The Voice of Cyber®

KBKAST
From SAP Sapphire – KB On The Go | AI Theater vs the Real Thing
First Aired: July 03, 2026

KB is on the ground at SAP Sapphire in Orlando, where AI has officially moved beyond experimentation and into the core of enterprise decision making. In two conversations, Marielle Ehrmann (Chief Security, Compliance and Risk Officer, SAP) unpacks why AI governance has entered the boardroom as an accelerator rather than a brake, what separates responsible AI from AI theater, and why the biggest risk usually isn’t the model itself but the humans around it.

Then Martin Merz (President Sovereign Cloud, SAP) explains why sovereign cloud has surged back into the conversation, the four dimensions SAP uses to define it, and why Australia’s pragmatic regulatory approach puts it among the top countries he works with globally. A grounded look at trust, governance and what it actually takes to innovate at enterprise scale.

Vanta’s Trust Management Platform takes the manual work out of your security and compliance process and replaces it with continuous automation—whether you’re pursuing your first framework or managing a complex program.

Help Us Improve

Please take two minutes to write a quick and honest review on your perception of KBKast, and what value it brings to you professionally. The button below will open a new tab, and allow you to add your thoughts to either (or both!) of the two podcast review aggregators, Apple Podcasts or Podchaser.

Episode Transcription

These transcriptions are automatically generated. Please excuse any errors in the text.

KB [00:00:10]:
What’s up, everyone? It’s kb and I’m on the go at SAP Sapphire at the Orange County Convention center here in Orlando, Florida. AI has officially moved beyond experimentation and into the core of enterprise decision making. This year’s event is heavily focused on how organizations are operationalizing AI across business processes, governance, data, cloud, and security, with SAP positioning enterprise AI in its dual platform at the center of that transformation. But as AI becomes embedded deeper into the enterprise, the conversation is shifting. It’s no longer just about capability. It’s about accountability, governance, risk, and trust. So for this KB on the go, we’re speaking with Marielle Ehrmann, Chief Security, Compliance and Risk Office, SAP, plus others, about what boards are really asking about AI right now and why enterprise AI governance has become a leadership issue, not just a technology discussion. This is KB on the go from SAP Sapphire Orlando.

KB [00:01:17]:
Let’s get into it. Joining me now in person is Marielle Ehrmann, Chief Security, Compliance and Risk Officer at SAP. And today we’re discussing. AI governance has now entered the ballroom. So, Marielle, thanks for joining and welcome.

Marielle [00:01:34]:
Thanks so much, Carissa. I’m really excited to be with you today.

KB [00:01:38]:
Okay, so, Marielle, I know you’ve been with SAP for quite a while, so perhaps I want to start with. Everyone is talking about deploying AI faster, but are boards now more concerned about governance than innovation itself, would you say?

Marielle [00:01:51]:
I love that question. I mean, let’s be realistic. Boards absolutely want innovation. Yeah. And this will never change, but they just don’t want innovation to become tomorrow’s congressional hearing. So a year ago, the conversation in most boardrooms was more about how fast can we actually deploy AI. And in my role as Chief Compliance Officer, I’m very happy that we have now shifted the conversation towards how fast can we deploy AI without ending up on the front page of the Wall Street Journal, for example? Honestly, that shift makes total sense. From my perspective, AI moved from being a cool technology experiment to something that can materially impact revenue, that can impact the reputation, the intellectual property, regulatory exposure, but also customer trust, sometimes all before lunch.

Marielle [00:02:39]:
And what’s interesting is that boards are no longer treating governance as the department of no like in the past. Good governance is really becoming the accelerator pedal, not the brake pedal. I’m especially proud that we as SAP understood this very early in our AI journey. We actually help customers to unlock AI’s full potential, to innovate with confidence, and with that, building also lasting trust with our AI governance.

KB [00:03:08]:
Do you think it’s hard to balance between what I’m hearing A lot in the market is companies. Now we have to have the competitive edge. Got to go faster by leveraging AI then with that is still the government side of things, making sure everything is not at risk. How do you think companies are managing that? So whilst they don’t want to stifle innovation, still being aware of some of the risks as well as that being underpinned by governance.

