“AWS” is the abbreviation of “Amazon Web Services”. AWS is a subsidiary of the US online retailer Amazon.com, and one of the world’s largest cloud computing providers.
AWS was founded in 2006 and offers its customers an on-demand IT infrastructure, with a focus on enterprises rather than on consumers. Legend has it that AWS was created because Amazon itself needed globally distributed data centres, dynamically expandable capacity and high-availability services as well as interfaces to other applications to run its e-commerce platform. AWS then also made these resources available to third parties.
Today, numerous widely available services such as Dropbox, Netflix, Foursquare or Reddit rely on AWS’s services. AWS is very often also used as a platform from which providers of applications offered in the form of software-as-a-service (SaaS) provide their application and services.
From the perspective of a regulated institution such as a bank or a payment service, AWS’s offers, as well as applications provided by SaaS providers via AWS, must comply with the requirements of EBA or BaFin regarding cloud computing, provided that the institution regards the relevant service/application as a material outsourcing. Institution should be aware that AWS’s standard terms and conditions currently do not meet these requirements. However, AWS’s service portfolio has been extended with special service offerings and additional terms and conditions aimed specifically at institutions. Therefore, institutions should carefully check whether their current or future SaaS provider uses the AWS platform and if so, whether they have established sufficient contractual safeguards with AWS to ensure that any (material) outsourcing which relies on AWS’s resources also complies with the applicable supervisory requirements.