We have seen in over 30 projects with Mittelstand companies a consistent pattern: on-premises is the right choice when three or more of the following conditions apply.
1. Strictly regulated data flows. If the company falls under KRITIS, NIS-2 as an essential entity or GDPR-sensitive processing, data sovereignty becomes the defining factor. The NIS2UmsuCG (BGBl 2025/301) has been in force since 6 December 2025 and covers about 29,500 companies across 18 sectors. The CJEU ruling in Schrems II (C-311/18) remains the prevailing benchmark for any US data transfer.
2. High customisation depth. If the current ERP customising baseline contains 600 to 1,200 modifications over the past decade, a public-cloud migration is a re-implementation — and therefore a different project with a different risk and timing profile.
3. Existing hardware investment with remaining lifetime. If the on-site data centre was recently modernised, the OpEx narrative of cloud vendors becomes misleading. In practice we have tested the cloud TCO story against three real hardware remaining-lifetime curves at a Dreher Consulting client and the calculation came out in favour of on-premises every time.
4. Vendor lock-in avoidance. From our experience a public-cloud migration produces a tighter lock-in than a classic on-premises contract ever did. Data portability and exit clauses are rarely negotiable in SaaS terms; in maintenance contracts for on-premises licences they are.
5. Mission-critical availability independent of internet links. In manufacturing lines steered in real time by the ERP, cloud dependency is an operational risk that must be quantified before any architecture decision.
When cloud is the right choice
We do not advise a reflexive rejection of cloud. In a range of concrete scenarios — greenfield with no customising debt, seasonal load spikes, distributed sites without local IT depth, fit-to-standard mandates and cloud-only features — cloud ERP is the right choice. What matters is an honest workload inventory rather than a blanket leadership decision under vendor pressure.
In our projects we do not advise a reflexive rejection of cloud. In concrete scenarios cloud ERP is the right choice — and we have run several engagements where this recommendation closed the assessment.
1. Greenfield with no ERP history. Young companies and carve-outs without customising debt roll out faster in the cloud and inherit vendor innovation automatically.
2. Seasonal load spikes. Under extreme demand swings — mail-order at Christmas, seed suppliers in spring — elastic scaling beats owned investment.
3. Distributed sites without local IT depth. Twelve sites in eight countries without an on-site IT crew are pragmatically run from the cloud. Microsoft created additional options with Sovereign Public Cloud and Azure Local from late 2025.
4. Standardised processes with a fit-to-standard mandate. When leadership is ready to adapt processes to the software standard rather than the reverse, cloud plays to its strengths.
5. Features only available in the cloud. AI-assisted ERP features that a vendor ships only in the public-cloud variant — though the processing falls under the EU AI Act Implementation Timeline from August 2026, adding new control obligations.
A real Dreher decision in 2025/26
Anonymised case: a kitchen manufacturer in southern Germany, 480 employees, two plants, around 22,000 configured kitchens per year, S/4HANA migration decision. Parent-company mandate was public cloud; the recommendation after three workshops was a hybrid target picture — on-premises for production-adjacent modules, private cloud for commercial modules, public cloud for planning and analytics.
We have observed in our projects with DACH Mittelstand companies — consistently in over 30 projects with more than 250 employees in scope and an on-premises workload share of around 42 per cent across the kitchen manufacturer segment, plus equipment manufacturer and passenger info verticals — that the choice between on-premises and cloud is seldom technical and almost always settles at the intersection of regulation, contract law and customising baseline. Concrete example from 2025/26: a kitchen manufacturer in southern Germany with 480 employees, two plants, about 22,000 configured kitchens per year, S/4HANA migration decision with strong parent-company pressure toward public cloud.
We ran three workshops, scored five workloads separately and recommended a hybrid target picture: on-premises for production-adjacent modules with real-time configurator linkage, RISE with SAP private cloud for the commercial modules, public cloud for the planning and analytics stream. The methodical workload separation turned the discussion with the parent company.