Marielle [00:03:37]:
That’s a super interesting aspect from my perspective. I think we always have to balance risk with innovation. The reality is innovation gets applause, but good governance keeps you in the business. That will never change, no matter the technology, whether it’s AI or the next big thing. This is why we are putting such a strong emphasis on AI governance as a strategic enabler, but also as a risk management strategy alike. When done right, AI governance does not take out the speed or hinder innovation. In contrary, it makes it sustainable. And this is what we all want, don’t we? So from my perspective, and this is what I learned also through the various customer conversations, the companies that build trust the fastest are often the ones that innovate also the fastest in the long run.

Marielle [00:04:24]:
So coming back to your previous questions, I think that the boards are finally realizing that responsive AI isn’t anti innovation, it’s what makes sustainable innovation possible. And this is what truly excites me.

KB [00:04:37]:
So the part that I’m curious to know, given your role and your pedigree, especially at SAP, what would you say boards are really asking about AI today? That simply weren’t really part of the conversation even a year ago. And I, I preface that with saying each week I’m going to be interviewing people like you, Marielle, and it’s just like things has changed, like week to week more than ever before. So I’m just really keen to understand going into the minds of boards at the minute, like what’s happening?

Marielle [00:05:05]:
So conversations have changed from, I would say throughout the last year, boards were asking what can AI do for us? Today they are asking what can AI do to us if we don’t control it? And that has changed the perspective. That’s the evolution. From my viewpoint, the conversation has shifted from pure excitement to operational reality, which I personally find very much exciting out of my role here. So a year ago most discussions were centered around productivity, automation, competitive advantage. Now the question, the questions are much more sophisticated and honestly much more consequential. Boards are asking things like where is our AI actually being used? Across the enterprise are employees passing sensitive data into public models? So the risk awareness is much, much higher. And in all honesty, for many organizations, AI adoption doesn’t start with a strategy. It started with employees opening their browser tabs.

Marielle [00:06:08]:
So here we are, coming to the human risk factor. What’s changed most is that boards now realize is AI is not just a technology discussion, it’s a governance, it’s a legal, it’s a reputational, a cybersecurity and also a business continuity discussion all at once. So my working space is super exciting these days because we are treating it like this at SAP, for our own practices, equally important for our customers, we have set up a very holistic AI governance, looking at the legal aspects, the ethical aspects, as well as the security aspects. For us as a company, but especially for our customers, taking them by the hand and guiding them through their AI adoption journey.

KB [00:06:52]:
There’s four pillars. When I had the discussion yesterday with some of your local team from your holistic AI governance, is that correct? Was there four legal, operational, technical? And there was another fourth one, the ethical. Ethical. That’s it, yeah. So would you say from a board’s perspective, if you look at those four pillars, the risk is being distributed equally in terms of how they approach all those pillars? Or do you think one’s getting more attention than the other? I’m just curious to hear your thoughts.

Marielle [00:07:18]:
Depends a little bit on the industry and the market you’re operating in here. I mean, I’m setting out a common baseline for my role so that each and every customer of SAP is enabled to use our AI and I would say equally important, to build the own AI agents on top of our solutions, to really give them the space, the freedom. But it’s always freedom within boundaries. That’s why we put that strong, strong governance in place. And I’m not sure if you’re aware, we were among the first large enterprises who got a certification for our AI governance practices. We got cert in Q3 2025. Exactly. Q3 2025.

Marielle [00:08:00]:
With the ISO 40001, we built out one AI management system across SAP and that totally paid off because we have the holistic oversight across everything that is happening within the landscape.

KB [00:08:15]:
So going back to that certification, do you think other companies will now start to embark on this journey themselves?

Marielle [00:08:21]:
I hope so. It’s a really good baseline. We extended it with the NIST AI Risk Management Framework to put a strong focus, and I mentioned that before, on managing the risks coming with AI towards our business, but also towards the customer business. And for sure, you know, we are a European software company putting a strong emphasis nowadays on the uai act and the combination of those three frameworks brings us into a very strong position as a company. I mean, for me, it always matters that our customers can trust our capabilities and that we are enabling the customers to build on top of our solutions.

KB [00:09:00]:
On that note, Marielle, from what I’m hearing from people like yourself in the industry, Europe has a very, very different view versus US versus Australia even. Is there anything that you can share in terms of insights from what you’re sort of seeing and hearing?

