EU Sovereign Cloud is Oracle’s sovereign cloud offering, designed for the data laws and requirements of the EU. The following are its key features:
Market trends and regulatory activity in the EU have led to growing commercial and government customer demand for cloud services that are designed for EU data, located in the EU, and operated in the EU. These requirements mitigate the risk of foreign law enforcement reach with respect to regulated data. Overall, data residency requirements have become a greater focus for EU cloud customers.
Any customer can choose to run workloads in EU Sovereign Cloud regions. EU Sovereign Cloud isn’t restricted to customers based or headquartered in the EU.
Oracle Cloud uses realms, which are logical collections of regions. Realms are isolated from each other and don’t share any data.
The EU Sovereign Cloud realm differentiates itself from other cloud offerings by being the only realm that’s designed for EU data, located in the EU, operated entirely by EU residents, and with physical and logical access restricted to EU residents. The Oracle personnel that provide customer support, data center support, and data center operations are located throughout the EU. The hardware and assets used to provide EU Sovereign Cloud are owned, operated, and managed by a separate EU Sovereign Cloud legal entity.
Public sector and commercial customers may select an EU Sovereign Cloud region if their content is required to be hosted in the EU, serviced by EU-based personnel and, as such, in compliance with applicable EU data privacy and sovereignty regulations. Oracle’s service architecture and stringent new governance model for EU Sovereign Cloud are designed so that the EU Sovereign Cloud legal entity operates independently, without the need to transfer customer data outside of the EU.
No, all Oracle Cloud Infrastructure (OCI) commercial regions will be maintained as is. Customers will have the option to choose between the commercial region in Europe and EU Sovereign Cloud regions, depending on their requirements.
The first two data center regions are in Germany and Spain, collocated with current OC1 regions, with separate data halls and caging. These are new regions in a new realm. The realm will consist of two regions at launch, each with a single availability domain. We will continue to evaluate additional locations within the European Union for future region expansion opportunities.
The pricing and selling model for the OCI services in EU Sovereign Cloud regions is identical to that of Oracle’s public cloud realms and uses Oracle’s Universal Credit model, which gives Oracle’s customers the flexibility to use any cloud infrastructure platform services anytime in any Oracle Cloud region. Customers can purchase Oracle Universal Credits using either the pay as you go model or the annual Universal Credit commitment model and are eligible to participate in other customer programs, including Oracle Support Rewards, Oracle Bring Your Own License, and Customer 2 Cloud. Detailed OCI pricing is available here.
The EU Sovereign Cloud realm offers more than 100 of the same OCI services that are available in commercial realms.
Yes, EU Sovereign Cloud will offer Oracle Cloud’s financially backed service commitments.
Legal obligations requiring that data created within a country’s borders remain in that same country and not be transferred outside of the country. The General Data Protection Regulation isn’t a data localization law; data localization laws actually are quite rare in the EU.
Ensuring data sits within a geographical location for whatever reason.
The US Clarifying Lawful Overseas Use of Data (CLOUD) Act specifies how cloud service providers such as Oracle should respond to requests from US law enforcement. Such requests may require the disclosure of data hosted on servers, regardless of whether the servers are located within the US or abroad. For more information about the CLOUD Act and how Oracle handles disclosure requests, please read this blog post.
The European regulation setting forth requirements for handling personal data related to people in the EU. Nonpersonal data isn’t covered by the GDPR but may be addressed under other regulations, such as banking regulations. The GDPR imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The European Data Protection Board (EDPB), composed of representatives of EU national data protection authorities, is charged with ensuring the consistent application of the GDPR across the EU.