The CEO Corner

Conversation between Aiman Ezzat, CEO Capgemini, and Christian Klein, CEO SAP SE

A common European definition

Having a common definition of digital sovereignty across Europe is essential. Currently, that’s not the case, and this lack of alignment creates uncertainty for public authorities, regulated industries, and technology providers. It directly undermines the adoption of cloud, AI, and mission-critical digital services.

A single, harmonized EU‑wide approach to sovereign cloud would reduce fragmentation, strengthen the single market, and enable providers to scale more efficiently. And in the end, that means better outcomes for European organizations and citizens.

Aiman Ezzat: Digital sovereignty, as I see it, is a country or region’s ability to master key digital technologies and the laws that govern them, so it can independently assess, decide, and act in the digital realm – without having its structural choices dictated by a third party.

The concept spans multiple dimensions: data sovereignty, operational sovereignty, technical sovereignty, and legal sovereignty. Ultimately, it is the freedom – and the capability – to choose your dependencies. For large organizations, the goal is not full autonomy; it is to understand and manage technological dependencies, moving from dependence to resilient interdependence.

When governments and businesses use “digital sovereignty” to mean different things, the debate loses focus and nuance – making it harder to build consensus and take collective action.

When the CEOs of Europe’s largest organizations ask you about digital sovereignty, which risks are they trying to mitigate – and has that changed in the past 12–18 months?

Christian Klein: When I talk with CEOs, the conversation almost always comes back to a few core risks. Over the past 18 months, those risks have only become more urgent.

The first is business continuity. If something goes wrong, it isn’t the infrastructure itself that is exposed, but rather core processes such as supply chains, logistics, finance, and public services.

The second is the broader environment. Geopolitical tension, rising cyberthreats, and increasingly complex regulation are putting a lot of pressure on organizations. Staying secure, compliant, and trusted are top priorities for every company. That means digital dependencies now translate directly into strategic vulnerabilities.

As AI moves into critical decision-making, leaders are asking new questions: Who controls the data? Who governs the models? And how transparent and accountable are the decisions those systems make? This is why digital sovereignty has shifted from a technical topic to becoming a central pillar of Europe’s economic security agenda. And in a volatile environment, SAP helps organizations manage exactly that complexity.

Aiman Ezzat: When European CEOs raise digital sovereignty, the underlying goal is to reduce critical reliance on non-European technologies. The risks they want to mitigate are clear: dependence on a single foreign cloud or software provider; extraterritorial legal exposure (for example, foreign authorities gaining access to sensitive data); and cybersecurity vulnerabilities across critical digital supply chains. Ultimately, they worry that heavy reliance on foreign-owned platforms can erode control over data and operations – or expose them to the consequences of external decisions beyond their influence.

The conversation is now shifting. Where it used to focus on autonomy in specific domains (such as data or cloud), the most frequent question I hear today is: “Can we strengthen our digital sovereignty without losing competitiveness?” CEOs want assurance that they can reduce critical dependencies and protect operations while still accessing best-in-class technology and competing globally. In other words, the central challenge is to balance sovereignty with agility and innovation.

How important is the enterprise software layer in achieving digital sovereignty?

Christian Klein: When we talk about digital sovereignty, the enterprise software layer is absolutely critical, because it’s where everything comes to life. AI agents can look impressive, but without real industry and process knowledge, real data, and real business context, they’re basically just demos. No foundation model delivers that on its own. SAP does. Ultimately, this is what enables the Autonomous Enterprise – where AI is not just an add‑on, but embedded into end‑to‑end business processes, driving decisions, adapting in real time, and operating within clearly governed and sovereign frameworks.

True digital sovereignty requires control across the entire stack: infrastructure, platforms, applications, and AI. And the enterprise software layer is where these elements come together. It’s where business processes run, where data is structured, and where decisions are made.

That’s why enterprise software isn’t just another part of the stack. It’s the layer that connects infrastructure, data, and AI into trusted, end‑to‑end systems. It’s what makes sovereignty real and practical for organizations.

Ultimately, this is what enables the Autonomous Enterprise – where AI is not just an add‑on, but embedded into end‑to‑end business processes, driving decisions, adapting in real time, and operating within clearly governed and sovereign frameworks.

Aiman Ezzat: The enterprise software layer is often underappreciated. Cloud infrastructure and chips are essential, but software is the connective tissue across the digital value chain – it is what links data, processes, and decision-making end to end.