Marielle [00:09:14]:
That’s a very interesting question. I mean, the regulatory space has always been a very interesting space to operate in. As you can imagine, as we are offering our services, our solutions into any market, any industry, we have a lot of regulations we are complying with. I personally love that space a lot. But I’m also pushing for stronger harmonization and standardization across the regulatory landscape. Because we see so many scattered regulations in any market, Europe, but also the us where it’s quite, quite tough not only for SAP, but also for smaller enterprises to keep the holistic oversight. I mean, we have put a very strong model in place to keep track of the changes in the regulatory landscape, to have a prompt execution on those changes. This is one of the most energizing parts actually of my job.

Marielle [00:10:09]:
I truly love that area. But I would love to see more harmonization and standardization of regulations across the world. I think with that, we would even make the whole cyberspace a little bit more safe.

KB [00:10:20]:
Do you think that could become a reality? I know it’s sort of hard to standardize things, especially in different jurisdictions and different countries, etc.

Marielle [00:10:27]:
I hope it becomes a reality. And in all honesty, I’m doing everything I can do out of my role. To push for that Hope is never a strategy. Therefore, I’m quite active and also pushing into that direction with very, I’d say, pragmatic ideas and always with a close connect to our customers. It’s a typical case of stronger together. And if we form strong opinions and discuss that with the jurisdictions, it can actually become a reality.

KB [00:10:55]:
And so then just moving back to the executives. So would you say executives are starting to realize AI risk is less about the model itself or more about how employees and businesses are actually using it

Marielle [00:11:09]:
would absolutely confirm that. In fact, most executives are realizing now that the biggest AI risk usually isn’t the model itself, it’s the human behavior around the model, or as we call it in the cyberspace. You know, it’s a human risk factor. I love that work. The technology itself, like any other technology, is only part of the equation. The real risk shows up when employees move fast without the guardrails, pasting sensitive data into public AI tools, blindly trusting AI generated output, and so on. That’s why I always love to describe my work as giving freedom within boundaries. The risk is there from legal, from ethical, from security perspective.

Marielle [00:11:50]:
But this is why we also put a strong emphasis on solving a concrete business challenge with our AI platform. To enable to use AI at scale without increasing risk complexity or regulatory exposure to exactly turn that question around, turning the risk into an opportunity. So it’s a classic enterprise problem. Coming back to your question, powerful technology plus the human creativity and sometimes mixed with poor judgment. Therefore, I’m pushing heavily, not only within SAP, but also for our customers into the direction of putting a strong AI governance in place to keep track on what is happening within the companies, what are the freedom you’re giving and what are the boundaries you’re setting.

KB [00:12:40]:
And so Marielle, do you think many organizations are deploying AI faster than their governance models realistically keep up with? And so it probably leads me back to the original question that I asked you simply because now it’s getting more competitive for companies. They need to do more with less. They need to, you know, push releases faster and quicker and all these sort of things. But how like are people really focused then on we’ve got to maintain our competitive edge to keep our customers and all that sort of stuff because even people just aren’t as loyal anymore. So if they can get it faster, cheaper, better, probably go elsewhere. So I understand there’s more pressure now on companies to deliver these things within equally again creates the other problem of governance, security, risk, compliance.

Marielle [00:13:21]:
I would confirm that. I mean I see in my role many customers adopting AI and it’s without question. And in many organization, AI is moving at startup speed while governance is moving at committee speed. We saw that in the past as well. I mean there was still a study around in December that 99% of the global enterprises are experimenting with AI. Only 5% have a governance in place. That was in December. I think we got better across the industries, across the markets.

Marielle [00:13:50]:
But still the reality is AI doesn’t wait for policy documents to be finalized here. So therefore I can only advise each and every company to put in a good AI. Governance in place, still give freedom, but also setting the limits. Actually this is why I’m so excited to head exactly that area for SAP. We have the opportunity as a company, but also the responsibility to create a blueprint on how AI is governed. And I think this is exactly what we did early on, bringing together the security, the legal and the ethical risks, and making it an opportunity for our customers so they can trust our practices and can build on top of our platform without being in doubt.

