WALLDORF — SAP SE (NYSE: SAP) today announced authorization to use from the German Federal Office for Information Security (BSI) to process information classified as “VS-NfD” (“Restricted – For Official Use Only”) on SAP Cloud Infrastructure in Walldorf/St. Leon-Rot. This strengthens SAP’s sovereign cloud portfolio for public sector organizations and regulated industries and enables security-critical SAP and customer applications to run in the cloud.
SAP is therefore one of only a few providers in Germany that will be offering a cloud environment whose key security components have received corresponding authorization to use from the BSI – and currently the only provider whose platform will be able to support both SAP applications and customer-specific applications in a high-performance, VS-NfD-compliant environment in the near future.
The authorization to use applies to workloads running on SAP Cloud Infrastructure in SAP’s own data centers in the Walldorf/St. Leon-Rot region, which are operated exclusively by security-cleared personnel. The authorization to use represents an important milestone and forms the basis for the subsequent full BSI approval SAP is working toward, including the recertification of SAP Cloud Infrastructure according to ISO 27001 based on the German IT-Grundschutz framework.
The evaluation process was completed in approximately 12 months and was characterized by close and constructive cooperation between the BSI and SAP — a sign of the growing collaboration between public authorities and industry in the field of IT security.
SAP Cloud Infrastructure: A Fully Sovereign Cloud Infrastructure from Germany
SAP Cloud Infrastructure is an Infrastructure-as-a-Service (IaaS) platform fully developed and operated by SAP, based on open-source technologies.
It is designed to provide customers with digital sovereignty across four dimensions: data sovereignty, operational sovereignty, technical sovereignty and legal sovereignty.
The foundation is a fully sovereign cloud region of SAP Cloud Infrastructure, comprising three independent availability zones in physically separated data centers in Walldorf/St. Leon-Rot. This sovereign cloud platform is further reinforced by a robust security and compliance foundation, demonstrated through certifications including ISO/IEC 27001 based on IT-Grundschutz for the data centers, EN 50600/ISO/IEC 22237, TSI Level 3+ and C5 Type II. Additionally, SAP Cloud Infrastructure has conducted a self-assessment against the BSI’s C3A (Criteria enabling Cloud Computing Autonomy) catalog, confirming compliance with all digital sovereignty requirements.
The VS-NfD authorization to use adds an important building block for security-critical use cases with the highest requirements.
As a deployment option within SAP Sovereign Cloud, SAP Cloud Infrastructure is an integral part of SAP’s portfolio for digital sovereignty. Together with the SAP Sovereign Cloud On-Site offering and Delos Cloud, SAP provides customers with demanding regulatory requirements the freedom of choice, control, and robust security they need.
Visit the SAP News Center. Get SAP news via LinkedIn and Bluesky.
Media Contact:
Dana Roesiger, dana.roesiger@sap.com, +49 16090820259, CET
SAP Press Room; press@sap.com
This document contains forward-looking statements, which are predictions, projections, or other statements about future events. These statements are based on current expectations, forecasts, and assumptions that are subject to risks and uncertainties that could cause actual results and outcomes to materially differ. Additional information regarding these risks and uncertainties may be found in our filings with the Securities and Exchange Commission, including but not limited to the risk factors section of SAP’s 2025 Annual Report on Form 20-F.
© 2026 SAP SE. All rights reserved.
SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE in Germany and other countries. Please see https://www.sap.com/copyright for additional trademark information and notices.
