Discover K11 books
Menu icon
  • K11 Blog News, articles & guides

AI Act and AI sovereignty: a walk in the legal jungle

AI Act and AI Officer: Trust and transparency in the SAP and OpenAI partnership

  • Ludwigsburg, the
Sovereign OpenAI in Germany: An attempt to make global AI locally controllable.

Why an AI strategy at all - and why now?

When "law" and "artificial intelligence" are mentioned in the same sentence, you automatically think of paragraphs, footnotes and guesswork. In future, the AI Act will affect everyone who uses AI - not just tech start-ups, but also traditional companies, administrations and universities. And who is supposed to keep an overview? Exactly: the AI Officer - or more soberly, a responsible person who coordinates and monitors the implementation of the requirements and obligations of the EU AI Act - a kind of navigator in the new sea of AI regulations.

But what happens when SAP and OpenAI work together to build a "sovereign" AI platform in Germany?


We take a look at the following:

  • what the SAP-OpenAI partnership is all about,
  • how this partnership relates to the AI Act,
  • what role the person responsible for AI compliance plays,
  • and the resulting opportunities and risks.

Symbolic image of artificial intelligence and data networking in the context of the AI Act

Image source: Tara Winstead / Pexels | Description: Abstract representation of a networked AI structure - it stands for the complex architecture of modern systems that fall under the AI Act. This is where the work of the AI Officer begins: creating transparency in the digital network.



1. the partnership: SAP + OpenAI = "OpenAI for Germany"

What was announced

SAP and OpenAI are jointly launching an initiative called "Sovereign OpenAI in Germany", often shortened to "OpenAI for Germany". The platform is provided via SAP's subsidiary Delos Cloud and operated on Microsoft Azure - with servers in Germany that are physically and legally separated from the global Azure network.

The aim is to provide public institutions, authorities and universities with access to AI services that guarantee data sovereignty, security and legal compliance. SAP plans to significantly expand the capacity of the Delos Cloud, including by adding up to 4,000 GPUs for AI workloads. The launch of the offering is planned for 2026.


What does "digital sovereignty" mean?

In other words, the data is stored on separate, demarcated servers in Germany that are subject to European data protection - so no uncontrolled data exchange across the Atlantic, but a cloud infrastructure under a German roof. In short: an attempt to make global AI locally controllable - with a TÜV feel and cloud charm.



2. where the AI Act comes into play

Requirements and obligations

The AI Act obliges providers and operators to, among other things:

  • a risk assessment of their systems,
  • Transparency obligations regarding the purpose, functioning and limits of AI,
  • Documentation and monitoring,
  • and evidence to authorities.

Full disclosure of training data is not required, but the ability to document its origin and quality in a comprehensible manner is. In short: transparency yes, transparent data records no.


Connection to the SAP OpenAI partnership

For the platform to be legally compliant, data flows and system access must be verifiable, secure and auditable. If the data is stored in Germany and processed under European data protection law, this is a clear advantage. SAP, OpenAI and Microsoft must ensure that their systems enable risk management, logging and human control. If they fail to do so, their use in public administrations would not be approvable - and SAP's biggest customers are unlikely to like that.


Participants at a workshop on AI Act compliance and the tasks of the AI Officer

Image source: K11 Consulting GmbH | Description: A K11 workshop in action: experts from IT management and data protection discuss how the requirements of the AI Act can be implemented in practice. The focus: the responsibility and training of the AI Officer as a new key role.



3 The AI Officer: regulatory pilot role

Why do you need an AI Officer at all? The AI Officer ensures that technical, organizational and legal requirements are brought together. This role is not mentioned by name in the law, but arises functionally from the duties of internal responsibility and supervision.


Typical tasks

  • Classification and documentation of AI systems,
  • internal audits, monitoring and tests,
  • Interface between IT, data protection, development and management,
  • Training and sensitization of employees,
  • Providing evidence to supervisory authorities.

Especially in sovereign cloud environments such as that of SAP Delos, this person must ensure that access controls, logging and data isolation exist not only on slides, but also in the server room.



4. opportunities and pitfalls

Possible advantages

  • Sovereignty & control: Data and models remain in the German jurisdiction.
  • Legal compliance: A carefully designed platform can comply with the AI Act.
  • Efficiency: AI-supported processes reduce the burden on administration and research.
  • Signaling effect: Germany strengthens its position in the European AI ecosystem.

Risks and challenges

  • Complexity: Integration and auditing are time-consuming.
  • Liability: Both providers and operators can be held liable, and violations can result in sanctions and fines.
  • Explainability: Many models remain difficult to understand.
  • Dependencies: Even sovereign clouds remain dependent on Azure components.
  • Costs: Compliance, audits and monitoring cost time and money.

Two experts talk about the AI Act and the role of the AI Officer at K11 Consulting

Image source: K11 Consulting GmbH | Description: A moment from a K11 workshop: Expert discussion on the practical implementation of the AI Act in day-to-day business. The AI Officer takes center stage - as a bridge between law, technology and common sense.



5th thought experiment: The government chatbot

Suppose a state authority wants to introduce chatbot support via "OpenAI for Germany". The person responsible would have to:

  1. classify the use case,
  2. Analyze data flows and authorizations,
  3. Coordinate security measures with SAP and OpenAI,
  4. Schedule audits,
  5. and train employees.

If this is implemented consistently, the use of AI can start in a legally compliant and responsible manner.



6 Conclusion - Sovereignty with style

The SAP-OpenAI partnership is not a Silicon Valley campaign, but a European experiment: Is it possible to use AI without losing control - and without violating the AI Act?

In future, the AI Act will require AI not only to work, but also to be explainable, verifiable and accountable. And the AI Officer will become the key figure who mediates between algorithms and supervisory authorities - half lawyer, half translator, with an occasional penchant for irony.

Law and creativity must dance here. And whoever orchestrates this will not only get Germany moving digitally, but also intellectually.


Related topics on k11-consulting.com:


Related topics:

Back to the K11 Blog News overview
Discover K11 books
Linkedin Facebook Instagram X-twitter