AWS European Sovereign Cloud: A closer look

Addie (Principal Product Manager, AWS): Thank you so much for joining us today in this session this afternoon. My name is Addie. I'm a Principal Product Manager on the EC2 AWS Digital Sovereignty team.

Joining me today is Lu Wang Luis. Do you want to introduce yourself?

Luis (Lead, EC2 Core Product Management Team): Sure, thanks Addie. Hi everyone, my name is Luis Wang. I lead the EC2 Core Product Management team and my team is also responsible for Digital Sovereignty initiatives across AWS. Super excited to be here to talk about Digital Sovereignty today!

Addie: Thank you, Luis.

Well, welcome to the session "EC2-16: AWS European Sovereign Cloud - A Closer Look." Today in this session, we're gonna talk a little bit about digital sovereignty, its different flavors and dive deeper into our most recent announcement, which is the AWS European Sovereign Cloud.

So let's start by taking a couple of minutes to really unpack what sovereignty means. It means different things to different people. There is no single definition of this term yet. I would say, from what we've seen, we live in a world right now where there's so much uncertainty. It has prompted governments across the world to really go back and rethink how they want to safeguard their critical data infrastructure and also the digital economy.

In the last few years, we've seen heightened focus on this topic by governments across the world, especially in Europe. Some countries have even rolled out regulations around digital sovereignty. For example, in France, there is the "Cloud de Confiance" regulation which indexes pretty heavily on the ownership requirements and the operational autonomy aspects. And then in Germany, you have the C5 regulation which pretty much dictates the requirements for public sector workloads.

The interesting aspect here is that digital sovereignty and its meaning is pretty fragmented across the board and there's no uniform definition or understanding of how it applies to different types of workloads and also how it varies across sectors and verticals.

As we have been speaking with a lot of our customers, we've been trying to understand and really deep dive with them as to what it means to each one of them. Based on some of their inputs, I'm gonna walk you through what we've learned.

The first aspect of this is around data residency. When customers talk about data residency, they want to know where all their data is stored. They want to control where it's stored and also where it's transferred.

The second flavor we see is around operator access restriction. Here, customers are telling us they want to make sure that neither AWS nor any foreign government or entity has access to their data in the cloud.

The third piece is around resiliency and survivability. This has to do with the fact that with the recent geopolitical scenarios, everybody is talking about how they want to sustain their operations despite a disruption, whether it's manmade or natural. When I'm talking about disruptions, it could take the form of a geopolitical crisis, diplomatic crisis, sabotage or even a natural disaster. This flavor speaks to that.

The next one has to do with operational autonomy - the sentiment behind that is customers want to make sure they are fostering their local economy, building skills and infrastructure in their country, and competing at a global scale.

While all of these concepts come together to define digital sovereignty for each customer, what we've realized is that they're concerned they have to choose between the full power of AWS versus other feature limited solutions.

As part of AWS, we firmly believe customers should not have to make that choice. Since day one, we've always believed customers should be in control of their data and have the capabilities and choices to manage and store it in the cloud. That's why last year in November 2022, we released our AWS Digital Sovereignty Pledge.

This pledge is our commitment to offer all AWS customers the widest and most advanced set of sovereignty controls and features available in the cloud. As I said before, sovereignty has been a priority for AWS since the very beginning. We've been working closely with customers, regulators and partners to understand and break down sovereignty and see what capabilities we can build.

If you haven't read the pledge, I highly encourage you to check it out. As part of the pledge, we've committed to meeting customer requirements around having control over data location, verifiable control over data access, encrypting everything everywhere, and building resilience into the cloud.

Ever since we launched this pledge, we've made a series of announcements to support it, as you can see on the screen:

• We launched the AWS KMS External Key Store last year which allows customers to bring external keys and integrate them with AWS.

• We got our AWS Nitro System attestation and included some of the claims we made as part of that into our contractual clauses in August.

• We launched Dedicated Local Zones, a new infrastructure offering which allows specific customers with regulatory needs to manage their data.

• In October, we announced the AWS European Sovereign Cloud.

• Just two days ago, we launched a bunch of capabilities as part of AWS Control Tower with 65 new controls.

I'll start by talking about the data residency piece. As you know, we have the largest global footprint that gives customers flexibility and choice in where they can store data.

To date, we've launched about 32 regions around the world with 102 Availability Zones. We've announced plans for 5 more regions in Canada, Germany, Malaysia, New Zealand and Thailand, which will add more than 15 Availability Zones.

