In a time when Artificial Intelligence (AI) is considered the engine of digitalization, the US company OpenAI and the German software giant SAP have announced a cooperation that is captivating the German public. Under the banner "OpenAI for Germany," AI technology is to be introduced in administrations, schools, universities, and research institutions starting in 2026. Millions of employees are expected to digitize mountains of files, speed up citizen services, and gain more time for people. SAP CEO Christian Klein praised the project as a "huge step forward," while OpenAI founder Sam Altman, who will be honored with the Axel Springer Award in Berlin this evening, celebrated it as an opportunity for Germany to "share the benefits of AI nationwide."
The deal promises efficiency gains: automated record-keeping, faster data analysis, and personalized learning aids in schools. The cooperation will be operated on SAP's Delos Cloud, a subsidiary based in Germany that uses Microsoft's Azure technology. The infrastructure is to be expanded to 4,000 GPUs to scale AI applications. Experts estimate that by 2030, this could contribute up to 10 percent of Germany's GDP through AI-driven value creation – a milestone for the national AI strategy.
However, behind the promising promises lie fundamental risks that the German public hardly perceives. This deal unknowingly opens doors for US intelligence agencies, particularly the National Security Agency (NSA), and creates ideal conditions for American economic espionage. Germany, which presents itself as a pioneer in data protection, is blindly marching into a trap created by US laws and dependence on tech giants. Below, we explain why this is the case – based on established facts and legal analyses.
The Illusion of "Sovereignty": US Tech as a Trojan Horse
At first glance, everything sounds flawless: data remains in German data centers, subject to GDPR and BSI regulations. However, the technical basis is purely American. OpenAI, based in San Francisco, provides the core AI models like ChatGPT. Microsoft Azure, also US-based, hosts the cloud. Even the chips in the servers come from Nvidia in California. This dependence is no accident, but the result of market dominance: US companies control over 60 percent of the global cloud market, and Europe lacks comparable infrastructure.
The problem is escalating due to the US CLOUD Act of 2018. This law allows US authorities to compel American companies to disclose data – regardless of where it is stored. Even if sensitive administrative data (e.g., tax records, student profiles, or research data) is physically stored in Germany, the NSA or the FBI can force Microsoft or OpenAI to grant access via court order. The Act is extraterritorial: it ignores EU law and does not require prior notification of European authorities. In 2019, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) already warned: the CLOUD Act directly conflicts with the GDPR, as it prioritizes US surveillance laws (like FISA 702) that do not offer adequate protection rights. In practice, this means: the NSA could access personal data of millions of Germans upon request, without Berlin finding out.
Previous Snowden revelations showed that the NSA routinely taps into Azure data streams – including in Europe. In 2015, Microsoft even built data centers in Germany to escape the NSA, but failed due to the CLOUD Act's reach. Today, with AI in play, the risk is exponential: AI models learn from user data and implicitly store sensitive information such as decision-making processes in authorities or scientific findings.
Economic espionage: from the NSA to the US economy – an open secret
The deal is not only a data protection disaster but also a gateway for economic conflicts of interest. The NSA has been conducting economic espionage against allies like Germany for decades. Snowden documents from 2014 revealed that the NSA used 40,000 search parameters against German companies and ministries – including targets in business and defense. Former NSA Director William Binney confirmed: the agency shares collected data with US companies to create competitive advantages. In Germany, such espionage causes annual damages of 53 billion euros, mainly due to US activities.
In the context of AI, this escalates: Public AI applications process data from administration (e.g., economic statistics) and research (e.g., patents, innovations). This flows into OpenAI's models, which in turn are used by US companies. Nvidia, Microsoft, and OpenAI could thus gain insights into German strengths such as mechanical engineering or pharmaceuticals – and pass them on to competitors. A study by the American Economic Review shows that such data theft closes productivity gaps; conversely, it weakens Europe. Nine percent of German companies have fallen victim to espionage in the last five years, often through US clouds.
Why doesn't Germany notice? The trap of naivety and dependence
Germany is falling asleep because the deal is marketed as "sovereign" – a myth cultivated by SAP, Microsoft, and OpenAI. Politically, it fits perfectly: the federal government aims for digitalization without building its own AI infrastructure. The GDPR seems to offer protection, but the ECJ ruling "Schrems II" (2020) made it clear: US surveillance laws make transfers illegal as long as there are no guarantees. Nevertheless, the deal is being pushed forward without broad debate. The BND's cooperation with the NSA (since 2002) reinforces this blindness: German intelligence services rarely warn about US espionage because they are dependent themselves.
Experts demand: Instead of US tech, Europe needs its own clouds like GAIA-X. Encryption with EU keys and exit strategies are essential. Without them, Germany risks losing its sovereignty – while US companies profit.
This deal could be a turning point: progress or trap? Tonight's ceremony with Altman urges vigilance. Germany must wake up before the AI doors are permanently open.