Strengthening this layer is therefore a priority for sovereignty. Open source can bring transparency and flexibility, but it is not a silver bullet for either sovereignty or security. What matters is that software choices – especially for core business functions and data management – preserve control: the ability to switch, to audit, and to operate. For Europe, that means pushing interoperability and portability to avoid lock-in, and ensuring critical software can run in a sovereign environment (for example, security-verified, hosted in Europe, with encryption keys controlled locally). In short, the enterprise software layer is as strategic to sovereignty as cloud and semiconductors.

---

End-to-end sovereignty?

Do you believe true end-to-end European digital sovereignty is achievable? And perhaps more importantly, is it desirable?

Christian Klein: Yes, European digital sovereignty is achievable, as long as we define sovereignty in a practical way. It isn’t about shutting ourselves off or insisting everything needs to be built in Europe. For me, it’s really about having the ability to act, and making sure that critical data is governed under European control, oversight, and decision rights.

Europe can still use the best global technologies while ensuring that data stays here, is managed under European jurisdiction, and fully complies with European regulations. So, the goal here isn’t complete self-sufficiency. It’s about making sure that Europe has the power to govern its digital future.

Aiman Ezzat: : I don’t believe total, end-to-end digital sovereignty – meaning Europe owning every layer of the technology stack outright – is either realistic or desirable. No country or region can control every component of the stack; even the largest players depend on international collaboration and global supply chains. Pursuing absolute self-sufficiency would be impractical and could isolate Europe from innovation happening elsewhere. Europe doesn’t need to own every layer to achieve meaningful sovereignty, but it does need assured access to – and control over – the critical layers.

What is both realistic and desirable is “strategic autonomy”: the ability to choose and manage our dependencies to protect European interests. That means identifying which parts of the digital value chain are truly critical – and designing for resilient interdependence rather than complete independence. In practice, it involves strengthening European capabilities in key domains, building strategic partnerships (both intra-European and transatlantic), and putting robust contingency plans in place. Together, these measures can preserve autonomy and continuity, even in a crisis. That balanced approach is what I call “pragmatic sovereignty.”

Do European consortium approaches to sovereignty work or does Europe need its champions to move independently?

Christian Klein: I think consortium approaches can work extremely well, but only if we show up as one Europe. We need to bring our champions together, rather than expecting any single player to solve sovereignty.

That’s exactly what our expanded Sovereign Technology Partnership with Capgemini is designed to do. Together with other European champions like Mistral AI and Bleu, we’re accelerating cloud and agent‑based AI solutions for Europe’s most critical sectors, including the most regulated ones, such as defense and the public sector.

At the same time, we have to be honest about where things stand. In Europe, it’s still too hard and too slow to create and scale startups. Bureaucracy and fragmentation are holding us back. When public and private players align, you can see how much faster we move when the whole ecosystem pulls in the same direction.

Ultimately, sovereignty in Europe will come from strong, connected ecosystems that combine innovation with trust and can scale across the single market. We’ve already shown we can win. The talent is here, the data is here, the customers are here. What’s missing isn’t capability; it’s speed. In many ways, the message is simple: Europe has the engine. Now we just need to take the handbrake off.

Aiman Ezzat: We are seeing valuable consortium-based approaches in Europe – partnerships where industry and governments come together to build shared “sovereign” solutions. These models can work particularly well in domains such as defense or critical infrastructure. For example, Capgemini co-leads the “Réseau Radio du Futur” consortium with Airbus for France’s Ministry of the Interior, and we also partner with other organizations, such as Thales, on strategic programs (e.g., 5G via satellite). These collective efforts pool European expertise and resources. At the same time, in fast-moving technology domains, Europe’s organizations need the freedom and support to innovate at speed and scale – and to move quickly and independently when required.

From my perspective, it’s not an either/or choice – both approaches are needed. Europe should use consortium models where no single player can succeed alone, or where standard-setting and interoperability are essential. In parallel, Europe must foster and invest in its leading tech firms and startups so they can scale into global champions. Measures such as a “European preference” in public procurement can help by creating a sizeable home market, alongside supportive policy, innovation funding, and – in some cases – cross-border mergers or alliances to build scale. In summary, European sovereignty should combine collaboration where it makes us stronger with independent action where it makes us faster.

---

The regulatory ask

What are your top asks of European regulators? And does today’s regulatory approach enable sovereignty or limit innovation and competitiveness?

Christian Klein: First, I would really like to see a harmonized definition of sovereign cloud across Europe. One standard, not 27. France is already leading the way with SecNumCloud, but a clear, pan-European approach would be much more efficient for everyone.

Second, if we want to compete, we need to simplify. It is about better regulation, not more regulation. Organizations should be enabled to build and ship faster. Europe needs a true single digital market that encourages deployment, rather than hesitation.

