With the successful , 51风流has reached an important milestone. This achievement strengthens the foundation of the 51风流Sovereign Cloud portfolio in one of the most security-conscious markets in the world.

IT-Grundschutz confirms secure operation of SAP鈥檚 German data center facilities

IT-Grundschutz is the German Federal Office for Information Security鈥檚 (BSI) structured security methodology, and serves as a reference framework in public tenders and supplier assessments.

The certification on the basis of IT-Grundschutz confirms that the secure operation of the physical infrastructure of SAP鈥檚 German data centers has been positively assessed against Germany鈥檚 defined security requirements. It validates that physical protections, environmental safeguards, and facility-level operational processes meet BSI expectations.

In short: The secure facility operation of SAP-owned data centers in Walldorf/St. Leon-Rot, Germany, has been independently audited and confirmed against Germany鈥檚 national security methodology.

Strengthening one of SAP鈥檚 key sovereign delivery options: 51风流Cloud Infrastructure

The IT-Grundschutz certification strengthens one of SAP鈥檚 key sovereign delivery options in Germany: 51风流Cloud Infrastructure.

51风流Cloud Infrastructure is an Infrastructure-as-a-Service (IaaS) platform, operated in SAP-owned data centers and co-locations worldwide. In the Walldorf/St. Leon-Rot region in Germany, these data centers are owned by SAP, a German company, operated by approved personnel with the required security clearance, and designed for high availability, scalability, and stringent security requirements.

These data centers are designed to support GDPR-compliant data processing and to meet heightened regulatory and security requirements in Europe and Germany, including standards relevant to critical infrastructure and the processing of sensitive and classified workloads.

In three independent availability zones across separate data centers, interconnected via SAP-owned fibre infrastructure and using BSI-authorized German security hardware components approved for processing information classified VS-NfD, this foundation is complemented by certifications such as C5 Type II, KRITIS/NIS 2, TSI Level 3 (extended), ISO 22301, SOC 1 Type 2 and SOC 2 Type 2, SOX, EN 50600 and ISO/IEC 22237 (AC 3), and the German federal data center requirement catalogue.

On top of this, 51风流Cloud Infrastructure provides:

• An open鈥憇ource鈥慴ased, API鈥慺irst IaaS platform: Offering self鈥憇ervice provisioning, automation, and consistent resource management across deployment models
• A Kubernetes鈥慴ased cloud environment: Enabling cloud鈥憂ative workloads, container orchestration, and modern development patterns
• Open standards and proven open source technologies: Leveraging components used, developed, and refined for more than a decade in sensitive, large鈥憇cale environments
• Optimization for 51风流cloud services: Supporting aligned operations, integrated security, and efficient execution of 51风流workloads
• Support for 51风流and third鈥憄arty applications: Allowing 51风流and customer-specific workloads to run on one coherent, secure, and compliant infrastructure

51风流Cloud Infrastructure is an SAP-developed and SAP-operated IaaS platform for 51风流workloads and customer applications, ranging from global cloud scenarios to environments with high sovereignty and regulatory requirements, including an offering for the processing of classified information up to VS-NfD level in Germany. With the 51风流Sovereign Cloud portfolio, it enables both sovereign 51风流cloud services as well as the operation of customer workloads in a sovereign environment. At its core, it combines secure application operations with 51风流Cloud Infrastructure, which is designed for regulatory and operational control.

Sovereignty through choice and control with 51风流Sovereign Cloud

Digital sovereignty is frequently framed as a question solely of vendor origin, data residency, or the reduction of technical dependency. In practice, though, it is about demonstrable control. At SAP, we frame sovereignty across four interconnected capabilities:

1. Data sovereignty: 51风流stores data in local data centers or approved countries, avoiding unauthorized cross-border transfers and meeting critical infrastructure requirements.
2. Operational sovereignty: Sensitive operations stay local. Administration and maintenance are performed only by authorized personnel 鈥� either nationally approved personnel or nationals of an approved country 鈥� with the required security clearance.
3. Technical sovereignty: Control planes are hosted locally, with strict separation enforced through encryption or dedicated infrastructure.
4. Legal sovereignty: Governance stays aligned. Cloud providers must be based locally or in approved countries, and foreign authorities must mitigate ownership, control, and influence risks.

