The recent launch of the Sovereign European Cloud API (SECA) couldn’t be more timely.
As US commitment to NATO faces political uncertainty, Europe must reassess how it safeguards its digital infrastructure – not just its physical borders.
What is SECA?
SECA isn’t about isolation—it’s about resilience. It’s about building a cloud that speaks fluent EU, respects your boundaries, and doesn’t sneak off with your metadata in the middle of the night.
The Sovereign European Cloud API (SECA) is a new open standard backed by major European cloud providers like IONOS and Aruba, designed to let European clouds work together through a common API. Think of it like the universal translator for cloud providers across Europe.
SECA allows true interoperability between European cloud platforms. It enables organizations to utilize a common workflow across cloud resources and cloud providers, without vendor lock-in, while maintaining full compliance with EU laws and data sovereignty principles.
Why does SECA matter now?
Unfortunately, fear is in the air and the feeling is that the foundation of digital trust is being shaken.
Where your data resides matters – especially if you’re in Europe. U.S.-based hyperscalers (you know the ones) are bound by laws like the CLOUD Act, which gives the United States potential access to European data even if it never crosses the Atlantic. If NATO’s future is up for speculation, so is the reliability of long-standing international partnerships – including where and how sensitive European data is stored. With US-based hyperscalers subject to these laws, European organizations risk foreign access to their data – even if it never leaves EU soil. The Clarifying Lawful Overseas Use of Data Act or CLOUD Act is a United States federal law enacted in 2018, allows U.S. law enforcement to access data held by US-based tech companies, even if the data is stored outside the U.S. That’s a hard pill to swallow if you’re trying to keep sensitive European data… well, European.
SECA offers a European alternative – an open, collaborative model that allows organizations to maintain control over their infrastructure while avoiding the geopolitical entanglements that come with reliance on non-EU providers. It aligns perfectly with existing EU regulations like the Data Act, and it gives European companies a practical, easy to manage path to digital sovereignty.
SECA is in essence Europe’s answer to AWS and Azure – only instead of trying to beat them individually, EU providers are joining forces to create a shared cloud ecosystem where customers can move their data and apps freely across clouds, without lock-in.
SECA is available now from IONOS and Aruba and more cloud providers are to follow shortly.
AWS answer to SECA
The latest from AWS is that AWS European Sovereign Cloud (ESC) is currently in the works. Due to the SECA news, AWS is launching a brand-new, fully isolated AWS Cloud that is physically and operationally located in the EU.
What makes it stand out? It’ll be staffed only by EU-based personnel and designed specifically to meet strict data residency and sovereignty requirements.
Why this matters: Full data stays in the EU – completely outside U.S. jurisdiction (including CLOUD Act protections) – no transfers, no exceptions. This is fully aligned with the upcoming EU Data Act and national security frameworks like BSI and SecNumCloud.
The first region is planned to launch in Germany by the end of 2025, and AWS is investing a massive €7.8 billion into this ESC (European Sovereign Cloud).
So what does this mean, exactly, for cloud IT teams in the EU going forward?
In the long term, all of this bodes well for Cloud IT teams in the EU.
The SECA model was designed by these major European cloud providers with intention to avoid being exclusive. Their goal is to be open and invite additional European cloud providers to join in and help with future innovation and development.
SECA provides Data Classification-Based Security. Data will be classified into four categories and each classification has specific security requirements, ensuring that data is securely stored and processed according to its classification level. This means organizations may use different data storage systems tailored to the security needs of each classification.
SECA also provides Enhanced Security Scope. The model uses the CI3A framework (Confidentiality, Integrity, Availability, Accountability, and Auditability), which extends the traditional CIA triad. This provides a more comprehensive approach to security, addressing the complexities of cloud environments that the CIA triad does not fully cover.
Cloud IT teams can also rest assured that compliance demands going forward will more easily be met. Teams will need their security, threat detection and backup and disaster recovery to meet local laws (GDPR, EU Data Act, ISO 27001, etc) and tools that are integrating with sovereign clouds will be prioritized.
Let’s be clear: SECA isn’t about protectionism – it’s about resilience.
In an age where data is power, control over infrastructure equals control over destiny. SECA shows that Europe can build secure, sovereign, and scalable cloud ecosystems without compromising on innovation, performance or availability.
The time to take European digital independence seriously is now. SECA is a smart step in the right direction.