As Europe navigates geopolitical tensions and regulatory changes, digital sovereignty has emerged as a critical consideration for cloud transformation in SAP, prompting organizations to strategically assess their data control needs and optimize workloads for cost efficiency.
Sovereignty is becoming a leadership decision
Geopolitical tensions, regulatory expansion, and the accelerating adoption of artificial intelligence (AI) are redefining Europe’s digital agenda. Digital sovereignty is now seen as a key competitive factor by 83% of companies1. At the same time, SAP transformation is unavoidable. The real leadership question is no longer whether to move to the cloud, but how to balance sovereignty, innovation, and cost efficiency together, workload by workload.
The end of SAP ECC is not the real disruption
Many organizations using SAP face a clear time-sensitive challenge: SAP ECC 6.0 mainstream support ends in 2027, while extended maintenance until 2030 comes with rising cost and risk—without innovation.
SAP’s portfolio too has evolved. What was originally launched as RISE with SAP is now positioned as SAP Cloud ERP Private, a managed private cloud path to SAP S/4HANA for existing customers. In parallel, GROW with SAP targets net-new or fast-growing organizations with a public cloud-first approach.
But like any journey, the outcome depends on preparation: choose the route (greenfield, brownfield, or hybrid), define the destination (public, private, hybrid cloud), and reduce “luggage” by retiring obsolete systems, processes, and data before migration.
Sovereignty is control, not isolation
Digital sovereignty is often misunderstood as isolation from global platforms. What it actually means is the ability to exercise effective control over who can access which data, and under what conditions. For SAP landscapes, sovereignty typically rests on three pillars:
- Data location: Especially for high-compliance organizations that require EU or Germany-based hosting
- Legal framework: Location alone isn’t enough if providers fall under non-European disclosure laws
- Operational responsibility: Who runs your SAP systems, how access is governed, and how support and administration are controlled across all layers
Ninety-three percent of German companies consider themselves dependent on foreign digital technologies.2 Sovereignty does not eliminate global partners, but it ensures optionality and strategic autonomy.
Regulation is reshaping cloud architecture
Why does sovereignty matter so much right now? Regulation is certainly one factor. European SAP users operate under a dense and growing web of regulations. Any organization processing personal data—effectively all SAP users via HR—must comply with GDPR, NIS-2, DORA, KRITIS, and BSI standards, which directly influence cloud design. Forty-five percent of SAP user organizations report security and privacy concerns when running core workloads in the public cloud.3
But regulation is only a part of the story. The broader context is geopolitical. As the world shifts towards a multipolar order, Europe’s economic strength increasingly depends on technological independence. Heavy reliance on non-European providers creates structural dependencies with unpredictable consequences, particularly in times of political tension. Technology is no longer just an enabler; it is the foundation of sovereignty. Every enterprise increasingly relies on AI capabilities, secure data flows, resilient cloud infrastructure.
Cloud architecture decisions are therefore not merely compliance choices. They are strategic positioning decisions for long-term competitiveness and resilience. For regulated sectors such as public administration, banking, insurance, and energy, the stakes are even higher. Addressing sovereignty early avoids redesigns, contractual friction, and costly operational corrections later.
The real question: Which level of sovereignty per workload?
The strategic breakthrough comes from reframing the question from “Public or private cloud?” to “Which sovereignty level is required per workload?”.
Not every SAP system needs the same level of sovereignty. A development system with anonymized data doesn’t pose the same risk of exposure as a productive finance system with booking-relevant, real-time data. HR payroll data triggers stricter requirements than inventory stock information. That’s why the decisive question isn’t “sovereign or not”, but “which sovereignty level does each workload require?”.
This view changes RISE planning: sovereignty becomes a core design parameter across business transformation (which processes and data are most critical), the operating model (who is responsible for what, incident response, and SLAs), and infrastructure (public, private, or hybrid).
Get it right up front and your journey stays on track.
Multi-cloud: Maximum sovereignty, optimized cost
Hyperscalers such as AWS, Azure, and Google Cloud deliver global scale, rich service ecosystems, and rapid innovation, ideal for non-critical workloads. Yet for sensitive or regulated workloads, sovereignty and operational control can take priority as their mother companies are liable to non-EU data disclosure regulations such as the CLOUD Act.
The most effective answer is multi-cloud: connect the best of both worlds and assign each workload to the right environment. This approach also supports cost discipline. Running everything in a sovereign private cloud may be unnecessary and expensive, while placing everything on a hyperscaler can create compliance and risk gaps. Multi-cloud balances both: maximum sovereignty where required and optimized costs elsewhere.
The sovereign path to RISE with SAP
Uwe Birkenhauer from T‑Systems and Jan Krueger from Intel Corporation discuss how European data residency and sovereignty requirements are shaping customer cloud strategies, the key criteria for selecting the right infrastructure for RISE with SAP, and the practical steps to ensure a compliant, high‑performance cloud ERP future.
