AWS European Sovereign Cloud (ESC): Pricing, Architecture, and Real-World Limitations at Launch
The AWS European Sovereign Cloud (ESC) has officially launched, marking one of the most significant infrastructure moves AWS has made in Europe in recent years. While much of the public conversation focuses on sovereignty, compliance, and political positioning, the more practical questions remain:
- What does it mean for current customers?
- What is actually available today?
- How does pricing compare to standard AWS regions?
- Where are the real limitations?
This article combines information from hands-on console testing, pricing analysis, and insights from independent technical research to provide a realistic assessment of AWS ESC at launch.
What AWS European Sovereign Cloud really means
AWS ESC is a fully independent cloud environment, physically and logically separated from existing AWS global regions. And if you are already using AWS, you will have to create a separate AWS Organization, and you will get separate billing. The environment is hosted entirely within the European Union and operates under EU jurisdiction.
The first region, located in Brandenburg, Germany (eusc-de-east-1), forms the foundation of this sovereign environment. Future expansion plans include sovereign Local Zones in Belgium, the Netherlands, and Portugal.
European public sector institutions, financial services organizations, healthcare providers, and critical infrastructure operators increasingly require:
- Guaranteed data residency
- Legal independence from non-EU jurisdictions
- Operational continuity without cross-region dependency
- Strict compliance alignment (GDPR, NIS2, DORA, etc.)
Unlike standard AWS commercial regions, ESC operates with:
- EU-based AWS personnel
- Separate control plane
- Separate identity systems
- Independent DNS and routing
- Sovereign billing and metering
Credential Isolation
Hard Boundary: ESC is logically and physically separated from standard global AWS regions.
New Accounts Required: You must sign up for a separate root account
Separate Console: You log in through a different URL: console.amazonaws.eu
No Cross-Region Peering: You cannot "assume a role" from a standard global account into an ESC account.
How IAM and Organizations Work
Isolated IAM Stack: ESC has its own dedicated Identity and Access Management (IAM) system. All authentication, authorization, and IAM metadata (like roles and permissions) remain entirely within the EU.
Independent Organizations: While AWS Organizations are supported, your "ESC Organization" is distinct from your global one.
Limited Federated Admin: Currently, delegated administration for some services is not yet supported, meaning tasks like CloudFormation StackSets must be run from the Management Account.
Service Control Policies (SCPs): These are supported to help you maintain governance across your sovereign accounts.
Even in extreme scenarios, ESC is designed to operate without reliance on other AWS global infrastructure.
Independence from a different perspective
We found AWS’s recent technical webinar insights particularly interesting, especially as these details haven't been widely publicized.
- Dedicated European Trust: Employs a local, EU-based Certificate Authority (CA). All encryption and identity verification are rooted within the EU, ensuring no non-EU entity has technical visibility into encrypted traffic.
- Source Code Continuity: EU-based staff have access to a local replica of the AWS source code. This is a "break-glass" capability that allows local teams to maintain, patch, and secure the infrastructure independently if global support becomes unavailable.
- Dedicated SOC: All security monitoring and incident response are handled by a dedicated Security Operations Centre (SOC) located in the EU. It is staffed exclusively by EU residents, and security telemetry is never shared with the global AWS SOC.
Everyone talks about sovereignty - but what about pricing?
While sovereignty dominates the headlines, pricing is what determines adoption.
We conducted a structured evaluation comparing ESC pricing to eu-central-1 (Frankfurt) to understand the practical impact of sovereign infrastructure.
Early Pricing Findings from the ESC Calculator
AWS has already released a dedicated pricing calculator for the European Sovereign Cloud: AWS ESC8 Pricing Calculator
Several immediate observations emerged:
1. Pricing is displayed in Euros
This aligns with ESC being billed from a European legal entity and simplifies budgeting for European customers.
2. Only Modern EC2 Instance Families
Legacy instance types are absent.
