At AWS, we have always believed that for the cloud to realize its full potential it is essential that you have control over your customer data, such as your workloads on Amazon Elastic Compute Cloud (Amazon EC2) and objects you store in S3. Sovereignty has been a priority for AWS since the very beginning when we were the only major cloud provider to allow you to control the location and movement of your customer data.
Sovereign-by-Design
Our approach to digital sovereignty is to continue to make the AWS Cloud sovereign-by-design—as it has been from day one. We will continue to architect and build AWS and deliver features and controls so that you can use AWS services while meeting your regulatory requirements.
-
Control over the location of your data
You have always controlled the location of your workloads on AWS. You have the choice to deploy your customer data into any of our 31 Regions around the world. With AWS, you control your data by using powerful AWS services and tools to determine where your data is stored, how it is secured, and who has access to it. For example, AWS Control Tower provides preventative, detective and proactive controls to help you meet your data residency requirements.
-
Verifiable control over data access
We have designed and delivered first-of-a-kind innovation to restrict access to customer data. The AWS Nitro System, which is the foundation of AWS computing services, uses specialized hardware and software to protect data from outside access during processing on Amazon EC2. By providing a strong physical and logical security boundary, Nitro is designed to enforce restrictions so that nobody, including anyone in AWS, can access customer workloads on EC2 without your authorization.
-
The ability to encrypt everything everywhere
We give you features and controls to encrypt data, whether in transit, at rest, or in memory. All AWS services already support encryption, with most also supporting encryption with customer managed keys that are inaccessible to AWS operators. We commit to continue to innovate and invest in additional controls and encryption features for our customers to encrypt everything everywhere with encryption keys managed inside or outside the AWS cloud. If you have a regulatory need to store and use your encryption keys outside the AWS Cloud, you can use AWS Key Management Service (AWS KMS) External Key Store.
-
Resilience of the cloud
Control over workloads and high availability are essential in the case of events like supply chain disruption, network interruption, and natural disaster. Each AWS Region is comprised of multiple Availability Zones (AZs), which are fully isolated infrastructure partitions. To achieve high availability, you can partition applications across multiple AZs in the same AWS Region. We also deliver data resiliency capabilities from incremental rollback to reliable disaster recovery with backup and replication to help you meet your recovery point and time objectives (RPO/RTO). For customers that are running workloads on-premises or in intermittently connected or remote use cases, we offer services, such as AWS Outposts and AWS Snow Family, that provide specific capabilities for compute and storage on premises, and in remote or disconnected locations.
Transparency & assurances
At AWS, earning customer trust is the foundation of our business. We understand that protecting your customer data is key to achieving this. We also know that trust must continue to be earned through transparency. We are transparent about how our services process and transfer data. We will continue to challenge requests for customer data from law enforcement and government agencies. We provide guidance, compliance evidence, and contractual commitments so that our customers can use AWS services to meet compliance and regulatory requirements.
At AWS, earning customer trust is the foundation of our business. We understand that protecting your customer data is key to achieving this. We also know that trust must continue to be earned through transparency. We are transparent about how our services process and transfer data. We will continue to challenge requests for customer data from law enforcement and government agencies. We provide guidance, compliance evidence, and contractual commitments so that our customers can use AWS services to meet compliance and regulatory requirements.
Trusted partners
Our partners play a prominent role in bringing solutions to customers. For example, in Germany, T-Systems (part of Deutsche Telekom) offers Data Protection as a Managed Service on AWS. It provides guidance to help ensure data residency controls are properly configured, offering services for the configuration and management of encryption keys and expertise to help guide their customers in addressing their data protection and sovereignty requirements in the AWS Cloud.
AWS Digital Sovereignty Pledge: Control without compromise
Read the AWS Digital Sovereignty Pledge.
