In the SAP world, artificial intelligence has become the new normal thanks to Joule and intelligent cloud solutions. However, since the EU AI Act came into force on August 1, 2024, new rules apply. The German government emphasizes the need to strike a balance between protecting our fundamental rights and promoting innovation “made in Europe.”
For companies that use or implement SAP, this means they must know which risk class their applications fall into in order to operate in compliance with the law.
The EU AI Act requires SAP users to assess their AI applications for risks and to comply with strict transparency rules, particularly in human resources. Starting in February 2025, companies must also demonstrate that their employees are competent in using AI (AI literacy). Those who ignore these rules risk fines of up to 35 million euros.
EU member states have passed the world’s first law to comprehensively regulate artificial intelligence. The goal is to ensure that we use AI systems in a way that is safe and protects our fundamental rights. Since SAP systems often form the core of critical business processes—from financial planning to human resources management—these rules have a particularly profound impact here.
Many people share this sentiment. SAP takes a very consistent approach here: if you want innovation, you have to move to the cloud. But SAP isn’t alone in this—Microsoft, Salesforce, and Oracle are all adopting a cloud-first strategy. The question is no longer whether companies need to embrace the cloud, but when and how. The key is to chart your own course rather than simply reacting to external pressure.
Regulators assess AI applications based on the extent to which they could pose a risk to people. For you as an SAP user, this classification is crucial because it determines your legal obligations:
However, the transition to the cloud is far more than just a technical system change. It affects processes, roles, operating models, and ultimately corporate culture as well. Companies must ask themselves: How standardized do we want our operations to be? How quickly do we want to adopt innovations? And how do governance and accountability change in a cloud environment? Those who address these questions early on will find the migration process significantly easier.
The EU AI Act has a particularly direct impact on SAP users in manufacturing, logistics, and financial management. High-risk classifications are a risk wherever predictive analytics are used to make credit decisions or where BTP-based AI modules control safety-critical processes in manufacturing. In such cases, companies must ensure the highest possible data quality and guarantee full transparency to regulatory authorities.
In industries such as wholesale or within large corporations, automated decision-making is commonplace. However, the AI Regulation sets clear limits for your SAP applications in this regard:
In e-commerce, we often encounter chatbots or personalized recommendations.
Tip for SAP users: When using SAP BTP or specific UNIORG add-ons, check carefully which AI functions are active. While a simple spam filter is hardly regulated, intelligent forecasting tools often require a detailed risk assessment.
SAP application | Risk class (example) | Primary duty |
Financial Management (Credit Review) | High-risk | Data Quality & Bias Check |
CRM / Joule (Chatbots) | Limited | Labeling requirement |
Predictive Analytics (Maintenance/Safety) | High-risk | Human supervision |
SAP ERP (Standard Search) | Minimal | No special requirements |
Did you know that you are legally required to train your employees on how to use AI? As of February 2, 2025, the EU AI Act mandates what is known as AI literacy. The goal: Everyone in the company who works with AI systems must understand how they work, their limitations, and the risks involved.
It is no longer enough to simply activate new features like SAP Joule or intelligent add-ons. You must ensure that your business departments can critically evaluate the results of AI.
First, identify all active AI systems in your company—both standard SAP functions and third-party solutions. Document exactly where you use them (e.g., in Financial Management or Predictive Analytics) and assign them to a risk class.
Appoint clear AI leads or a project team to monitor compliance with the rules. Define internal processes: Who checks data quality? Who documents the AI’s decisions? Establish close coordination with your data protection and compliance departments.
Review your contracts with AI providers for liability and compliance. Ensure that your partners are already fully implementing the EU AI Act.
The EU AI Act is not an innovation killer, but a true seal of quality for European companies. By making your SAP processes transparent and secure now, you will gain the most valuable asset of the digital age: the trust of your customers and employees. Take action now, before the transition periods finally expire in August 2027.
