EU Sovereign Cloud

Oracle EU Sovereign Cloud enables commercial and public sector organizations to place sensitive data and applications in the cloud in alignment with EU data privacy and sovereignty requirements.

NU-MED logo

“We needed to upgrade to our existing on-premises hospital information system (HIS) to enrich the healthcare experience of our patients. The choice of Oracle EU Sovereign Cloud was a clear decision, giving us the flexibility and agility of the cloud coupled with a cloud within the European Union to provide data and infrastructure security for the healthcare data of our patients.”

Piotr Rajski CTO of NU-MED, a leading oncological care provider in Poland, serving 50,000 patients annually through its network of specialized hospitals and centers

Why Oracle EU Sovereign Cloud?

Our new, EU-specific cloud offering enables commercial and public sector organizations to place sensitive data and applications in the cloud in alignment with EU sovereignty requirements.

Same offering, pricing, and experience as the Oracle public cloud

Enforced data security with a unique physically and logically isolated cloud region architecture

An EU sovereign cloud designed and operated for EU digital sovereignty and data privacy

We designed a strong set of technical, organizational, and contractual controls to help address the requirement that your content, including personal information, will not leave the selected EU Sovereign Cloud data center region(s) without your authorization or instruction.

The image shows a map of the EU and highlights the locations of the legal entities based in Ireland, Spain, Germany, Romania, and the Czech Republic that operate the two data centers in Frankfurt and Madrid (also marked).

Organizational controls

Oracle offers unique proven technical features based on real-world experiences

Regions are operated by EU-based legal entities that own the hardware and data center leases and provide the operations and support.

The isolation of the EU Sovereign Cloud realm allows Oracle to restrict support and operations, including physical and logical access to the realm, to EU residents employed by EU legal entities.

The EU-based legal entities are backed by a governance committee to ensure integrity and alignment with current and future regulations.

Two sets of regions are separated by a solid black line, illustrating the physical, logical, and cryptographical separation between EU Sovereign Cloud realms and the other Oracle Cloud public commercial regions.

Technical controls

Oracle offers unique proven technical features based on real-world experiences

New cloud regions form a separate realm to ensure physical, logical, and cryptographical segregation from other regions, and access is granted exclusively to EU legal entity teams for deployment, operation, and security. EU data residency is intrinsic to the platform.

A full stack of cybersecurity solutions on top of the EU Sovereign Cloud realm offers customizable controls to align with audit and compliance requirements. Enhanced encryption and key management options fortify data protection and confidentiality.

Disaster recovery capabilities within the EU Sovereign Cloud realm ensure localized resilience, with each region featuring three fault domains for hardware distribution. This setup enhances reliability and minimizes potential disruptions, bolstering business continuity for customers.

Contractual controls
Three overlapping pages that represent the specific agreements and addendums that EU Sovereign Cloud customers sign.

Contractual controls

EU Sovereign Cloud is supported by specific agreements, such as the data processing agreement, the service description, and a dedicated addendum to the service pillar document.

The contracts outline responsibilities for handling personal information, third-party subprocessors, confidentiality, and security measures. The contracts are designed to help address the requirement that your content will not leave the selected EU Sovereign Cloud region(s) without your authorization or instruction and aim to reduce the risk of unauthorized access by entities or individuals outside of the EU Sovereign Cloud organizations.

Oracle EU Sovereign Cloud features

    • The same 100+ OCI services

      EU Sovereign Cloud offers the same 100-plus cloud services available in OCI commercial regions so enterprises can run all their workloads the same way they can on OCI. There is no need to accept missing cloud services and fewer cloud capabilities to implement a digital sovereignty strategy.

      Oracle Cloud Applications

      Oracle Fusion Cloud Applications will be available in EU Sovereign Cloud soon.

