Geopolitical tensions, regulatory expansion, and the accelerating adoption of artificial intelligence (AI) are redefining Europe’s digital agenda. Digital sovereignty is now seen as a key competitive factor by 83% of companies1. At the same time, SAP transformation is unavoidable. The real leadership question is no longer whether to move to the cloud, but how to balance sovereignty, innovation, and cost efficiency together, workload by workload.
Many organizations using SAP face a clear time-sensitive challenge: SAP ECC 6.0 mainstream support ends in 2027, while extended maintenance until 2030 comes with rising cost and risk—without innovation.
SAP’s portfolio too has evolved. What was originally launched as RISE with SAP is now positioned as SAP Cloud ERP Private, a managed private cloud path to SAP S/4HANA for existing customers. In parallel, GROW with SAP targets net-new or fast-growing organizations with a public cloud-first approach.
But like any journey, the outcome depends on preparation: choose the route (greenfield, brownfield, or hybrid), define the destination (public, private, hybrid cloud), and reduce “luggage” by retiring obsolete systems, processes, and data before migration.
Digital sovereignty is often misunderstood as isolation from global platforms. What it actually means is the ability to exercise effective control over who can access which data, and under what conditions. For SAP landscapes, sovereignty typically rests on three pillars:
Ninety-three percent of German companies consider themselves dependent on foreign digital technologies.2 Sovereignty does not eliminate global partners, but it ensures optionality and strategic autonomy.
Why does sovereignty matter so much right now? Regulation is certainly one factor. European SAP users operate under a dense and growing web of regulations. Any organization processing personal data—effectively all SAP users via HR—must comply with GDPR, NIS-2, DORA, KRITIS, and BSI standards, which directly influence cloud design. Forty-five percent of SAP user organizations report security and privacy concerns when running core workloads in the public cloud.3
But regulation is only a part of the story. The broader context is geopolitical. As the world shifts towards a multipolar order, Europe’s economic strength increasingly depends on technological independence. Heavy reliance on non-European providers creates structural dependencies with unpredictable consequences, particularly in times of political tension. Technology is no longer just an enabler; it is the foundation of sovereignty. Every enterprise increasingly relies on AI capabilities, secure data flows, resilient cloud infrastructure.
Cloud architecture decisions are therefore not merely compliance choices. They are strategic positioning decisions for long-term competitiveness and resilience. For regulated sectors such as public administration, banking, insurance, and energy, the stakes are even higher. Addressing sovereignty early avoids redesigns, contractual friction, and costly operational corrections later.
The strategic breakthrough comes from reframing the question from “Public or private cloud?” to “Which sovereignty level is required per workload?”.
Not every SAP system needs the same level of sovereignty. A development system with anonymized data doesn’t pose the same risk of exposure as a productive finance system with booking-relevant, real-time data. HR payroll data triggers stricter requirements than inventory stock information. That’s why the decisive question isn’t “sovereign or not”, but “which sovereignty level does each workload require?”.
This view changes RISE planning: sovereignty becomes a core design parameter across business transformation (which processes and data are most critical), the operating model (who is responsible for what, incident response, and SLAs), and infrastructure (public, private, or hybrid).
Get it right up front and your journey stays on track.
Hyperscalers such as AWS, Azure, and Google Cloud deliver global scale, rich service ecosystems, and rapid innovation, ideal for non-critical workloads. Yet for sensitive or regulated workloads, sovereignty and operational control can take priority as their mother companies are liable to non-EU data disclosure regulations such as the CLOUD Act.
The most effective answer is multi-cloud: connect the best of both worlds and assign each workload to the right environment. This approach also supports cost discipline. Running everything in a sovereign private cloud may be unnecessary and expensive, while placing everything on a hyperscaler can create compliance and risk gaps. Multi-cloud balances both: maximum sovereignty where required and optimized costs elsewhere.
You can display all external content on the website at this point.
I agree that personal data may be transmitted to third-party platforms. Read more about this in our privacy policy.