KB [00:14:34]:
Do you also think with trust that it’s something that has evolved in terms of its definition with companies? So what I mean by that is back in the day we’re talking about trustworth security. Now we’re talking about trust in like AI governance and stuff like that. What sort of comes up in your mind when I ask you that question? I’m just hearing it a lot, like here, but also generally with people that I’m interviewing. So I’m just curious to understand your thoughts.

Marielle [00:14:57]:
Yeah, the questions have changed. How do your models come to a conclusion? For example? So customers are asking for more and more transparency, and this is a very fair question to ask. It’s our responsibility, it’s our accountability to give those answers to our customers. In all honesty, the organizations that will succeed in the long term are not the ones that slow innovation down because of those questions. The winning ones will be those who have built governance and can move at the speed of innovation. And that is actually creating trust if we are supporting our customers while they’re innovating together with us. But they need transparency, that’s for sure. And I think these are all very, very fair questions, and we are happy to answer that.

KB [00:15:47]:
So then maybe building on that last question, what do you think separates organizations genuinely adopting responsible AI from those performing like AI theater.

Marielle [00:15:59]:
I like that term. It’s a good one. I’d say you can usually spot the difference within the first 15 minutes of a convers. The AI theater, as you call it. Those organizations just love the optics. They have the glossy strategy deck, the innovation slogans, the executive panels talking about transformation. But then you find out quite fast that somewhere buried in the company is a pilot chatbot nobody fully trusts. Yeah, so this is what I would call the theater.

Marielle [00:16:27]:
And then if you ask a very simple question on who owns AI Risk here, suddenly the room gets quieter. But that’s the major question we have to ask ourselves. So, coming back to one of your previous questions, the organizations generally adopting responsible AI answer differently. They can tell you at any point in time where AI is being used, what kind of data AI is touching, who validates the output. So the human in the loop. Also, what policies exist within the company and what happens when the AI gets something wrong. I always say the real AI governance shows up in operational discipline, not in the PowerPoint slides. And I’m really happy that we at SAP realized that very early and therefore we implemented this strong AI governance which has been certified with our ISO.

Marielle [00:17:20]:
That’s a real different. Responsible AI organizations do the hard, less clamorous work, I’d say. They do the governance, they have the data controls, they are accountable, they have model oversight, they do the dedicated employee education and have the continuous monitoring in place. Because responsible AIs is not a branding exercise, let’s be clear about that. It’s an operational capability you have to set in place.

KB [00:17:48]:
So what I’m hearing from what you’re saying is if you ask who owns AI Risk and no one responds, that’s a very strong indicator.

Marielle [00:17:55]:
Absolutely.

KB [00:17:55]:
Perhaps it hasn’t been considered thoroughly.

Marielle [00:17:57]:
Yeah, and honestly, the companies doing it well tend to talk about AI less dramatically because they are too busy actually operationalizing it. So it’s a super exciting topic and will not have a dull moment throughout the next years when working in compliance, in security, in AI governance. So this is what, what excites me very, very much about this role and also working with SAP.

KB [00:18:23]:
Joining me now in person is Martin Merz, President Sovereign Cloud at SAP. And today we’re discussing why sovereign cloud suddenly matters. So Martin, thanks for joining me and welcome.

Martin [00:18:31]:
Thank you very much.

KB [00:18:32]:
Okay, so Martin, I want to start with for years cloud was about convenience, now it’s about sovereignty. So I want to talk about that resiliency, trust. Talk me through your thoughts. What comes to mind, first of all,

Martin [00:18:47]:
I mean everyone, when you open the newspaper, you can see clearly that something changed in the world right over the last years. Not only the war in Ukraine, but also what’s going on in the Middle east and also rest of world. So from a geopolitical perspective, I think it’s obvious and a no brainer for everyone that things are changing and things are changing very fast in comparison to the time before. So look, I mean we talk a lot about the military, we talk about, especially in Europe, a lot about the capabilities, on how we defend ourselves. And basically that’s the one line of defence, I would say. But there are also others, especially when it comes to resilience and trust. So do not think only about defence and about war capabilities. Really about when I talk about this topic of sovereignty, it’s about prosperity, well being, security of a nation and especially about its citizenships.

