SAP AI Core
GDPR Compliance
Data Handling
EU regions available: eu10/eu11 (AWS Frankfurt, Germany), eu20 (Azure Netherlands), eu30 (GCP Frankfurt). Customer selects subaccount region. For strict EU data residency, select eu10/eu11/eu20/eu30. Note: underlying IaaS is operated by AWS/Azure/GCP (US companies) with EU datacentres.
Customer data in SAP AI Core is the customer's responsibility. Model inputs/outputs handled per service-specific terms. SAP's Generative AI Hub documentation explicitly states customer data is not used to train foundation models.
SAP acts as processor. Retention follows SAP BTP service terms and customer configuration.
Certifications & EU AI Act
SAP is actively engaged in EU AI Act compliance. SAP AI solutions are subject to EU AI Act as a provider. SAP has published EU AI Act readiness statements via Trust Center. SAP-ABAP-1 and SAP-RPT-1 (SAP's own foundation models) are subject to provider obligations.
Verification
SAP is headquartered in Walldorf, Germany — an EU member state. SCCs are used for transfers to US hyperscalers (AWS/Azure/GCP) that underpin EU region infrastructure. SAP AI Core is a PaaS layer on top of AWS/Azure/GCP, not own-infrastructure. ISO 27701 (privacy information management) is a strong differentiator. BSI C5 attestation covers SAP BTP and SAP S/4HANA Cloud. Most extensive certification portfolio of all providers in this directory. Pricing via SAP BTP credits/CPEA — enterprise licensing only.