EU Tech Sovereignty Package Poses New Cloud and AI Questions for SAP Customers

The European Commission proposed a technology sovereignty package on June 3 that could reshape how SAP customers in Europe assess cloud infrastructure, AI compute, open-source dependencies, and digital supply chain risk.

The package includes two legislative proposals — the Chips Act 2.0 and the Cloud and AI Development Act — plus the EU Open Source Strategy and the Strategic Roadmap for Digitalisation and AI in Energy. Commission President Ursula von der Leyen framed the stakes directly: “We cannot afford to depend on others for the technologies that keep our hospitals running, our energy grids stable and our services secure.”

The measures are still proposals. The legislative pieces must move through the European Parliament and Council, and the final text could change before adoption. But the direction is relevant for SAP users, especially in public sector and regulated industries. More broadly, it gives customers a clear signal that EU policy is moving toward more control over the infrastructure and software layers that support enterprise systems.

Cloud and AI Development Act Introduces Sovereignty Assurance Levels

The Cloud and AI Development Act gives the package its most direct connection to SAP cloud and AI planning. The proposal would create a single EU-wide framework for assessing cloud and AI sovereignty, supported by a public sector adoption mechanism.

The Commission’s framework defines four sovereignty levels:

• Level 1 covers data processed and stored in infrastructure located in the EU.
• Level 2 adds requirements for independence from third countries and transparency over the software supply chain.
• Level 3 requires providers to be owned and controlled from within the EU, while still allowing the Commission to recognize third-country providers.
• Level 4 requires full transparency and control over the software supply chain, without third-country interference.

The Commission also wants to at least triple EU data center capacity within five to seven years by simplifying permitting, improving access to land and energy, and supporting investment in new data center infrastructure.

The four-level structure creates a concrete compliance checklist for SAP environments. Public administrations and regulated-sector organizations will need to determine which sovereignty level applies and whether their current or planned infrastructure qualifies.

SAP Cloud Choices Move Into Sovereignty Planning

Many SAP customers already run or are planning cloud ERP, SAP Business Technology Platform services, and AI-enabled workloads on infrastructure operated by large cloud providers. Under the Commission’s proposal, public sector and regulated organizations in Europe would need to assess those environments through a broader sovereignty lens.

That raises practical questions for SAP architecture and procurement teams. Customers will need to understand who controls the infrastructure, where data and metadata are processed, how software supply chains are governed, and what contractual protections apply if a provider is subject to third-country law.

SAP’s sovereign cloud portfolio gives customers one path to evaluate as these requirements take shape. The company has positioned SAP Sovereign Cloud, SAP Cloud Infrastructure, SAP Sovereign Cloud On-Site, and Delos Cloud for organizations with stricter requirements around data, operations, and regulatory control. Those options do not remove the need for customer-side due diligence, but they give SAP end users a clearer set of deployment models to compare against the EU’s emerging sovereignty framework.

Open Source, Chips, and Energy Broaden the Planning Lens

The overall package extends beyond cloud sovereignty.

The Chips Act 2.0 is aimed at strengthening Europe’s semiconductor supply chain, including faster permitting, skills development, stronger demand from user sectors, and more capacity for AI chips. The effect on SAP customers is indirect but relevant: AI-enabled ERP, analytics, and automation depend on resilient compute infrastructure.

The EU Open Source Strategy adds a software dimension. The Commission wants to increase adoption, support public administration, develop Europe’s open-source ecosystem, and promote open source internationally. This will make interoperability, software supply chain transparency, and procurement flexibility more important in platform, extension, and integration decisions.

The energy roadmap adds another constraint to the same discussion. As Europe pushes for more data center capacity, it is also trying to integrate those facilities into the energy system and improve energy data exchange. SAP customers planning cloud and AI workloads in Europe may not own that infrastructure, but they will increasingly need to understand the resilience, sustainability, and energy assumptions behind it.

What This Means for SAPinsiders

• Legislative negotiations determine final compliance scope. The Cloud and AI Development Act and Chips Act 2.0 still need to move through the EU Parliament and Council. SAP customers tracking the package should watch for amendments that change sovereignty criteria, public sector adoption rules, or procurement obligations.
• Cloud sovereignty reshapes ERP modernization planning. Legislative timelines remain uncertain, but the direction is already relevant for SAP customers planning cloud ERP, SAP Business Technology Platform services, and AI-enabled workloads in Europe. Public sector and regulated organizations should consider mapping deployments against the proposed sovereignty levels before they become formal procurement or compliance questions.
• Open source moves higher in architecture reviews. The EU Open Source Strategy does not make open source a substitute for core ERP. It does, however, increase the importance of interoperability, software supply chain transparency, and procurement flexibility across the platforms, extensions, and integration layers connected to SAP environments.