logo

Are you need IT Support Engineer? Free Consultant

IT-Grundschutz certifies German SAP data centers | SAP News

  • By sujay
  • 16/04/2026
  • 17 Views

Security and sovereignty have become operational prerequisites for digital technologies. Organizations in the public sector and regulated industries expect not only innovation and scalability, but also verifiable evidence that security controls comply with national standards.

With the successful completion of the ISO/IEC 27001 certification SAP has reached an important milestone based on IT baseline protection for the physical infrastructure of SAP’s own data centers in Germany. This strengthens the foundation of the SAP Sovereign cloud portfolio in one of the most security-conscious markets in the world.

SAP Sovereign Cloud: Resilient. Secure. Ready for use.

IT-Grundschutz confirms the secure operation of German SAP data centers

IT-Grundschutz is the structured security methodology of the Federal Office for Information Security (BSI) and serves as a reference framework in public tenders and supplier evaluations.

The certification based on IT-Grundschutz confirms that the secure operation of the building infrastructure of the German SAP data centers has been positively assessed based on the security requirements defined in Germany. It confirms that physical protection measures, environmental safeguards and operational processes at the site level meet the BSI’s expectations.

In short: The secure operation of SAP’s own data centers in Walldorf/St. Leon-Rot has been independently tested and confirmed using national German safety methodology.

Strengthening one of the core sovereign SAP deployment options: SAP Cloud Infrastructure

The IT-Grundschutz certification strengthens one of the central, sovereign deployment options in Germany: the SAP Cloud Infrastructure.

SAP Cloud Infrastructure is SAP’s Infrastructure-as-a-Service (IaaS) platform, which operates in SAP-owned data centers and co-locations worldwide. The data centers in the Walldorf/St. Leon-Rot (Germany) is owned by SAP, a German company, is operated by approved personnel with the required security clearance and is designed for high availability, scalability and strict security requirements.

These data centers are designed to enable GDPR-compliant data processing and to meet high regulatory and security requirements in Europe and Germany. This also includes standards for critical infrastructure and the processing of sensitive and classified workloads.

The basis for this is three independent availability zones in separate data centers, which are connected via SAP’s own fiber optic infrastructure. German security hardware components are used that are approved by the BSI for processing VS-NfD information. This is supplemented by certifications such as C5 Type II, SOC 1 Type 2 and SOC 2 Type 2, SOX, KRITIS/NIS2, TSI Level 3 (extended), ISO 22301, EN 50600 and ISO/IEC 22237 (AC 3), as well as the Federal Catalog for Data Center Requirements.

Additionally, SAP Cloud Infrastructure offers:

  • An open source-based Infrastructure as a Service (IaaS) platform with an API-first approach: with self-service provisioning, automation and consistent resource management across different deployment models.
  • A Kubernetes-based cloud environment: to support cloud-native workloads, container orchestration, and modern development approaches.
  • Open standards and proven open source technologies: based on components that have been used and developed in sensitive, large-scale environments for over a decade.
  • Optimization for SAP cloud services: for aligned operational processes, integrated security and efficient execution of SAP workloads.
  • Support for SAP and third-party applications: This means that both SAP and customer-owned workloads can run on a unified, secure and compliant infrastructure.

SAP Cloud Infrastructure is an IaaS platform developed and operated by SAP for SAP workloads and customer applications – from global cloud scenarios to environments with high sovereignty and regulatory requirements, including an offering for VS-NfD data in Germany. With the SAP Sovereign Cloud portfolio, it enables both SAP-operated sovereign cloud services and the operation of customer workloads in a sovereign environment. At its core, secure application operation is linked to the SAP Cloud Infrastructure, which is designed for regulatory and operational control.