Uwe Birkenhauer from T‑Systems and Jan Krueger from Intel Corporation discuss how European data residency and sovereignty requirements are shaping customer cloud strategies, the key criteria for selecting the right infrastructure for RISE with SAP, and the practical steps to ensure a compliant, high‑performance cloud ERP future.
Cloud strategy is a three-dimensional decision space: functionality and scalability, cost efficiency, and sovereignty/security. Seventy-five percent of organizations consider scalability essential to cloud success, while 84% cite cloud cost predictability as a major challenge.4
The fastest way to operate this is to map workloads by sensitivity and scalability. For example: an AI chatbot for a public FAQ page typically uses non-sensitive data and needs high scalability, a good fit for hyperscaler deployment. An SAP finance module may require high data sensitivity, but medium scalability—often better in a sovereign private cloud. A digital health ID involves highly sensitive data; in this case, sovereignty by design becomes non-negotiable.
This workload-based approach turns sovereignty from an abstract debate into a clear architecture and sourcing decision.
The sovereignty debate intensifies with AI. Nearly 80% of companies already use AI. Yet around 75% of global AI compute capacity is located in the United States, about 14% in China, and only roughly 5% in Europe.5
This imbalance reflects a broader cloud dependency: European enterprises remain heavily reliant on US hyperscalers for critical digital infrastructure. Meanwhile, Germany and Europe possess world-leading industrial expertise, high-quality industrial data, and deep engineering know-how. What has been missing is a sovereign, scalable AI infrastructure within our own legal framework.
AI training and inference require massive GPU capacity, low latency, and secure data environments. Without sovereign infrastructure, innovation will not be independent but externally controlled.
This is precisely the gap that the Industrial AI Cloud (IAIC) is designed to close. By providing large-scale GPU capacity hosted in Germany and operated under EU law, it establishes the technological foundation for industrial AI value creation in Europe.
Through the IAIC’s integration with SAP Business Technology Platform (BTP), customers can leverage SAP AI workflows and the AI Foundation in a sovereign way—securely anchoring AI in core business processes while ensuring data remains protected within Germany. SAP’s Chief Customer Officer, Thomas Saueressig has emphasized: “This is about shifting the narrative from risk to opportunity.” 6
The next frontier of RISE with SAP is therefore clear: ERP modernization must lay the foundation not only for cloud transformation, but also for sovereign industrial AI at scale.
Multi-cloud strategies require more than technology—they need operational excellence.
In the RISE with SAP tailored option constellation, SAP is your contractual partner for the RISE overall delivery and licenses, while operations and services are delivered by a certified RISE with SAP Premium Supplier. The right partner translates sovereignty from strategy into execution: hosting models aligned with legal requirements, enforceable access governance, relevant certifications, and end-to-end operations across RISE, non-RISE, and even non-SAP environments.
The objective is consistency—one operating model, clear SLAs, reliable incident management—so that workloads can move to the right platform without compromising compliance, performance, or accountability.
Every journey to SAP Cloud ERP is unique. The decisive course must be set before departure. Define your migration route. Determine sovereignty levels per workload. Align legal, operational, and financial frameworks. Choose a partner capable of delivering sovereignty operationally, not just conceptually.
Organizations that embed sovereignty into their architecture from day one gain more than compliance. They gain control, cost transparency, innovation readiness, and strategic optionality in an uncertain world.
If you are preparing your RISE with SAP transformation journey to SAP Cloud ERP Private, renegotiating SLAs, or redesigning your operating model, now is the time to set the course decisively.
1 Digital Resilience made in Europe, Eurocloud Pulse Check, September 2025, online
2 Europe’s Path to Digital Sovereignty, Bitkom, November 2025, online
3 Cloud Solutions on the Rise, DSAG-ASUG-UKISUG-JSUG Survey, December 2025, report
4 State of the Cloud Report, Flexera, 2025, report
5 The 2025 AI Index Report, Stanford University Human-Centered Artificial Intelligence, April 2025, report
6 Germany's first AI factory for industry officially goes into operation in Munich, Deutsche Telekom, February 2026, press release
