A conversation with Thomas Saueressig, Executive Board Member at SAP SE and Head of Customer Services & Delivery.

1. Around the world, governments are rethinking how they protect and govern data. What global forces are making data sovereignty such a pressing issue right now?

Saueressig: Data sovereignty is rising to the top of the global agenda for several reasons. Governments are moving beyond infrastructure-centric approaches toward full digital sovereignty – meaning clear decision rights over data, operations, and compliance while still accessing the best of global cloud and AI innovation. As these technologies become the backbone of economic strength and national security, countries want to capture the benefits without creating new vulnerabilities.

At the same time, rising cyber threats, geopolitical instability, and risks of extraterritorial data access are increasing the pressure for governments to ensure their digital solutions can be trusted. Paired with tightening regulations such as GDPR and NIS2, data sovereignty has moved from a long-term ambition to a near-term necessity – not just for compliance, but for resilience, innovation, and global competitiveness.

2. As nations pursue AI strategies, what role does sovereign cloud solutions play in enabling responsible adoption of advanced technologies?

Saueressig: Sovereign cloud solutions are becoming a foundational enabler for responsible AI adoption. They give governments and organizations confidence that the sensitive data used to train, deploy and govern AI systems stays within trusted jurisdictions and under their own laws and oversight.

This control is essential for meeting strict privacy, security and ethical standards – while still allowing organizations to use cutting-edge cloud and AI technologies without compromising compliance or exposing themselves to geopolitical risks. With the adoption of AI becoming essential for national competitiveness, sovereign digital solutions enable governments to leverage AI innovations without surrendering control over data.

3. Some experts argue that sovereignty isn't just about where data sits, but how it's governed. How do you see sovereignty evolving beyond location toward control of operations, technology and law?

Saueressig: Sovereignty is increasingly defined not only by where data physically sits, but by who controls the full stack. SAP defines digital sovereignty along four interconnected dimensions: data sovereignty, operational sovereignty, technical sovereignty, and legal sovereignty.

Together, this creates full-stack sovereignty across infrastructure, platform, applications, and AI to ensure customers retain full authority over how their data is accessed, processed, and secured. That means data stays within approved geographic boundaries, operations are run locally by security-cleared personnel, systems are designed for control and resilience, and governance is determined by applicable national law. This broader model creates a foundation for secure, compliant innovation without sacrificing choice or control.

4. How does SAP Sovereign Cloud help address challenges, especially for organizations that want to adopt cloud and AI but must do so under strict regulatory or national governance?

Saueressig: For many organizations, the challenge isn't adopting AI, it's adopting AI with the sovereign controls their regulators expect. SAP Sovereign Cloud is built for that reality, enabling customers to use advanced cloud and AI capabilities while keeping sensitive data, operations, and oversight within trusted jurisdictions and under their own law. We're seeing this demand accelerate globally. For example, with the U.S. GSA's recent OneGov agreement, where federal agencies are adopting modern cloud and AI capabilities under strict governance requirements.

SAP gives customers deployment choices across different sovereignty profiles to fit their infrastructure, platform, and software needs, so they can scale on their own terms without compromising control or compliance. These deployments are designed to support customers' obligations under GDPR, NIS2, national laws, and local security standards, so organizations can modernize confidently, knowing that sensitive processes and data are governed within a secure, sovereignty-aligned framework. SAP offers this Sovereign Cloud portfolio in many major markets across the globe.

5. You've described "full-stack sovereignty" as a differentiator. Why is sovereignty across infrastructure, platform, applications and AI increasingly important, rather than focusing on just one layer?

Saueressig: Partial sovereignty, especially hardware-alone approaches, is not enough to be compliant and secure. Sensitive data may sit in a local data center, but if AI models or operations processes require external controls, that sovereignty can be compromised. End-to-end sovereignty across infrastructure, platform, applications, and AI ensures consistency: the same rules, the same controls, and the same transparency apply throughout the entire digital stack.

This gives governments and regulated industries confidence that sensitive processes, data flows, and AI reasoning are all governed under their own laws and operational oversight. Ultimately, full-stack sovereignty creates a trusted environment where advanced cloud and AI capabilities can be adopted without compromising security, innovation, or strategic resilience.

6. What does it take to build sovereignty into software and operations rather than relying solely on physical infrastructure?

Saueressig: This is a "Code over Concrete" approach. Successfully building digital sovereignty requires embedding control, compliance, and transparency into every layer of the stack – from the platform and applications to AI models and workflows. This means defining who can access data, how it is processed, and under which legal and regulatory frameworks, with these rules enforced consistently through software and operational policies.

It also involves robust monitoring, auditability, and governance mechanisms so organizations can demonstrate compliance and maintain trust without compromising efficiency. With SAP Sovereign Cloud, governments and regulated industries can adopt cloud and AI with full control over data, operations, technology, ensuring innovation happens on their own terms. Value is then generated on top of the stack, by applying AI into the flow of work.

7. Looking ahead, what does a "sovereign-by-design" digital ecosystem look like, and how will it shape the next decade of public sector innovation?

Saueressig: A "sovereign-by-design" digital ecosystem gives organizations real freedom of choice. It's not just about building in control, it's about offering options for infrastructure, platforms, services, and technology that align with security or sector-specific priorities. Over the next decade, this flexibility will be transformative for innovation and AI adoption at scale.

Europe's next decade of growth will be shaped by how effectively AI is applied across industries. A "sovereign-by-design" digital ecosystem provides a secure, trusted foundation that supports more resilient public services, digital economies, and trusted innovation frameworks, giving nations the ability to adopt advanced cloud and AI capabilities while protecting their core interests. Digital sovereignty becomes a design principle that empowers choice, agility and responsible innovation.