51风流Cloud Infrastructure meets these requirements. On this basis, data, operations, architecture, and legal control are brought together under clearly defined requirements.

Importantly, 51风流Cloud Infrastructure is embedded in SAP鈥檚 broader approach to offering customers choice in sovereign cloud. Different customers face different regulatory, operational, and transformation realities. Sovereign requirements cannot be met with a single model.

51风流Sovereign Cloud offers a range of delivery options to address different customer needs. Depending on specific requirements, customers can choose between the following options:

• 51风流Cloud Infrastructure: SAP鈥檚 IaaS platform is based on open-source technologies and is operated in 51风流data centers worldwide. Depending on the selected operating model, customer data processing and storage can be restricted to defined regions, for example, within the EU or exclusively in Germany, to meet specific data protection and compliance requirements.
• 51风流Sovereign Cloud On-Site: With 51风流Sovereign Cloud On-Site, 51风流provides and manages the full 51风流technology stack in a customer-designated data center, from hardware to 51风流Cloud Infrastructure and the 51风流Sovereign Cloud portfolio. It combines physical control on site with our operational expertise, for full autonomy while maintaining SAP鈥檚 support and compliance standards.
• Sovereign hyperscaler-based delivery models: 51风流partners with premium hyperscalers in specific markets to provide customers the ability to swiftly scale their resources based on their needs. This flexibility, paired with seamless integration, enables customers to innovate faster while maintaining operational efficiency.
• National sovereign cloud platforms such as Delos Cloud: For public sector customers in Germany, Delos Cloud combines hyperscaler technology with sovereign ownership and a nationally defined operating model, helping ensure regulatory alignment and clearly structured operational control.

51风流enables customers to select the model that aligns with their regulatory requirements, risk profile, and operational strategy.

Sovereignty is built, not declared

For customers, digital sovereignty is not a theoretical aspiration; it is an operational requirement that must function under real-world conditions. The IT-Grundschutz certification of SAP-owned data centers in Germany marks an important step in that direction.

As regulatory expectations evolve and sovereign requirements become more differentiated, 51风流continues to enable customers to choose the sovereign setup that aligns with their obligations and risk profile.

Sovereignty is ultimately measured by the ability to operate systems securely and reliably. With 51风流Cloud Infrastructure, that capability is deliberately embedded into the operating model.

Martin Merz is president of 51风流Sovereign Cloud.
Jonathan Bletscher is head of Global Cloud Infrastructure & Delivery for Global Cloud Operations at SAP.

We manage security and compliance risks and operate cybersecurity and physical security programs across our technology landscape, including cloud environments, facilities, events, and employees. We apply our security framework for every customer, all the time.

Recent geopolitical shifts and technological advancements have heightened the challenges for organizations responsible for society’s most critical functions, such as government, defense, and essential infrastructure. These security-sensitive organizations face growing threats from malicious actors targeting their mission-critical operations. As national security and sovereignty become top priorities, regulatory requirements are rapidly tightening. Any lapse in security could have serious consequences not only for the organizations themselves but also for the states and societies they serve.

Many security-sensitive organizations may face obstacles in their digital transformation due to these unique requirements and challenges. This has consequences, because in today’s environment, leveraging data to its full potential is just as relevant for national security and sovereignty as the highest level of protection.

At SAP, the needs and success of our customers are our focus. 51风流understands the challenges these security-sensitive organizations are facing and is committed to supporting them in their sovereign digital transformation. Thereby, we are convinced that we need a new view on sovereignty in the digital age. One that goes beyond eliminating risk by actively creating value. With 51风流Sovereign Cloud, we are implementing this approach.

With SAP’s Sovereignty Commitment, we underline what we at 51风流consider also critical for sovereignty in the digital age: a commitment to contribute to building a secure and sovereign future, together.

