Amazon\u2019s AWS Control Tower system, designed to let users more easily manage complicated cloud environments with multiple accounts and wide arrays of services, now has 65 new controls and rule sets aimed at managing digital sovereignty concerns.\n\nThe new controls, which the company announced in a blog post on Monday during its week-long re:Invent conference, focus on allowing users to comply with complex regulatory and security requirements in a more programmatic way, adding features like the ability to mandate certain Nitro instance types for particular EC2 hosts, and implementing advanced key management strategies for broader encryption.\n\nControl Tower\u2019s new features also allow for finer control over where, physically, an organization\u2019s data can be stored or sent. Whereas before, the \u201cRegion\u201d system could only be applied to a single landing zone \u2014 Control Tower\u2019s dedicated \u201chome\u201d area for managing governance, risk and compliance (GRC) policy \u2014 users can now mark out regional controls for data based on individual organizational units and accounts globally. This, the company said, makes it easier to customize restrictions on the storage and movement of data.\n\nThis week\u2019s release is the latest step in Amazon\u2019s work toward fulfilling the \u201cAWS Digital Sovereignty Pledge\u201d that it made a year ago \u2014 the company promised last November to offer the \u201cmost advanced set of sovereignty controls and features available in the cloud.\u201d Its Nitro System hypervisor, which underlies its latest EC2 instances, is the centerpiece of these efforts, but other parts of the vast Amazon cloud empire have received updates as well.\n\n\u201cWe launched AWS Dedicated Local Zones, a piece of infrastructure that is fully managed by AWS and built for exclusive use by a customer or community and placed in a customer-specified location or data center,\u201d the company\u2019s blog post read. \u201cAnd more recently, we announced the construction of a new independent sovereign Region in Europe.\u201d\n\nThe rapidity with which compliance and security requirements have grown and become more complicated is the underlying motive for Amazon\u2019s data sovereignty initiative. Specific industries, like utilities, heavy industry, aerospace and healthcare, tend to have strict requirements for control of sensitive data, making it more difficult to take full advantage of cloud technology. Moreover, different jurisdictions, like the EU and US, have quickly evolving regulatory regimes that businesses must stay compliant with.\n\n\u201cMany customers have told us they are concerned that they will have to choose between the full power of AWS and a feature-limited sovereign cloud solution that could hamper their ability to innovate, transform, and grow,\u201d Amazon said.