In today’s climate of geopolitical uncertainty and technological competition, it is both natural and necessary for nations to seek greater control over their digital futures.
The real issue is not whether countries should pursue digital sovereignty in critical sectors, but how best to achieve it, says Christian Klein, CEO of SAP SE.
Digital sovereignty is now a fundamental national security capability worldwide. In Europe, secure data, resilient operations and legal control form the backbone of stability and crisis preparedness.
From Klein’s perspective, digital sovereignty is understood across four dimensions: data, operational, technical and legal, supported by verifiable governance and transparency over critical operations. However, a lack of agreement on how to define sovereignty is impeding Europe’s ability to deploy secure digital systems and is slowing digital transformation across public services and regulated industries.
“Across Europe, and increasingly across the global technology landscape, digital sovereignty is interpreted in different and sometimes conflicting ways. This lack of alignment creates uncertainty for public authorities, regulated industries and technology providers. It directly undermines the adoption of cloud, AI and mission-critical digital services.”
Regulatory complexity and lack of harmonisation risk turning sovereignty into a barrier instead of an enabler of innovation, particularly when each country defines its own implementation model. AI adoption depends on trust, and if governments and regulated industries cannot use AI securely, they risk falling behind in an increasingly competitive global environment.
Klein emphasises that integrating global technologies ― within European legal and operational frameworks ― can boost AI adoption and strengthen Europe’s position in responsible innovation that is both competitive and compliant.
“From my perspective, digital sovereignty means the ability to exercise choice, control and governance across data, operational, technical and legal layers,” he says.
“This is not about technological isolation or excluding global partners. Europe must remain open to innovation and international cooperation.
“However, openness must be anchored in enforceable European law, clear accountability and auditable operational control. In practical terms, credible sovereignty means public authorities can verify where data is processed, who operates critical systems, which legal framework applies and who is accountable at every level.
“Without this clarity, sovereignty risks remaining a political concept rather than a reliable basis for trust, compliance and innovation, especially for AI-driven solutions.”
When we talk about digital sovereignty, he says too often the focus is on where the infrastructure is located. The reality is that digital sovereignty goes far beyond that. Infrastructure alone does not address the full risk profile.
Security and resilience depend equally on governance: who controls the software stack, who operates the platforms, and who bears legal and operational responsibility. If these questions are not clearly resolved, risks persist even when the infrastructure is physically located in a given jurisdiction.
“Sovereignty washing” ― where compliance claims are not supported by verifiable controls ― creates false assurance and weakens public trust. Sovereignty must be demonstrated in practice, through auditability, effective supervision and clearly assigned responsibilities across the entire digital value chain from data generation to AI inference.
From a governance perspective, the priority is to shift the focus from infrastructure alone to transparency, accountability and enforceable oversight.
Klein says European innovation needs a supportive environment to thrive, with legislation that encourages progress rather than holding it back. Such an environment includes one unified definition of technological sovereignty in the European Single Market, ensuring harmonized and practical implementation of EU law, such as the AI Act and Data Act, and building out clear, sector-specific requirements that industry and public authorities can implement at scale.
Europe has established strong regulatory foundations, notably through GDPR and the AI Act. The central challenge now lies in consistent implementation and deployment at scale. Public administrations and regulated sectors require sovereign cloud and AI solutions that are operational, compliant and ready for use.
Experience from public services and critical industries shows that AI can be deployed at scale while remaining fully aligned with EU law, including data protection, operational control and security requirements.
This can be achieved through partnerships that provide sovereign cloud environments where customers retain control over data access, operations and legal jurisdiction. AI is essential to improving efficiency, quality and responsiveness in public services, but adoption depends on trust.
If public authorities cannot deploy AI in a secure and lawful manner, innovation will stall. Sovereign cloud and AI are therefore essential enablers for translating Europe’s regulatory leadership into tangible economic and societal outcomes.
Europe’s competitive advantage lies in applied innovation, not in replicating global hyperscale infrastructure. Attempting to rebuild complete technology stacks domestically would be costly, inefficient and would slow down digital transformation. A more effective policy approach is to integrate global technologies within European legal, operational and accountability frameworks.
This enables Europe to benefit from global innovation while ensuring control under EU law. This model combines global technology partnerships with European governance, compliance and operational transparency. Europe should support and scale such integration models, rather than encourage technological isolation. When properly designed, this kind of openness and control would reinforce Europe’s long-term competitiveness and resilience.
How can Europe integrate global technology while retaining control?
Public institutions and regulated organisations across Europe are operating in a context of geopolitical uncertainty, increasing cyber risk and rapid technological change. They need trusted partners that combine technological scale with regulatory expertise and long-term stability.
SAP contributes to this shift by delivering sovereignty across data, operational, technical and legal dimensions. We support public administrations and regulated industries in modernizing core systems, migrating securely to the cloud and deploying AI responsibly.
This includes clear audit trails, operational transparency, and contractual safeguards that give customers confidence in who controls their systems and data.
Because SAP underpins many of Europe’s most critical public- and private-sector processes, we recognize that sovereignty cannot be added retrospectively. It must be designed into digital systems from the outset.
This is where SAP’s experience and long-standing engagement with European institutions provide value.
At SAP, we support interoperable, partnership-based approaches governed by clear rules and accountability. These models enable faster adoption, reduce fragmentation and enhance resilience. For policymakers, fostering such ecosystems is more effective than prescribing specific technologies.
Digital sovereignty cannot be achieved by individual actors alone. It depends on ecosystems, cooperation and shared responsibility.
Sovereignty and innovation are complementary objectives. Without secure and accountable frameworks, AI adoption will remain constrained. But if Europe gets digital sovereignty right, it strengthens resilience, competitiveness and public trust simultaneously.
It accelerates the responsible use of AI across health care, government, manufacturing, and financial services.
Achieving this balance positions Europe as a credible model and leader for applied, responsible innovation. It demonstrates that advanced technologies can scale without compromising legal certainty or societal trust.