The Sovereignty iIlusion: How BTP navigates the tax solutions cloud trap

Juni 3, 2026 Einblicke

As European enterprises accelerate their migration to SAP S/4HANA and embrace the “Clean Core” philosophy, a demand for tax technology that respects European data sovereignty has only increased.  This article discusses what’s going on in the world of VAT, what kind of offerings exist and why BTP is different.

 What is tax technology?

Tax technology is the highly specialized ecosystem of software designed to automate, manage, and optimise the end-to-end tax lifecycle. In a corporate enterprise context, it serves as the glue between the transactional data in SAP and regulatory reporting requirements. This is typically split into  VAT Determination (figuring out what the VAT treatment is and which tax code to apply), compliance (working out what to report in various  VAT declarations) and recently, continuous transaction controls (such as e-invoicing and ViDA in the EU). Over the last few years, this last part has put immense pressure on companies to ensure their tax data is correct first time, every time, while reducing the window of time they have to work on it.

 Unique Technological Challenges

Adding to the difficulty customers face, European enterprises are specifically impacted by two technological pressures.

The first is the SAP “Clean Core” philosophy, which causes heartache simply because no EU VAT SAP Standard API exists for consumption for either VAT Determination or VAT Compliance. At least one company that I am aware of postponed their move to SAP public cloud without this solution being available. This forces the adoption of a clean-core(ish) approach where we try to minimise ABAP and push as much to the other end as we can. As a technical challenge, it can only be mitigated.

The second, and far more structural challenge, is the impact of the US Cloud Act, which compels US-based companies to provide data in their “possession, custody, or control,” regardless of a server’s physical location. In addition, those companies are compelled to keep this provision secret. This has had the impact of driving demand for tax technology that respects European data sovereignty. The question “where is my data and is it secure?” has only grown louder as providers bring in AI agents which operate on US cloud-based LLMs.

 BTP vs Sovereign Cloud

While many US-headquartered providers are marketing “sovereign” solutions to address these concerns, an analysis reveals significant structural flaws in these offerings.

For organisations managing complex VAT requirements within the SAP ecosystem, it is essential to distinguish between data residency (where data sits) and data sovereignty (who has legal control over it).

 The Jurisdiction Trap: Why “EU Hosting” Does Not Equal Immunity

The most common strategy for overseas providers is to host their tax engines within European partitions of major hyperscalers (e.g., AWS or Oracle Sovereign Cloud). While this ensures data residency within the EU, it does not provide jurisdictional immunity from the US CLOUD Act.

  • The Conflict: The US CLOUD Act is extraterritorial. It compels US-based companies to provide data in their “possession, custody, or control,” regardless of the server’s physical location. If a single US-based engineer can logon to the system to fix a bug, then it is deemed to be within the provider’s control.
  • The Reality: If a tax technology provider is a subsidiary of a US parent company, the US government can legally compel the parent to retrieve data from its European instances.
  • How BTP helps: True sovereignty requires an architecture where the legal entity and the technical infrastructure are both purely EU-based. Utilizing the SAP Business Technology Platform (BTP) with restricted EU Access ensures that only EU-resident personnel manage the environment, creating a jurisdictional firewall that US-based providers cannot replicate

 The Modernisation Conflict: The Hidden Cost of Edge Computing

To bypass the CLOUD Act, some providers are retreating to “Edge” or on-premise models, arguing that keeping data behind the customer’s firewall is the only way to ensure security.

  • The Conflict: This approach directly contradicts the SAP S/4HANA “Clean Core” strategy. By forcing customers to maintain local hardware or private cloud “sidecars,” providers increase the cost of ownership and create significant integration debt.
  • The Reality: These siloed deployments often suffer from delayed updates and lack the elasticity of true SaaS. They essentially trade innovation for a sense of security that should be handled at the architectural level, not the hardware level.
  • How BTP helps: A BTP-native approach allows for cloud-native elasticity while remaining within the trusted SAP perimeter. This satisfies both the need for modern, automated tax compliance and the strict requirements of European data privacy laws without the burden of legacy infrastructure.

 The AI Data Risk: External Agents vs. Native Intelligence

The latest trend in the tax sector is the deployment of “Agentic AI” to automate VAT classification and audit workflows. However, for US-based providers, AI introduces a new layer of data exposure.

  • The Conflict: When an external AI “agent” processes VAT data, that data is extracted from SAP into a cloud provider’s application and then into a non-EU owned AI engine. Even if the data is “sanitized,” and the cloud application is on an EU server, the training models and the inference process remain subject to the jurisdiction of the provider’s home country and the LLM provider is also compelled to hand that information over.
  • The Reality: This creates “Integration Debt” and a fragmented security model where sensitive financial logic exists outside the core ERP and the customer has no way of knowing 100% that once it leaves their system, that data goes nowhere.
  • The Strategic Alternative: Privacy-First AI can be integrated natively into the SAP ecosystem. By leveraging SAP AI Core and SAP Joule within a sovereign BTP tenant, AI-driven VAT audits and classifications can be performed locally. This ensures that the intelligence—and the data it processes—never leaves the customer’s secure, EU-regulated perimeter. In essence, the data goes to zero locations.

For European tax and IT leaders, the choice of a VAT technology partner is no longer just about feature sets; it is about jurisdictional purity. Overseas providers may attempt to mask their exposure through hosting deals and localized agents, but the fundamental legal reality of the US CLOUD Act remains. It’s a trap that can be mitigated against but never truly resolved.

By building directly on the SAP BTP (SAP-Native and EU-Only), a provider offers the security, compliance, and “Clean Core” alignment.

Archiv