Martin [00:19:39]:
So this is the whole story. Basically we have still our public cloud business in place for, I would say, the normal customers. And don’t get me wrong, our public cloud business has the best in Class security measures in place sovereign cloud There is from a security perspective, no differentiation because we work with the same software, we work with the same setup. The only difference is basically that we have from a sovereign perspective now included the national security requirements and measures that are basically an obligation in all these countries where we have these setups. And this is super important for me because you see a lot of sovereign discussion right now when we talk about sovereignty at SAP, it’s really like it’s always approved or in alignment with the national security apparatus of the country and with the, I would say supervisory authorities. As an example in Germany BSI which is the cyber security organization just was in France there is the ONC and all the others around the world. They tell us what to do in case of we want to deliver to certain customers. When I talk to us about certain customers, this is why SAP decided to have an additional portfolio on top of the public cloud.

Martin [00:20:47]:
All the customers that are on prem so far and who could not join the cloud because of their regulations. The most easy example to explain is the military. They have classified information. Classified information cannot due to regulation be put or sent or whatever in a public cloud environment. You need a dedicated cloud environment or the on prem world. But the problem with the on prem mode is basically that you will not get this access and speed to innovation as you have it in the cloud. And that’s a huge differentiator from my point of view because what’s going on in China, what’s going on in the US and all the other countries, I always tell intelligence agencies, militaries, but also other security organizations that in case of, I mean you talk about security, but security means for me also that you are at the same level of innovation as the others. When you can come back to the war example like where you can see whoever has the best drone set up in this theater wins, right From a technical perspective.

Martin [00:21:45]:
So same here at SAP we have a very clear model and understanding when we talk about sovereignty. We have four dimensions. It’s data sovereignty, it’s operational sovereignty, it is technical sovereignty and the legal sovereignty part. I mean data sovereignty. We don’t need a deep dive here. I think that’s obvious. Data needs to stay in country or in region that is acceptable for the nation security apparatus. Operational sovereignty means like whoever touches your data in this cloud environment needs to have the right citizenship sometimes.

Martin [00:22:15]:
And most of our employees are security cleared in this environment. Also security clearance, a government security clearance. Nothing that we just do by ourselves, but it’s basically, basically done by the Government, just a number. We have something like 2,000 employees around the world for our sovereign cloud setups. And you know, keep me honestly, 80% plus of them are security cleared.

KB [00:22:35]:
So just before you go on there, Martin, I just. What was coming to my mind is. And you would know this, which is why I want to ask. We went through like a stage in the industry where everyone was talking about sovereign capability and then it dissipated. But now there’s like this massive resurgence. Given what you’re saying, and I’m listening to what you’re saying, do you think it’s become more of a topical conversation and a need because of the geopolitical tensions, would you say as well?

Martin [00:22:59]:
Yeah, yeah, for sure. But we have also to differentiate, to be very honest. I mean we are deploying and it’s maybe not called sovereign but trusted cloud or national security cloud for 15 years already such setups in the US where we have a dedicated company called National Security Service. I just had a meeting with the CEO of NS2. He’s basically in reporting lines, reporting to me. But we are aligned in systems because they have this proxy company agreement like we have a dedicated company in the US NS2. They are under full control of the government. They have to mitigate foci, foreign ownership, control influence.

Martin [00:23:33]:
And in this setup they can consume the best innovation coming from outside the US one setup. We are driving it already for 15 years. Same with the Five Eyes. The first sovereign cloud setups that we deployed were in the Five Eyes, among others, Australia, which had a very pragmatic approach on sovereignty. But first of all they had this topic of sovereignty already like four to five years ago. If you do the research and I just did it a couple of weeks ago, I think it was like we have 26, like 22, 21. You already had the sovereign cloud or, or digital sovereignty debate at all. Europe, not Europe just started two years ago and basically last year this whole topic came up and now it’s like you can’t go without sovereign digital sovereignty right now in Europe.

Martin [00:24:19]:
So from your perspective, from an Australian perspective, sovereignty, it’s an old topic for us. It’s brand new in Europe. So there are different countries with different. From a timeline perspective, I would say sovereign debates that they have, so to say. Plus for sure, as just mentioned, like on top the geopolitical developments.