Customers can use AWS services with confidence that their data stays in the region they select. We want to make sure they have visibility into where it's stored and moved.

As part of our most recent announcement tied to the data residency pillar, we launched Dedicated Local Zones - a new infrastructure offering managed by AWS exclusively for customers in a location they specify, like a data center. It provides the same benefits as Local Zones in terms of elasticity, pay-as-you-go pricing, scalability and security. It is powered by AWS Nitro so the security bar is on par with our global regions.

The specific use case is for customers who have regulations warranting their sensitive, critical data to be housed in a facility closer to where they want it.

AWS Control Tower is one of my favorites. It's a simple and efficient way to manage a multi-account AWS environment. It gives you the ability to define, implement and manage governance controls that ensure your data stays in the region you've chosen and doesn't go anywhere else.

I'm excited to share that just yesterday, we launched about 65 new controls as part of Control Tower enhancements. I'll walk through some of them.

Control Tower Guardrails provide preventative and detective controls. One thing they did was ensure EC2 instances use Nitro-based instances.

The most interesting one is the Region Deny Guardrails. This helps ensure your data isn't stored or doesn't flow to any region you didn't select. When turned on, it provides visibility through a dashboard into compliance status.

With this release, Control Tower has gone beyond just Landing Zones and applied it at the organization level. So if you have multiple accounts in your organization and want to ensure they only use the Germany region, this makes sure any new account also complies.

There is an enhanced dashboard with a Digital Sovereignty category to view and monitor these controls.

Our existing regions, Dedicated Local Zones, and European Sovereign Cloud are all powered by the AWS Nitro System. For over 10 years, we've been reinventing the virtualization stack to offload functions into dedicated hardware and firmware.

Nitro is designed to enforce restrictions so nobody, including AWS, can access your data on the host. It maintains integrity and confidentiality.

We had a cybersecurity firm validate our claim that no one at AWS can access customer data on our hosts. They published a report available on our website.

We went one step further - our service terms now state there are no mechanisms by which any AWS employee can take measures to access, modify, copy or extract customer data on Nitro.

External Key Store is an interesting one related to encryption and operator access restriction. It provides another option for customers to manage keys outside of AWS.

It allows integration of external keys with AWS KMS. This is useful where regulations dictate control, retention and ownership of keys for sensitive workloads. It addresses the need to bring your own key.

I'm going to go into some customer stories now to demonstrate how our roadmap is playing out:

Private Bank is the largest financial institution in Ukraine, state owned since 2016.

Before that 31 years of history on the market primary, we are the retail bank with over 20 million retail customers served. We also have a solid SME business or small and medium enterprise supporting them. We are serving up to 50% market share in terms of the payments.

Nobody expected the war. So actually as anyone who was living in there, the same was happening to us and our employees and our branches and our system. So we were confronted with the fact that actually we had the bombs coming from different angles and actually Russian troops entering the country.

So we had to make sure whatever is possible to protect our people and our employees. So they are safe and secure. We also had to actually make sure that our services are available for our clients when you are having a panic and actually without withdraw the cash, you have to make sure that the cash is in ATMs that the branches are operating and actually there's enough cash in the system.

So our role to whenever it was possible to make sure that all the services, electronic way as well in the cash available for our population, we have to focus on making sure that the critical infrastructure, core banking services and core banking systems are secured.

So we decided at the time to migrate to the Amazon after the positive decision of the regulator and National Bank of Ukraine, we actually started the process. Beginning of the March, we had two data centers on premise the war started Russians around, we decided to work with Amazon.

Amazon was actually the primary partner of us helping us to move whatever we had on the premise. First, we started with the critical services and infrastructure components. So within the first two months, we actually migrated all the applications on the critical services and we started to operate with the Amazon cloud.

It was one of the fastest migrations ever happened. So actually, you can imagine the effort sitting on our side and also on the effort on actually inflexibility on the on the Amazon site. And uh luckily in that short period of time, we were able to preserve and protect our business.

So actually without much of the interruptions during the migration with the support of Amazon colleagues and the infrastructure, we simply packed everything that was possible and we placed it in the Amazon. So that was, that was an achievement happily if it didn't impact the the business operations.

So clients were happy, the owner was happy. So the shareholder that we didn't actually stop the operating and the clients as as the people who were dealing with that, I think we were having great success story behind.

