Imagine being the parent of a four-year-old child and receiving a call from a hacker group calling themselves Radiant, informing you of the theft of personal information—including photographs—in a cyber-attack they have carried out on the nursery your child attends. They put pressure on you in an attempt to force the nursery group to pay the ransom amount.

Referring to this incident at the end of September 2025, a commentator said this was “an absolute new low” for cybercriminals: to target young children.

What is even more surprising is that cybercriminals are not only hacking into large corporations across industries such as retail, automotive, airports, and healthcare, but they are also beginning to focus their attacks on softer targets. Given how safe our public sector agencies are (such as local councils, healthcare trusts, smaller police agencies, non-governmental organisations, consumer-owned co-operative societies), it makes you wonder who could potentially be the next soft targets!

Organisations are talking about digital sovereignty

In recent months, the topic of digital sovereignty has entered the mainstream. Quite right, too. Cybersecurity threats, together with geopolitical tensions, are said to be the main reason for this attention.

But more importantly, digital sovereignty lies at the intersection of economics, national security, and individual rights. For public sector agencies, national security organisations, utilities, healthcare, and other critical industries, these uncertainties are not theoretical. They demand clarity, control, and resilience. In response, SAP is entering the debate—not only offering technology, but also reimagining what digital sovereignty means in a cloud- and AI-driven world.

SAP’s approach to digital sovereignty

SAP’s approach to digital sovereignty encompasses four dimensions:

• Data sovereignty: SAP stores all your data, including metadata, within the country — eliminating unauthorised cross-border transfers.
• Operational sovereignty: Research shows that the human factor is the weakest link in many cyber security strategies. SAP ensures sensitive operations remain local. Only authorised personnel—local nationals or those from trusted countries—handle administration and maintenance, with the required security clearance to minimise risks.
• Technical sovereignty: Control planes are hosted locally with strong separation enforced through encryption or dedicated infrastructure. Reducing possibilities for coordinated hack attacks
• Legal sovereignty: Governance remains aligned. Legal entities are based locally or in approved countries.

SAP is operationalising sovereignty across cloud, AI, and governance layers, providing you with choice. Depending on the respective country or territory, you can choose according to your classification level and secrecy requirements, budget, and flexibility.

• SAP Sovereign Cloud on hyperscaler: SAP partners with premium hyperscalers to provide the ability to swiftly scale resources according to requirements. This flexibility, combined with seamless integration, enables you to innovate more quickly while maintaining operational efficiency.
• SAP Sovereign Cloud On-Site: Infrastructure operated by SAP within a data centre of the customer or chosen by the customer. It combines local physical control with our operational expertise, ensuring complete autonomy while providing full access to SAP cloud innovations and maintaining SAP support and compliance standards.
• SAP Sovereign Cloud on SAP Cloud Infrastructure: SAP’s own IaaS platform is based on open-source technologies, and operates on the SAP data centre network.

SAP is actively driving innovation to make sovereign AI accessible

What’s on the roadmap? Development and use of artificial intelligence technologies that are controlled and regulated according to jurisdictional requirements, adhering to local interests and values.

Digital sovereignty is no longer optional. For governments and critical industries, it’s time to formulate and evaluate your sovereignty strategy.

Ask yourself:

• How resilient are my operations against cross-border risks?
• Can I adopt AI and cloud securely?
• What dependencies are present in my digital infrastructure?

With SAP, the path to digital sovereignty is not about compromise; it is about building resilience whilst accelerating digital transformation.