Digital sovereignty is not about protectionism. It is about creating the conditions for innovation, trust, and competitiveness in a digital world.

This point was well articulated in a recent piece by Christian Klein, CEO of SAP. When asked about the long-term benefits for Europe getting this right, he said:

“Sovereignty and innovation are complementary objectives. Without secure and accountable frameworks, AI adoption will remain constrained. But if Europe gets digital sovereignty right, it strengthens resilience, competitiveness, and public trust simultaneously.” 

Business context (today)

The current geopolitical situation is highly dynamic, with challenges in three key areas likely to persist over the coming years:

  • Geopolitical fragmentation: ongoing tensions and regional divides increasing uncertainty around trade, technology access, and cross-border collaboration. 
  • Increased exposure to external pressure: though interdependence can create value, it can also introduce points of leverage that organizations cannot fully control.
  • Continued technical dependency: heavy reliance on third-party cloud and AI services can increase exposure to disruption, with operational and reputational consequences.

These shifts are driving a need for stronger control of enterprise IT across four dimensions:

  • Data: Often the most heavily regulated dimension. Controls on data storage and use (in various states) are critical. In Europe, key laws include GDPR, DGA, and DMA; in the US, the US CLOUD Act and FISA; and further afield, examples include China’s National Intelligence Law.
  • Infrastructure: Control of the physical, logical, and operational layers of systems – and where data resides – is central. Jurisdictional exposure is also a key consideration.
  • Operations: Operational sovereignty includes the physical location of the resources that deliver services and whether they have the required security to execute them. Solutions that satisfy data and infrastructure requirements must also ensure people and support functions are located appropriately.
  • Legal: The governing legal framework for data, platforms, and operators is fundamental. Misalignment between operating and governing jurisdictions can  compromise sovereignty, potentially creating conflicts of law across countries.

While additional controls are essential to addressing risks, a potential downside is increased inertia. This inertia can slow change and reduce the value delivered by cloud-enabled SAP platforms.

Agentic AI brings this trade‑off into sharp focus. Choosing a model or third‑party LLM determines where data is processed, who can operate the stack, and which jurisdictions apply, meaning AI sourcing must be central to any sovereign SAP strategy. 

The importance of context: Impact use cases

Digital sovereignty takes a national perspective on IT. When translating that into organizational impact, it’s essential to consider each organization’s specific context. Based on our SAP sovereignty experience, here are example use cases that illustrate typical impacts and considerations – while recognizing that each organization must assess its own circumstances:

  • Global organization involved in national security: A global organizations, head quired in the US, with a global supply chain and some business units undertaking defense work, must balance the sovereign demands of its regulated businesses with the non-sovereign demands of its commercial business. This can lead to a more fragmented SAP landscape, potentially involving multiple partners to balance commoditization and security. Innovation can still be achieved within this operating model through a collaborative ecosystem.
  • A multinational regulated organization in the new energy sector: A multinational organization, headquartered in Europe, may deliver a common suite of products and services under strict regulation. Depending on its requirements, all sovereignty dimensions can be considered together. While this can be perceived as limiting flexibility in SAP delivery, it can also create economies of scale from an edge-to-edge, full-stack perspective – simplifying SAP management and enabling stronger alignment to business outcomes.
  • A European public sector organization: Public sector organizations typically operate within a single national jurisdiction. Depending on the nature of the services they provide, different levels of sovereignty and security will need to be considered. Balancing sovereignty and strict security requirements with structured procurement processes can be challenging, often requiring dedicated solutions across infrastructure, data, and operations to meet legal and jurisdictional requirements.

Not just a beginning, but a continuous journey

For many organizations, SAP is a business-critical application and part of a continuous journey. Each day presents an opportunity to confirm direction and reassess plans based on evolving conditions.

As we look ahead to the opportunities Sapphire will bring, we should not view digital sovereignty as something relevant only to others or as a constraint on innovation. In the context of cloud and SAP, it is part of a continuous journey of delivery and value realization. A key learning from our current engagements is the importance of understanding contexts and being clear about impacts and risks across the different dimensions.

As one of the largest and most experienced SAP systems integrators, and SAP’s first accredited Sovereign partner, Capgemini can help you assess the impact of digital sovereignty on your SAP estate and build a roadmap toward becoming a more autonomous enterprise.