beckedahl, founder and CEO of the Center for Digital Rights and Democracy, therefore speaks of “sovereignty washing.” His criticism is not directed against individual technical protective measures but against the structural initial situation. As long as a European cloud offering remains part of a US corporation, non-European legal and power instruments continue to act – even indirectly, delayed, and not always transparently.

Dennis-Kenji Kipker from the Cyber Intelligence Institute assesses the new AWS structure more differentiated. He recognizes that Amazon goes beyond purely legal constructions and is building actual infrastructure in Europe. At the same time, he points out that sovereignty is only resilient if operation can be maintained independently even in exceptional situations – such as political escalations, supply stops, or restrictions on software updates. It is exactly there that it is decided whether regional control is more than a normal operation promise.

A central role belongs to the Federal Office for Information Security (BSI). BSI President Claudia Plattner supports the design of the security and sovereignty features of the AWS European Sovereign Cloud and announces a close examination of the actual decoupling capability. This explicitly includes protective mechanisms against external control, shutdowns, or technical dependencies. The announced criteria of the EU Cloud Sovereignty Framework could for the first time create a binding evaluation standard that goes beyond marketing statements and also becomes relevant in procurement decisions.

It is precisely here that the decisive point lies: Digital sovereignty does not arise through pleasant-sounding product names but through verifiable criteria, transparency, and consistency. It is not a state but an ongoing process – and it requires political decisions.

In parallel, the view of European providers remains indispensable. OVHcloud from France as well as the German providers IONOS and STACKIT are structurally more independent, even if they often lag behind the large hyperscalers in functional scope, ecosystem, and user convenience. These differences are real. But they are also the result of years of market decisions that have deliberately accepted economies of scale and dependencies.

Digital sovereignty is not a feature that can be bought later. It is a strategic decision – connected with investments, with renouncing convenience, and with the will to systematically strengthen European providers.

The AWS European Sovereign Cloud can be a transitional model. It can reduce risks and increase leeway. It is, however, not an end point. As long as US corporations with “sovereign” offerings primarily secure existing market shares, the accusation of sovereignty washing remains legitimate. All the more important is a critical, independent role for the Federal Office for Information Security – and a digital policy that does not just rhetorically support European cloud ecosystems but structurally prioritizes them.