This sounds so weird. Is there a legal requirement for this? Does this offer any type of real protection? Or is there a code of conduct that that intelligence agencies never hire people with foreign nationalities?
This sounds so weird. Is there a legal requirement for this? Does this offer any type of real protection? Or is there a code of conduct that that intelligence agencies never hire people with foreign nationalities?
It sounds like a natural expansion of AWS GovCloud offerings to me. Servicing the US government and it's contractors has been very lucrative for AWS. Taking that successful model into new markets makes sense.
They just forget to mention that the CLOUD Act makes sovereignty impossible as soon as anything of the service is owned or operated by a US company.
The article does not explicitly say it, but it's clearly a defense against the CLOUD Act (https://en.wikipedia.org/wiki/CLOUD_Act); it all makes sense once you add that missing puzzle piece.
The CLOUD Act conflicts with EU laws like the GDPR (AFAIK, this has been confirmed more than once in EU courts already), which means that EU organizations (which have to follow the GDPR) might not be allowed to use USA-owned cloud services, even when the data is completely hosted within the EU, because the cloud service sysadmins might be forced through the CLOUD Act to break the GDPR. Requiring that all employees with a high level of access have EU citizenship and residency makes it much harder for a USA court to pressure them into breaking these EU laws.