Government access to cloud data is one of the most debated topics in the public sector today. In this talk, we’ll explore how AWS handles official data requests in practice, clarify what the U.S. CLOUD Act really means, and separate common myths from legal and technical facts. You will learn how requests are processed exclusively through the Amazon Law Enforcement Request Tracker (LER), which types of authorities can submit them, and how formal international procedures—such as MLATs, Hague Convention channels, and emergency cooperation under the Budapest Convention — apply to requests coming from Germany and the EU. The session also explains the technical safeguards that protect customer data, focusing on AWS Key Management Service (KMS) and why AWS cannot access customer-managed encryption keys, and it highlights the AWS Digital Sovereignty Pledge as a framework for data locality, access controls, and operational independence. Finally, we’ll look at how the new AWS European Sovereign Cloud enforces strict data locality, EU-only access, and full independence from U.S. entities, ensuring compliance with European sovereignty and privacy expectations. By the end of this talk, you will have a clear understanding of how AWS manages government data requests securely and transparently — and what this means for digital sovereignty in Europe.

Level 200. Initial delivery at the pre-evening event for the AWS Public Sector Partner Executive Briefing DACH 2025 in Munich on November 5, 2025. The duration is around 20 minutes, but there are typically many questions, even during the talk. Best to aim for 45 minutes.