So this example, um you know, is a very special one and i say that because there are these perceptions, right? And these are pretty perceptions that have kind of still sticked on or stayed on with customers, right? Who think that hosting your workloads on premise is a lot, lot more, you know, safer secure option, right?

And with this Ukraine Russia story here, I think that's where, you know, it was, it was sort of eye opening for some of the government officials as well, right, to really understand the value that the cloud brings to it.

Um and, and let me kind of walk you through as to like how this kind of came about. So, um initially, right, the Ukraine government had a law which required for governments to host and not just governments but also certain verticals to host their data on on premise.

And one week before the Russian invasion, they actually rolled out a legislation which allowed these governments and also these verticals, rights regulated industry verticals to move to the cloud. And that's when Ukraine, I think put a call out for help and AWS stepped in.

So we established we as in our AWS public sector team and the AWS disaster recovery team came together to work very closely with the Ukraine officials to really understand what type of workloads are we talking about, right?

And they established a project called this project sunflower. And this was, you know, this is what came out of that project sunflower, some of the outcomes that we achieved, um you know, petabytes of data was migrated uh pretty quickly, right of critical workload, government workload data, a lot of records of students right from their, from their degrees to the curriculum, all of that was migrated over to the cloud.

Um you know, folks who had land in Ukraine and they had papers against it. You know, we built an automated system for them to be able to retrieve those records at a later point in time. And then there was also there was a lot of research right by the scientists in Ukraine that they were doing for the measurement of air quality, given the nuclear aspects that were ongoing with this war situation.

So those were like some key key outcomes right, that we we managed to kind of get through with the whole Ukraine government here. So this is one of those examples and I want to walk you through with one more, right?

AXA Germany, it's a global insurer and a wealth manager serving about 90 million customers in more than 50 countries, right? A access digital transformation move to the cloud strategy is what it, you know, they wanted to make sure that they a move to the cloud and b are able to comply with the data protection and regulations that the financial services regulator in Germany has queued up for them, right?

So as part of by leveraging the AWS cloud, AA Germany was easily able to with the complex and changing security requirements which you know, within its heavily regulated industry driven by the German federal financial supervisory authority, the German IT security act 2.0. And the European general data protection act, which I think all of you guys know about.

Um, the third example that I'm going to talk about is the Singapore government. And this is also another special one because, you know, 90% of our product road map is based on customer feedback.

And um actually, as a matter of fact, you know, the whole dedicated local zone offering which we launched in August and i covered a few minutes ago was an outcome of collaboration with the Singapore government, right?

And, and dedicated local zones. As you know, we realize that hey, this probably has potential to be expanded to not just Singapore but other customers who have similar needs. And that's when we decided to extend that offering.

And we actually coined it as dedicated local zones, which we launched recently um with DLZ and Singapore, the approach was not just around sovereign requirements, but it was also they wanted to make sure that they are benefiting from some of the, you know, the cloud aspects, right, which are related to resilience and transparent.

And that's how, you know, the DLZ was born um with DLZs, the Singapore government was able to meet their most stringent data isolation and security requirements um thereby enabling Singapore to run their more sensitive workloads in the cloud securely.

Um so, so these are a couple of examples, right, where, you know, sovereignty cloud, the geopolitical aspects and, and the different requirements that we're hearing from customers across the board all came together.

Um I'm now going to hand over to Louise to walk you guys with the AWS European sovereign cloud and take it away from here, Louise. Thank you.

So, with our uh sovereignty pledge that we announced last year and our sovereign by design capabilities, we really want to enable all of our customers in our commercial regions around the world to be able to benefit from these elevated levels of, of capability.

So as Adi walk through uh Nitro system is a great example of a sovereign by design capabilities that adds additional data protection to our customers, ensuring that AWS has no access to their data that is enabled by default.

And AWS is the only call service provider with such unique capabilities and again, with external key store or control tower, we provide capabilities that allows customers to add additional technical measures uh so that they can meet their unique sovereign needs and dedicated local zone.

Great example of how we work backwards with our customers in partnership with them to tear down additional and some archaic barriers towards cloud adoption.

Um as Andy andy men. Sorry Adam mentioned in his keynote uh the other day, AWS is all about providing the choice and selection for customers to run, you know, foundational models for AI.

In the context of digital sovereignty is not very different either, right? We believe that because there is no single uniform definition. We want to provide customers more choice for them to run. They are highly regulated and sovereign requirement, which is why in October of this year, we announced the AWS European sovereign cloud.