KB [00:24:41]:
Yeah, because it’s interesting at the moment with people I’m talking to at your level that it’s just. It just seems to be what everyone’s talking about again because for a while I just didn’t hear much about it. So it’s just more to get your view and your perspective. And then you spoke before about your customer. So would you say that now the whole sovereign cloud, it is becoming more urgent for people in terms of what they’re looking to do, what’s on the roadmap, what’s happening next?

Martin [00:25:04]:
Look, from my perspective, it was already urgent years ago, the whole topic and you just started the whole discussion here about resilience and trust. We need to become a more resilient community. Also from a nation layer perspective, we need to have this trusted cloud, sovereign cloud, call it whatever you want. In the end it’s the same. We need a setup where we can protect our society’s most valuable and most important asset. Is it water supply? Is it eccentricity supply? Is it maybe the military or other security organizations?

KB [00:25:37]:
So speaking of trust, I want to slightly shift gears for a moment. Would you say customers attitudes are shifting when it comes to handing over control to hyperscalers and software providers? Keen to get your thoughts here.

Martin [00:25:53]:
I have a very easy approach to that one and basically also I’m going to quote the Australian government and how we did it here. They had a First of all I say freedom of choice, but under your control. So that what we are offering basically are several infrastructure possibilities that you can choose. And then we deploy our platform, our services, our software on that we work with us hyperscalers but we also use and leverage our own SAP cloud infrastructure. And on top of that we have also now a dedicated on site deployment that means we bring the SAP cloud infrastructure into the customer’s data center. You can imagine that especially for military intelligence agencies and high secure organizations, this is the perfect setup. Coming back to Australia, what I just said, like I appreciate a pragmatic approach because you guys just like again four or five years ago said like we have to buy, build, assemble approach. Buy means we buy the best technology.

Martin [00:26:54]:
What is basically out there in the world doesn’t matter if it’s not from Australia we build. That means we focus on where we are the best and then we just assemble it. Our control. Is it always perfect? Nothing is perfect in this world. But you are on the street already. The car is on the street, you are driving and then from here on, from year to year you can adjust. Same with a lot of other countries. We had a lot of debates in Europe.

Martin [00:27:19]:
This is why I really try to was to convince policymakers, governments, but also customers that it’s better to have the car on the street with a 99% ready. Instead of waiting for the perfect world, the perfect sovereign cloud, which basically nothing is perfect, there is not the 100% layer that you’re looking for. But again we have several offerings. It depends on you, it depends on your supervisory authorities if they allow you to join this cloud or not. And coming back to the hyperscaler discussion on top of that, also here in Europe we have for example work with AWS with their sovereign cloud setup. This sovereign cloud from infrastructure perspective separate from AWS is approved by the bsi for example for Germany and also by other European countries for their country, Microsoft. They have a dedicated delos cloud in Germany, for example, where we work together with Microsoft. This Microsoft infrastructure, this data centers will get an approval, an official approval by the bsi, by the regulator.

Martin [00:28:25]:
And only then, and only then I will deploy on them because I’m always waiting for the government telling me like you can leverage this infrastructure that’s from a sovereign perspective with all the sovereignty layers. And then you have a checklist. What you have to do is okay for us. And with that it’s sovereign. Bring me back. And I did not finish that. The four dimensions I just mentioned, data sovereignty, operational. The next one is technical and that fits into the discussion we’re having here right now.

Martin [00:28:50]:
We don’t. From a technical perspective I see data center setup, we don’t need to discuss this. One control plane is always in country when we have our sovereign cloud setups. I think this is very unique. Normally in the public cloud you have it in one country, for example SAP, Germany or Hyperscale in the us. But what I just mentioned here is the special hardened that we are doing and we have a so called superset of hardened software. And this is a result of all the countries where we started in the U.S. we had to fulfill Fedrum and now CMMC requirements, we fulfill them.

Martin [00:29:22]:
Like there is just imagine there’s a list of 400 requirements you need to fulfill so that you can serve the government in a certain way. We fulfill them. Then we went to Australia, they told us like these 400 are perfect, Martin, but we still have 50 requirements that are even higher than the US requirements. So we told them like give them to us and we will fulfill them on top, do the compliance check, do the necessary hardening and so on. Then we went to the next country, to the next country and basically the software is becoming harder and harder. Like I kind of always bring the example for non technical people. Like just imagine the G wagon, the normal G wagon and then we have the armored G Wagon for a special kind of person that you need to protect. In this case, it’s your data.

