(no title)

By setting it up with a European governance structure, Amazon can tell the US government "hey we told them give us the data, but they refused because that would send them to jail under EU law, and they're a legally separate entity so there's nothing we can do."

This is very intentionally not just a regular foreign subsidiary owned by the parent company.

Organize your business and your tech correctly and you can have an owned foreign subsidiary that can comply with local laws. But things would have to be quite separate.

AWS maintains a similar stance, too [0]?

  The CLOUD Act clarified that if a service provider is compelled to produce data under one of the limited exceptions, such as a search warrant for content data, the data to be produced can include data stored in the U.S. or outside the U.S.

Hm. As for AWS, they say that if the customer sets up proper security boundaries [0], they'll ensure will keep their end of the bargain [2][3]:

  As part of the technical design, access to the AWS European Sovereign Cloud physical infrastructure and logical system is managed by Qualified AWS European Sovereign Cloud Staff and can only be granted to Qualified AWS European Sovereign Cloud Staff located in the EU. AWS European Sovereign Cloud-restricted data will not be accessible, including to AWS employees, from outside the EU.

  All computing on Amazon Elastic Compute Cloud (Amazon EC2) in the AWS European Sovereign Cloud will run on the Nitro System, which eliminates any mechanisms for AWS employees to access customer data on EC2. An independent third party (the UK-based NCC Group) completed a design review confirming the security controls of the Nitro System (“As a matter of design, NCC Group found no gaps in the Nitro System that would compromise these security claims”), and AWS updated its service terms to assure customers “there are no technical means or APIs available to AWS personnel to read, copy, extract, modify, or otherwise access” customer content on the EC2 Nitro System.

  Customers also have additional mechanisms to prevent access to their data using cryptography. AWS provides advanced encryption, key management services, and hardware security modules that customers can use to protect their content further. Customers have a range of options to encrypt data in transit and at rest, including options to bring their own keys and use external key stores. Encrypted content is rendered useless without the applicable decryption keys.

  The AWS European Sovereign Cloud will also benefit from AWS transparency protections over data movement. We commit in the AWS Service Terms that access to the EC2 Nitro System APIs is "always logged, and always requires authentication and authorization." The AWS European Sovereign Cloud also offers immutable, validated logs that make it impossible to modify, delete, or forge AWS CloudTrail log files without detection.

[1] https://aws.amazon.com/compliance/shared-responsibility-mode...

[2] https://d1.awsstatic.com/onedam/marketing-channels/website/a...

[3] https://aws.eu/esca/