Sovereignty through freedom of choice and control with SAP Sovereign Cloud

(Digital) sovereignty is often viewed exclusively as a question of the origin of the provider, data residency or the reduction of technical dependencies. In practice, however, it is about demonstrable control. At SAP, we define sovereignty along four interrelated capabilities:

  1. Data sovereignty – SAP stores your data in local data centers or in approved countries. This prevents unauthorized cross-border data transfers and meets important infrastructure requirements.
  2. Operational sovereignty – Sensitive operating processes remain local. Operation and maintenance are carried out exclusively by authorized personnel – i.e. nationally approved personnel or nationals of an approved country – who have the required security clearance.
  3. Technical sovereignty – Control planes are hosted locally, with strict separation ensured through encryption or dedicated infrastructure.
  4. Legal sovereignty – Legal certainty is guaranteed at all times. Cloud providers must be based locally or in approved countries. Foreign authorities must limit risks related to ownership, control and influence.

SAP Cloud Infrastructure meets these requirements. On this basis, data, operations, architecture and legal control are brought together under clearly defined specifications.

Importantly, SAP Cloud Infrastructure is part of SAP’s broader approach to offering customers various sovereign cloud options. Different customers face different regulatory, operational and transformation requirements. Sovereign requirements cannot be met with a single model.

There are therefore various deployment models to choose from for SAP Sovereign Cloud. Depending on their requirements, customers can choose between the following options:

  • SAP Cloud Infrastructure: SAP’s Infrastructure-as-a-Service platform is based on open source technologies and is operated in SAP data centers, which are available in numerous locations worldwide. Depending on the operating model chosen, customer data can be processed and stored in defined regions – for example within the European Union or exclusively in Germany – to meet specific data protection and compliance requirements.
  • SAP Sovereign Cloud On Site: With the SAP Sovereign Cloud On-Site offering, SAP provides and manages the complete SAP technology stack, which is operated in a data center designated by the customer – from the hardware, to SAP Cloud Infrastructure, to the SAP Sovereign Cloud portfolio. The offering combines physical on-site control with our operational expertise, ensuring full autonomy while adhering to SAP support and compliance standards.
  • Sovereign models based on hyperscalers: SAP works with recognized hyperscalers in certain markets to give customers the ability to scale their resources quickly and on demand. The combination of flexibility and seamless integration enables customers to innovate quickly while maintaining efficient operations.
  • National sovereign cloud platforms such as Delos Cloud: For the public sector in Germany, Delos Cloud combines hyperscaler technology with sovereign ownership and a nationally defined operating model.

SAP enables customers to choose the model that suits their regulatory requirements, risk profile and operational strategy.

Sovereignty comes from implementation, not from assertions

For customers, digital sovereignty is not a theoretical goal. It is an operational requirement that must work under real-world conditions. The IT-Grundschutz certification of SAP’s own data centers in Germany is an important step in this direction.

As regulatory requirements evolve and sovereign requirements become more nuanced, SAP continues to enable customers to choose the sovereign solution that fits their obligations and risk profile.

Sovereignty is ultimately measured by the ability to operate systems safely and reliably. With SAP Cloud Infrastructure, this capability becomes an integral part of the operating model.

Subscribe to the SAP News Center newsletter

Martin Merz is President of SAP Sovereign Cloud.

Jonathan Bletscher is Head of Global Cloud Infrastructure & Delivery, Global Cloud Operations.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

286686 Gettyimages 1090693694 Uncropped F 1920X600 1
SAP HANA NEWS
SAP Ariba: The next generation is here
Mannschaft Fcbayern Bayer04Leverkusen Bl Fn Lv B6 4377 1920X600 1
SAP HANA NEWS
FC Bayern Munich: A look behind the scenes
280888 Gettyimages 617072374 Medium Jpg Uncropped F 1920X600 1
SAP HANA NEWS
Hannover Messe 2026: AI and digital transformation
20260419 150525 2 1024X773
SAP HANA NEWS
Uhlmann and SAP: Innovative solutions for companies
//
Our customer support team is here to answer your questions. Ask us anything!
👋 Hi, how can I help?
Hi, how can I help?