    • The same low prices as commercial regions

      Customers can leverage the power of OCI services in Oracle EU Sovereign Cloud at the same pricing as Oracle commercial cloud regions. In addition, customers can bring over existing agreements, such as Universal Credits and Support Rewards, from Oracle’s other cloud regions.
    • The same financially backed SLAs

      Oracle EU Sovereign Cloud offers the same financially backed SLAs as Oracle’s other cloud regions. Mission-critical workloads demand more than just availability from cloud providers. They also require consistent performance and the ability to manage, monitor, and modify resources at any time. Only Oracle offers end-to-end SLAs covering the performance, availability, and manageability of services.
    • Physically separate

      The EU Sovereign Cloud realm shares no infrastructure with Oracle’s commercial and government regions and has no network connection to Oracle’s other cloud regions.

      Operated separately

      This architecture enables Oracle to carry out customer support and cloud operations using only employees of new EU-based legal entities.
    • Control with less operational overhead

      With a separated cloud realm, customer sovereign cloud deployments can be faster with lower risks of misconfigurations since data residency and EU containment are intrinsic to the cloud architecture. Many other cloud providers rely on complex customer-controlled policies to enforce data residency within their commercial cloud regions.
    • Hold your own keys

      To help customers further secure their data and meet EU data sovereignty requirements, Oracle EU Sovereign Cloud offers access to the new OCI External Key Management and Dedicated Key Management services. Customers’ encryption keys can be created and managed externally to OCI or in a dedicated hardware security module (HSM).
    • Operated within the EU

      Oracle EU Sovereign Cloud data centers are operated by EU-based legal entities created to own the hardware, assets, and data center leases and to support customers using these regions. The EU-based legal entities are established by Oracle to operate EU Sovereign Cloud and have separate governance policies to operate according to EU data privacy and sovereignty requirements.
    • Support and operations within the EU

      Customer support and data center operations are handled within the borders of the EU by EU-resident personnel who are employed by EU-incorporated legal entities. Support and operations processes are separate from Oracle’s global cloud operations.
    • EU and global compliance

      Oracle Cloud aligns with global compliance programs, such as SOC 1, 2, and 3; ISO 27001, 27017, 27018; PCI; and CSA STAR, and regional and industry regulations and programs, such as GDPR, C5, IT-Grundshutz, AgID, EU CoC, and EBA. In addition, Oracle EU Sovereign Cloud aligns with guidance that limits data transfers (such as the Court of Justice of the EU Schrems II ruling and European Data Protection Board guidelines) and monitoring regulations (such as NIS 2). We will extend these as Oracle EU Sovereign Cloud regions become generally available.

OCI’s distributed cloud: Cloud services everywhere you need them

Expanding cloud options for customers with more public cloud, multicloud, hybrid cloud, and dedicated cloud capabilities.

December 14, 2023

Oracle sovereign cloud solutions: Providing transparent review of data access requests

Christopher Marsh-Bourdon , Vice President, Product and Industries, Oracle

In this post, we tackle one of the key drivers of data sovereignty requirements: the jurisdiction and laws that govern your data when operating in the cloud. Much of this discussion stems from the enactment of the 2018 US CLOUD Act . The US CLOUD Act raised questions about how global cloud providers, such as Oracle, evaluate and respond to law enforcement requests, especially regarding data stored or processed in jurisdictions outside the US.

Read the complete post

Get started with OCI’s sovereign cloud solutions

Contact sales

Contact us to learn more about OCI’s sovereign cloud and distributed cloud solutions for private companies or public sector organizations. Let one of our experts help.

  • They can answer questions such as

    • What workloads run best on OCI?
    • How do I get the most out of my overall Oracle investments?
    • How does OCI compare to other providers?

EU Sovereign Cloud

Oracle EU Sovereign Cloud is available in Frankfurt, Germany, and Madrid, Spain. Interested in learning more? Let one of our experts help.

Oracle Cloud Insider

Get the latest industry trends, best practices, and product updates, and be in the know about new training programs and upcoming events.

Get expert perspectives

Learn more about your options in the cloud from industry analysts. They provide detailed, objective perspectives on the latest strategies and solutions.