Regulation should focus on the outcomes we all care about, like resilience, continuity, and competitiveness, rather than prescribing technical details.

Aiman Ezzat: Regulatory requirements should be risk-based, proportionate, and able to keep pace with technological developments. Extending EU-level regulatory sandboxes – and enabling real-world experimentation – will be essential to accelerate innovation and lower market-entry barriers. In recent years, Europe has developed a distinctive regulatory approach; the right balance must be found between citizen protection and competitiveness. Overregulation, particularly for emerging technologies such as AI, risks slowing adoption and undermining Europe’s ability to compete. Sovereignty should rest on unified, stable, and forward-looking frameworks that enable innovation.

What would be your one piece of advice to a CEO who wants to get sovereignty right?

Christian Klein: My advice would be this: define sovereignty based on risk and business impact, not ideology. Focus on the basics, such as data governance, operational oversight, and continuity. Use the best global innovation, but make sure you keep control, auditability, and compliance firmly under European legal and regulatory frameworks. And finally, take the handbrake off. Standardize your data, embed AI directly into your core workflows, and build on platforms that give you real governance and control.

Aiman Ezzat: My one piece of advice is to take a pragmatic, business-focused approach to sovereignty. Start by mapping your critical digital dependencies and risks. Identify where a loss of technical control – or undue foreign influence – would materially impact your business, and focus on what is truly mission-critical. Then build a sovereignty plan that mitigates those risks without undermining efficiency or innovation. For example, you might ensure your most sensitive data sits on European cloud infrastructure, protected with strong encryption and local legal oversight, and/or adopt a multi-cloud strategy so you are not tied to a single provider.

Choose solutions that protect autonomy while supporting innovation and competitiveness. Whether that means using a “sovereign cloud” for specific workloads, adopting open source where it is fit for purpose, or negotiating contracts that guarantee data residency and audit rights, ensure your sovereignty measures align with your business objectives. In short: be clear-eyed about your dependencies, address them with realistic measures, and keep the benefits of global technology.

Can sovereignty become a driver of innovation and competitive advantage?

And this is where Europe can really stand out. Trusted, governed, accountable AI is what scales, especially in regulated and mission-critical environments. That is how Europe can win the industrial race. The winners will not be thin tools or standalone agents, but the platforms that embed AI into governed, end-to-end business processes.

Aiman Ezzat: Yes – if approached correctly, digital sovereignty can absolutely drive innovation and competitiveness. The key is to treat sovereignty not as a constraint, but as a framework for building genuine capability. When we balance strategic autonomy with access to best-in-class technology, sovereignty becomes a source of resilience and competitive differentiation – pushing us to design systems with greater security, transparency, and control, and ultimately to deliver better products.

Moreover, investing in sovereign technology capabilities can foster homegrown innovation in Europe. We see that when teams focus on strategic needs – privacy, security, compliance – they often generate creative solutions that become value propositions in their own right. Done well, sovereignty is not just about compliance; it is a catalyst for innovation. Bleu is one example: we built something new to meet a clear market need, combining advanced cloud functionality with the highest level of data protection under French law. Sovereignty created the demand – and innovation filled it.

---

Looking forward

What is the role of European AI models in building a digitally sovereign Europe?

Christian Klein: When people say Europe is falling behind in AI, I always ask: behind what exactly? If the race is for the next chatbot, maybe. But the real opportunity for Europe is industry AI, and SAP will be a large part of that. We have some of the world’s highest-quality business data and deep industry expertise.

At the same time, Europe needs the ability to use the best global technologies, but in a way that operates under European governance and rules. That balance is essential.

This is why partnerships such as that between SAP and Mistral AI matter so much. They bring world-class AI, but on European terms – secure, compliant, and sovereign.

Aiman Ezzat: European AI models are central to sovereignty. If the most advanced models remain predominantly non-European, European businesses and governments face a structural dependency for a capability that is becoming critical to decision-making and day-to-day operations.

Agentic AI sharpens this challenge considerably. When autonomous agents make decisions and orchestrate other systems, the question is no longer only “Where is my data?” – it becomes “Who controls the decision loop?” Europe needs players that can provide control frameworks to ensure real strategic autonomy. We will not achieve this by ignoring OpenAI, Anthropic, or Google, but by harnessing their technologies alongside European champions such as Mistral. Our expanded strategic partnership with Mistral AI, jointly with SAP, illustrates this approach: delivering secure, scalable AI systems for highly regulated sectors with strict data requirements, including financial services, the public sector, aerospace and defense, and energy. European AI models enable innovation while keeping data and algorithms under European governance. They are a critical component of a digitally sovereign Europe.