Martin [00:30:04]:
So to say that’s the technical sovereignty part. That brings me back to what we just discussed. Like, like we follow the rules and now we achieved a superset of hardened software, superset of sovereign software that we only deploy if the country, the regulator, whoever tells us like the infrastructure is sovereign for us, that’s fine. Your software, your services are sovereign for us. And then that’s the big picture here we have the sovereign setup at all. And what we have in this whole debate about is it sovereign or not, it’s mostly politicians or also other organizations driving this discussion. Like, like, should we be. Do we rely on US technology? Do we rely on other countries? By the way, we only discuss.

Martin [00:30:44]:
This is also a very interesting debate I’m following because we have it in person in India, for example. In Europe we always discuss like the US where we fear a kind of dependency. When you talk to India where we just basically deployed sovereign cloud in September last year, they told me, I said like, are you maybe a little bit concerned about the US Hyperscale? I said, no, we are more concerned about probable sanctions coming from Europe and will that maybe SAP not delivering their technology to us? Is that maybe another scenario? So this is basically also something you have to think when we have this whole sovereign cloud setup from an SAP perspective that I’m deploying around the world. And how many countries are these now? 40. 40 countries. So where we take all this specific requirements, all this hardening, all the things. So now our team coming into a country having this discussion with the government, with the customers, I would say nothing special at all anymore because we already fulfill and over fulfill the regulations. And then for sure it’s a political debate that we need to have.

Martin [00:31:50]:
And also with the government, with the customers. Do you want a US hyperscaler? Yes. No. If no, do you want a European setup that we can also offer or maybe other setups that are okay for you. You. But it’s always and ever about the customer and their requirements that are written down in the national security requirements of the country.

KB [00:32:10]:
Just on that comment, would you say because Australia is very regulated as well, that could be why they’ve. Which is a good thing, depending on who you ask, because it can be a lot of compliance. So do you think that’s probably why there’s been more of a push in Australia because of how regulated it is?

Martin [00:32:25]:
I don’t see Australia over regulated. Honestly. I think you guys have a good setup because look, the worst thing that can happen to me coming into a country and trying to help the government and the customers that were for sovereign cloud centers, they telling me like we have no regulation at all because then I don’t know what to do. Right. This is really the worst scenario we have.

KB [00:32:44]:
Who’s telling you that?

Martin [00:32:46]:
I can’t tell you. But not Australia.

KB [00:32:50]:
Okay. I didn’t think so.

Martin [00:32:52]:
You were the first. We even had a very first discussion with Austria on the critical infrastructure topics where we had this discussion about how is Germany, Germany doing it. So these guys were very open for other setups. Very curious to understand from us also, like, how are others doing that? How does it work in other countries? What’s your experience? So they’re really trying to get the best innovation, best information about what’s best and what could be best for us and then bringing it together under their, so to say, set up. No, I don’t see Australia over regulated. I think the diff. And I see also in Europe, not each and every country overregulated. I think the challenge that we have in Europe, that every country has its own regulation.

Martin [00:33:32]:
There is not, I would say one European regulation. But Australia, honestly, I would say you are also, in comparison to other governments, when I talk to them, among the best three to five countries that I know where we deployed sovereign cloud. That I know also from a pragmatic approach. Nevertheless, although you have these regulations in place, you still have a pragmatic approach. And this is something that I think is again, one of the best countries and one of the best workarounds that we have with Australia.

KB [00:34:04]:
So, Martin, maybe just to conclude, I’m curious to understand really at the end of the day, what are some of the biggest misconceptions executives have about sovereign cloud? Given your role, you’re all around the world talking to these people. Is there anything that you can sort of leave us for today?

Martin [00:34:20]:
Yeah. Misconception would be like if we mix term the topic of digital sovereignty with isolation. If we try to start doing everything by our own, just leveraging the innovation and things that we have in one country instead of looking around, trying to get the best innovation into the country under your control. I think that’s the thing you need to drive to understand sovereignty, as I said, as a kind of freedom of choice and control instead of isolation.

KB [00:34:55]:
And there you have it. This is KB on the go. Stay tuned for more.

Share This