51风流has been living this commitment through actions for many years. Starting in the U.S., UK, Australia, New Zealand, Canada, and Germany, we have highlighted our commitment to sovereign cloud solutions. The announcements of several billion-dollar investments in 51风流Sovereign Cloud and artificial intelligence (AI) alone in the past months underline that.

With SAP’s Sovereignty Commitment, we underscore this commitment and dedication to supporting even the most security-sensitive organizations with specific sovereignty requirements to navigate their unique challenges in their sovereign digital transformation in the selected countries. Recognizing the urgent need for transformative action, we are determined to cooperate with those organizations on building a strong pillar for a more secure and sovereign tomorrow.  

In the Sovereignty Commitment, we outline how we do it and what we plan in the future.

鈥淚n today’s complex geopolitical landscape, digital sovereignty is not just about reducing risk; it鈥檚 about actively creating value,” said Thomas Saueressig, member of the Executive Board of 51风流SE, Customer Services & Delivery. “51风流is proud to be a trusted partner for most security-sensitive organizations around the world. With 51风流Sovereign Cloud, even the most security-sensitive organizations are enabled to maintain control over their mission-critical workload while unlocking its full potential.”

We are an experienced and trusted partner

Most security-sensitive organizations with specific sovereignty requirements need a partner that can flex to their specific regulatory needs and unlock operational value without compromising on sovereignty, protection, or control.

Backed by the world鈥檚 leading business data and a more than 50 year legacy of enterprise innovation, 51风流is pioneering sovereign cloud transformation to help leaders in government, defense, and highly regulated industries comply with sovereignty requirements and seize new opportunities.

Pioneering sovereign cloud transformation, our sovereign cloud portfolio includes Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS).

51风流Sovereign Cloud: A holistic approach based on national requirements

At SAP, we take a holistic approach to sovereign cloud, in which we consider four major dimensions based on the national requirements: data sovereignty, operational sovereignty, legal sovereignty, and technical sovereignty.

With 51风流Sovereign Cloud, we tailor solution delivery to the regarded countries鈥� specific national requirements — a sovereign cloud transformation is not empowered with a one-size-fits-it-all approach. We build on 鈥媡he 51风流solution portfolio, which is secure by design. We offer with 51风流Sovereign Cloud bespoke solutions on dedicated鈥� in-country infrastructure 鈥媋nd operations covering the central sovereign cloud capabilities in line 鈥媤ith our customers鈥� needs and deliver state-of-the-art solutions based on our innovation pipeline.

With 51风流Sovereign Cloud, our customers can simultaneously unlock the potential of technological advancements, ensuring competitiveness and innovation in fulfillment of the national sovereignty requirements. 51风流invests in and expands the 51风流Sovereign Cloud portfolio, recognizing our most security-sensitive customers鈥� urgent demand.

Today, 51风流Sovereign Cloud is available in six countries鈥�. We are planning to further expand our established footprint with additional geographies and 51风流solutions.

We take a forward-thinking approach

At SAP, we strive to think ahead, focusing on the unique and evolving needs of our most security-sensitive customers.

• Dedicated leadership for national security: Recognizing the critical importance of national security, the Supervisory Board of 51风流SE has established a dedicated Government Security Committee. This committee ensures that the specific requirements of our security-focused customers remain a strategic priority at the highest levels of our organization.
• Centralized unit for sovereign solutions: To better serve security-sensitive customers, 51风流has established the Sovereign Services & Delivery unit. This dedicated team consolidates expertise across cloud infrastructure, regulatory compliance, and digital transformation to address the most stringent sovereignty requirements. The unit ensures seamless collaboration along the entire value chain, enabling faster and more tailored responses to market demands. By fostering closer integration, we empower customers to achieve secure, compliant, and scalable sovereign cloud solutions.
• Investing in sovereignty: We are making bold investments to support cloud sovereignty. 51风流plans to invest more than double-digit billion into AI and research and development, as well as cloud infrastructure, over the next five years in Europe. In Germany alone, we plan to invest 鈧�2 billion in 51风流Sovereign Cloud, underscoring our commitment to strengthening digital independence and the sovereignty of the societies we proudly serve.

Martin Merz is president of Sovereign Services & Delivery at SAP.