Amazon Web Services

Cloud IaaSMedium RiskVerified 2026-03-05

Visit website

Overview

Headquarters🇺🇸 USSeattle

US IncorporatedYes

CLOUD Act ExposureYes

Regions (10 in 9 countries)

🇺🇸 US

US East Virginia · Ashburn

US West Oregon · Portland

🇩🇪 DE

EU Frankfurt · Frankfurt

🇮🇪 IE

EU Ireland · Dublin

🇬🇧 GB

EU London · London

🇯🇵 JP

AP Tokyo · Tokyo

🇸🇬 SG

AP Singapore · Singapore

🇦🇺 AU

AP Sydney · Sydney

🇧🇷 BR

SA Sao Paulo · Sao Paulo

🇨🇦 CA

CA Central · Montreal

Compliance & Data

Certifications

✓ SOC 2✓ ISO 27001✓ GDPR✓ HIPAA✓ PCI DSS

Data Types Handled

Application DataLogsPII

Applicable Laws (10)

California Consumer Privacy Act (CCPA/CPRA)California, United States

Applies to businesses meeting revenue or data volume thresholds that handle California residents' data.

Max fine: USD 7,500 per intentional violationvia 🇺🇸 US

UK GDPRUnited Kingdom

UK has its own adequacy decisions separate from the EU. Transfers from the UK follow UK-specific rules.

Max fine: 4% of global annual turnover or GBP 17.5Mvia 🇬🇧 GB

Personal Information Protection and Electronic Documents ActCanada

Organizations must obtain meaningful consent and are accountable for personal information transferred to third parties.

Max fine: CAD 100,000 per violationvia 🇨🇦 CA

CLOUD ActUnited States

Any US-incorporated provider or subsidiary may be compelled to disclose data regardless of where it is stored.

Max fine: Contempt of court penaltiesvia 🇺🇸 US

Act on the Protection of Personal InformationJapan

Cross-border transfers require consent or equivalent protection standards recognized by Japan's PPC.

Max fine: JPY 100M for corporate violationsvia 🇯🇵 JP

Personal Data Protection Act (Singapore)Singapore

Cross-border transfers require comparable protection standards in the receiving country.

Max fine: SGD 1M or 10% of annual turnovervia 🇸🇬 SG

General Data Protection RegulationEuropean Economic Area

Cross-border transfers to non-adequate countries require SCCs, BCRs, or other safeguards.

Max fine: 4% of global annual turnover or EUR 20Mvia 🇩🇪 DE, 🇮🇪 IE

Lei Geral de Protecao de DadosBrazil

International data transfers require adequate protection or specific legal mechanisms.

Max fine: 2% of revenue in Brazil, up to BRL 50M per violationvia 🇧🇷 BR

FISA Section 702United States

US providers may be subject to surveillance orders targeting non-US persons, creating risk for EU data subjects.

Max fine: Contempt of court penaltiesvia 🇺🇸 US

Privacy Act 1988 (Australia)Australia

Organizations must take reasonable steps to ensure overseas recipients handle personal information in accordance with the APPs.

Max fine: AUD 50M or 30% of adjusted turnover (whichever is greater)via 🇦🇺 AU