So before we actually dive in uh into what AWS European sovereign cloud is, I do want to show again this light. I know we showed it again before uh earlier.

Um and I want to talk a little bit about our AWS global infrastructure. Um many of, you know, already that our regions today are built in such a way that are physically independent and isolated, right?

Um are the services that run on this region. Most services are also built in such a way that takes no dependencies on other regions. And this is critically important because we don't want any issues from one region to permeate and cause correlated failures in other regions.

So this is a choice by design and it is something that we have been doing at AWS since the very, very early days uh of, of our journey.

Ok. Um our global infrastructure and our excellence here is not just an outcome of, of, of, you know, it's not just a technical one, it's also an operational one. All of these regions around the world today are operated by our globally distributed engineering teams.

So in fact, many of you may not know a lot of our key components and foundational capabilities at AWS is actually built in Europe, right?

Um we have the Nitro system which is building in Europe, our cloud, what services are building in Europe and all of these teams around the world are responsible for servicing operating and supporting our global infrastructure. And that is how we are able to deliver some of the highest resiliency and availability uh of any cloud service provider.

Ok. Now raise of hand who uh here uses more than one region in AWS today. All right, great. I see quite a number of hands.

Um I would imagine you use many regions today with possibly a single set of accounts, right? That allows you to manage your resources across multiple of these regions and also be able to get a single bill from AWS.

Um leveraging various kinds of discount programs like, you know, cross region upfront commitment, bulk purchasing uh discount program that AWS offers. These are possible because uh all of these regions share a single account system and a single billing system.

Ok. So now let's just be, let's take a look at how AWS European sovereign cloud is different. What it is, why do we build it?

Um AWS European sovereign cloud is a new infrastructure offering. It is a new, independent and separate infrastructure from our existing commercial regions and we build it primarily to address the increasing demand from public sector organizations and private enterprises that are running highly regulated work clothes to be able to move to the cloud and meet their unique sovereign requirements.

And primarily when we talk about sovereign requirements here, we often think of two things that comes up in every single conversation. One is customers want added operational autonomy over their cloud infrastructure and second, customers want enhanced data residency uh to meet certain data protection regulations such as GDPR, for example.

Ok. So these are the things that we're trying to solve. Um today, AWS already have a very, very strong presence in Europe. In fact, we have eight AWS regions and the European sovereign cloud is a new addition to that, but it is completely separate and independent from these AWS regions.

Ok. Another key uh important characteristic of the AWS European sovereign cloud is that it is built on decades of experience from AWS operating independent and highly partitioned cloud infrastructure for the most critical workloads in the cloud.

So what do I mean by that when we, when we set out this journey to figure out how do we solve for AWS? Uh so how do we solve for European sovereignty and how can AWS health customers meet those sovereign requirements?

It turned out that we actually didn't need, it didn't need to look very far. It turns out that we have been meeting these requirements for over a decade already.

Uh in the US, AWS has the AWS GovCloud regions for the US government. Uh we also have Top Secret and Secret regions that are used for the intelligence community. All of these capabilities are things that are, are environments that AWS has been operating and running and we know that they are things that we can, you know, we can and we can do those things again because we have the experience to, to, to build and to operate these at scale.

One important thing uh here is that with the AWS European sovereign cloud, this is not, we don't consider like this is not a unique offering. Ok. This is something we've done before.

It is not a snowflake. And the reason that matters is because from the customer's perspective, it means that you get all the same experience, all of your tooling, scripts and automations will just work and you will make it very easy for customers to be able to adopt.

Now, let's look at a little bit at the infrastructure characteristic of the European uh sovereign cloud.

First of all, we plan to launch the European sovereign cloud uh with its first region in Germany. Um and in the future, you know, we expect there might be more regions uh but we don't have anything concrete to share right now.

So the mental model that you can think about it is we have these existing commercial regions that are part of the part of the global commercial cloud infrastructure. And the European sovereign cloud seats side by side as something that is completely separate but dedicated for European sovereignty.

Um it is designed in such a way that like all of our AWS commercial regions, it has multiple availability zones. It comes with AWS Nitro system by default. It has all of the sovereign controls that we just talked about like Control Tower, KMS, External Key Store.

So all of those capabilities will also be available in the European sovereign cloud to provide customer with added level of controls for their workloads.

Um and as you can see here, the European sovereign club will also have its own billing, usage and also IAM systems that are hosted separately, uh and independent from our commercial regions today.