Only current-generation families are available:
- Intel-based (e.g., r6i, c6i)
- Graviton-based
- No AMD-based instances (e.g., r6a)
For customers migrating older workloads, this may require architectural adjustments.
3. No GPU Instances (Yet)
Currently available instance families include: t, c, m, r, i. GPU-based instances are not available.
This restricts:
- Advanced ML training
- GPU-heavy inference workloads
- Certain HPC workloads
4. EBS Pricing Not Fully Integrated
While EBS volumes can be provisioned in the console, EBS pricing does not yet appear fully integrated into the calculator. This is likely temporary but impacts early cost modeling precision.
Pricing Comparison: ESC vs eu-central-1
Currently, there is no Free Tier in ESC. Compared to standard AWS commercial regions, this suggests it is not intended for smaller customers who want to test features for a limited time for free and then switch to pay-as-you-go pricing.
We got this information in February 2026. A structured comparison across common services shows a consistent pattern - approximately 17% price uplift.
ESC’s broad portfolio at launch
One of the most impressive aspects of ESC is the breadth of services available at launch.
Based on pricing tool analysis:
- ~160 services available in eu-central-1
- ~65 services available in ESC
Cloud Foundation Services
This enables a full landing zone and governance frameworks.
- AWS CloudTrail
- AWS Config
- AWS Organizations
- AWS Control Tower
- AWS IAM
Core Application Stack
- Amazon EC2
- Amazon EKS
- Amazon ECS
- Amazon RDS
- Amazon DynamoDB
- AWS Lambda
- Amazon S3
This supports modern application architectures.
AI / ML Services
- Amazon Bedrock
- Amazon SageMaker
Having AI services available at launch signals long-term commitment.
Service feature availability
Several notable gaps exist (February 2026):
AWS Identity Center (SSO)
Currently unavailable. Planned for Q1 2026.
Implication: Multi-account identity strategies must rely on IAM federation alternatives.
Amazon CloudFront
Not available. Planned for late 2026.
Implication: Latency-sensitive or globally distributed architectures require alternative designs.
AWS Developer Tooling (Code*)
Not currently available.
- CodeDeploy - Q2 2026
- CodeCommit, CodeBuild, CodePipeline - Q1 2027
CI/CD must rely on external systems (GitHub, GitLab, Bitbucket).
Operationally manageable, but architecturally relevant.
Amazon Bedrock - Limited Model Selection
Currently supports:
- Amazon Nova Lite
- Amazon Nova Pro
No Claude, Mistral, or Llama models. Advanced features like RAG and fine-tuning are limited.
FAQs
No. ESC is a fully separate cloud environment, not just an additional region like eu-central-1. It operates with its own control plane, accounts, identity systems, and billing.
No direct integration is currently possible. You cannot assume roles, peer VPCs, or share Organizations between global AWS accounts and ESC.
Yes. Early comparisons show roughly a 17% price uplift compared to eu-central-1, and there is no Free Tier at launch.
Primarily highly regulated organizations that require strict EU jurisdiction and operational independence. For most standard commercial workloads, existing AWS EU regions remain sufficient.
Conclusion
It’s clear that AWS has already invested heavily in the current state of ESC, and from what we’ve seen, they plan to invest even more. There are very specific use cases for ESC, and I don’t think everyone should panic and migrate their existing European infrastructure to it. A more realistic first step could be disaster recovery, since ESC provides a completely separate account structure, region, and even political jurisdiction for your infrastructure in case of a major incident.
A Cloud Engineer Intern with hands-on experience in supporting the design, implementation, and optimization of AWS cloud infrastructures. At Stormit he contributes to customer projects across the cloud lifecycle assisting with architecture implementation, cloud migration support, monitoring, automation, and cost optimization initiatives while working closely with senior architects to deliver secure, scalable, and well-architected AWS solutions.
Get to know AWS.
Subscribe to our newsletter.