And this is and what this means from a customer standpoint is to use the European sovereign cloud. You will use a different set of accounts and credentials to provision, manage and scale your cloud infrastructure.

And it also means that you will get a separate bill, uh from our European, uh business entities.

Now we've been hearing a lot in Europe. There's been increasing demand for operation autonomy or some people call it operational sovereignty. But the primary motivation of operation autonomy or sovereignty is to address concerns around political instability.

They want to be able to prevent any kind of political sanctions, sabotages and disruptions against their critical uh cloud workloads.

Uh so, I mentioned earlier in our commercial regions today, all of the regions are operated by our globally distributed engineering teams with the European sovereign cloud. What we want to do is give Europeans the full control, the full operational control of this European sovereign cloud.

And what that means is AWS employees who are EU residents who are physically located in the EU will have full control over the operations, full control over the support of this cloud new cloud environment. And that includes customer service, that includes technical support, that includes the day to day management and and and running the services that are hosted in this uh in this region.

And that of course includes also the data center uh operation aspect of it.

Um I mentioned earlier that, you know, we have a lot of engineering teams already present uh in the EU today and with the European staring cloud, we're gonna continue to hire and develop local skills to support these regions and help our customers uh meet their objectives.

Um another differentiator of the European sovereign cloud is around providing enhanced data residency uh uh to our customers.

So you already know that today in our commercial regions, you have full control over your own data. That means you have full control over where you store your content in which region, uh you have full control over where you want to transfer that content and AWS never touches or transfer your content without your consent.

And we give you all the encryption uh capabilities that you need to secure and protect that content. And when I talk about customer content, I generally mean things like content in your S3 bucket in your RDS database in your EC2 instance, for example.

So like the AWS Nitro system is a good example of a capability where we guaran, we make claims that AWS operators have no access to the customer data that are hosted within those two instances. Ok?

But when it comes to sovereignty, there are some customers and some regulators have stricter interpretations of data residency requirements. Beyond that goes beyond actually customer content.

So with the European sovereign cloud, what we set out to do is raise the bar and go above and beyond customer content and include enhanced data, resident controls for what we call customer generated metadata.

Any simple term, customer generated metadata are simply um uh customer inputs and configuration used to run uh uh their a w resources.

So good example, are your IAM users, your IAM roles, your permission, your security policies, your resource labels, such as names and tags with the European sovereign cloud.

All of that, all of that customer gene metadata will now strictly reside within the EU.

Alright, let's talk about infrastructure again.

Um this is uh you know, really one of my favorite topics uh because I think that, you know, AWS we have demonstrated over and over again, sort of like the high bar that we maintain when it comes to, to, to AWS regions and infrastructure design,

Um you know, AWS delivers the highest level of resiliency and availability of any cloud service provider. And that is really uh not an accident since day one, we have, you know, made the deliberate choice that all of our regions around the world, including our commercial regions and of course, including the AWS European sovereign cloud is going to strictly abide to a multi AZ architecture.

Ok. Um and when I say multi AZ, I mean multiple availability zones,

Um an availability zone is a fully isolated partition that is designed to operate independently and an availability zone. When when you zoom in can be comprised of one or more data centers. Ok? That are also physically separated.

And if you zoom in further, you will find that these data centers will each have multiple layers of power networking connectivity, uh redundancies housed within separate facilities.

Uh so, so we really live by that multi AZ architecture and every single infrastructure region that we build will conform to these requirements.

And when we decided to build the AWS sovereign cloud, we also decided that this, we must be able to deliver this level of uh architectural excellence to meet our customers need, which is unlike some of the, you know, many cloud service providers and uh and sovereign clouds out there who claim that they have multiple availability zones. But in reality, they just house everything in a single data center.

So we were able to over many, many years, this is one example where we were able to earn the trust of our customers to run some of the most critical workloads on AWS.

Um because there is no single definition of digital sovereignty, we also don't believe that there's a single solution.

So within AWS, we offer a very wide spectrum, a continuum, we call it of capabilities that allows us to meet customers need where they are both physically technologically operationally and even contractually.

So we talk a lot about the region concept already with our commercial regions, the European sovereign cloud, but there's a lot more.

So for example, Local Zones is an infrastructure concept that places compute storage and network and and databases close to where the end users are in the metro areas. And it also brings additional data residency benefits uh to customers and with AWS Wavelength, it is the same thing. But placing these workloads closer to the five G network.

Customers can also deploy AWS Outposts or AWS Local Zones within their on premises or in any location they choose uh to, to leverage AWS capabilities.

Of course, we have uh our AWS IoT services that allows customers to build smart devices on AWS. And our Snow family of rugged devices allows customers to deploy compute and storage in the most disconnected and remote locations.

The, the key thing that I want you to take away from this is that across this continuum of offerings, we want customers to be able to leverage all of these solutions with the same consistent experience, the same APIs the same consoles because this experience are critical.

So the customer doesn't need to re invent the wheel. They can leverage all the ecosystem of capabilities around AWS to quickly accelerate the cloud journey.

So when we announced European sovereign cloud, um we heard from a lot of customers and regulators that they love the idea. They particularly, they like the EU EU only operate uh operators.

Uh they like the enhanced, you know, metadata residency where where those customer gene metadata is only going to remain within the EU boundary.

Uh but some customer regulator have told us that there are in fact unique regulations and archaic regulations that still demand uh customer data, customer workload to be hosted on premise. Ok.

So we believe that that continuum that you just saw like it's not either or you can use all of these things together.

So one of the very common use cases uh that we see that, that we're hearing with the European sovereign cloud that customers are very much interested is deploying outposts or local zones, either in their existing on prem environment or, or in whatever color or partner side that they, that they would like, right and connect that to andar that to the European.

So and cloud and what that means is they are able to meet the needs from a regulatory standpoint by keeping specific data on site while still being able to get the benefit of EU only operators and the enhanced metadata residency that we talked about earlier.

So to me the best way to really summarize all of this is sort of like a a layered approach where, you know, fundamentally our, our uh industry leading infrastructure um really underpins all of AWS offering, whether it is a commercial regions or our sovereign cloud.

Um they have the same security availability and performance and they have the same experience as well. And on top of that, we layer in our sovereign by design capabilities.

So these are things. Again, we talk about the Nitro system, we talk about KMS, XKS Control Tower with more than 245 controls that allows customers to, to implement guardrails around the workloads on AWS.

And one thing in particular that is really worth mentioning is that whether you're looking at our commercial regions or the European sovereign cloud. One important thing to note is that from a security standpoint, they are the same one is not more secure than the other.

Ok. And in fact, we actually believe that for the most part, for most customers, for most workloads, our commercial region is still the way to go, right?

However, if you are a customer or if you are need to apply for c specific regulations that or or or guidance that requires you to your cloud service provider to have a provide stronger operational control, stronger customer content and metadata control.

Then we have an offering with the European sovereign cloud to meet those additional lay layers of requirements.

Um it is it is not sufficient for me to be standing here and tell you that, hey, AWS European sovereign cloud would meet, would will meet all of your sovereignty requirements.

We need, we need support and buying from the European regulators from the European policy maker, from national cyber security agencies and of course, from the data protection authorities as well.

And that's what we've been doing uh uh for the past several years working closely with these agencies having deep engagement and collaboration taking in those learnings uh to make sure that what we are designing will meet not just the regulations that are existing now, but they are going to come up in the future.

A good example is uh is Germany. So in Germany, uh digital transformation uh uh is a, is a big focus for them right now. And the way to do that for them is adopting the cloud.

We've been working with in Germany with the German cybersecurity agency called BSI for many years already.

Um in fact, uh so BSI is the author of the C5 certification. Um in AWS, it was the first cloud service provider uh to get certified for it. And the C5 as some of you may know, is is pretty influential, not just within Europe, but also uh outside of Europe, like in Asia Pacific, for example, a lot of other national cybersecurity uh agencies takes a lot of inspiration from what they have done.

Um so we partner with them as well on the European sovereign cloud uh in terms of the technical architecture, the design, the operational model, and we look forward to continue uh in working with them on the delivery of the European sovereign cloud and not just with BSI with other agencies like the German DPAs and, and other agencies all across Europe beyond regulate uh regulators.

Um when we announced the European sovereign cloud, we also saw overwhelming support from some of our largest customers and companies in Europe.

Um across a variety of different industries from tel, uh telecommunications, financial services, health care um as well as uh industry leading like consultancies, uh managed service providers and system integrators all welcoming the AWS sovereign cloud as something that can help them address uh more and more sovereign requirements.

And I know that some of the folks are actually here in the audience as well and we look forward to partnering with them on the delivery of this solution.

Um AWS today has over...