In practice we have anchored the economic rationale to the DSAG Investment Report 2026: 42 per cent of S/4HANA budgets flow on-premises in 2026, 22 per cent into private cloud, 6 per cent into public cloud. That distribution is the majority of DACH Mittelstand decisions — and it empirically contradicts the “cloud-first is the only option” vendor narrative.
What most cloud-vs-on-premises debates won't tell you
Three facts get overlooked in vendor whitepapers and business press: the TCO myth rarely holds in practice, US hyperscalers carry a structural data-sovereignty gap via Schrems II and the DPF, and cloud repatriation in the DSAG 2026 survey is no longer a fringe phenomenon.
The standard debate in vendor whitepapers consistently leaves three facts off the table. In our projects we have learned to put those facts on the table first — contrary to widely repeated claims, the cloud decision is not self-evident once the Mittelstand context is honestly modelled.
1. The TCO myth rarely holds in practice
The claim “cloud TCO beats on-premises TCO over 5 to 7 years” holds in enterprise consulting — and is almost never defensible in a Mittelstand company with a maintained on-site infrastructure. From our experience cloud TCO models are calibrated against a worst-case on-premises straw man. As soon as the on-site data centre still has three to five years of remaining lifetime, three or more in-house IT employees are in place and the customising baseline is realistically quantified, the calculation flips. We recommend in our projects a seven-year model rather than the vendor's five-year version.
2. The data sovereignty gap of US hyperscalers
Schrems II invalidated Privacy Shield in 2020. The successor framework — the Data Privacy Framework — survived its first annulment challenge before the EU General Court in September 2025, but it rests legally on a US executive order that a future US president can revoke at any time. On-premises is structurally immune to a Schrems-III scenario — a property that does not appear in vendor decks. The new BSI C5:2026 catalogue with 168 criteria addresses part of this gap but does not close it.
3. Cloud repatriation is no longer a fringe phenomenon
In the DSAG 2026 investment survey, 42 per cent of S/4HANA budgets flow into on-premises, 22 per cent into private cloud and only 6 per cent into public cloud. That distribution typically does not appear in vendor presentations — it contradicts the “cloud-first is the only option” narrative too plainly. In practice we have guided a repatriation from public cloud at a Dreher client in the environmental technology vertical when the NIS-2 supply-chain and reporting obligations became unambiguous.
Our take
The binary cloud-vs-on-premises framing is a vendor invention. The real Mittelstand answer is a workload-specific split with contractually anchored exit clauses and a documented repatriation scenario per productive cloud workload.
How we methodically approach cloud-vs-on-premises decisions
We apply a four-stage method: workload inventory, regulatory mapping, real-world TCO model and exit scenarios. The method is embedded in our vendor-independent SCOReX®-oriented selection framework and produces one architecture recommendation per workload rather than a blanket call.
We apply a four-stage method in our projects: workload inventory, regulatory mapping, real-world TCO model and exit scenarios. The method remains vendor-neutral by design.
Stage 1 — Workload inventory. We decompose the ERP estate into 12 to 18 workloads. Each workload receives a data classification, an availability requirement and a customising-depth rating. From our experience, projects without this stage fail because “ERP” is treated as one block rather than a portfolio.
Stage 2 — Regulatory mapping. Per workload we check NIS-2 classification, GDPR Art. 44-49 transfer obligations, BSI C5 relevance, EU AI Act risk class and vertical rules such as GxP, IATF 16949 or TISAX. The BSI C5:2026 requirements become mandatory for audit engagements from 1 June 2027.
Stage 3 — Real-world TCO model. We compute seven-year TCO with genuine Mittelstand parameters: remaining data-centre lifetime, available IT headcount, realistic cloud consumption patterns and re-implementation effort. The model is anchored to the SAP S/4HANA Innovation Commitment to 2040, which defines the innovation horizon for on-premises.
Stage 4 — Exit scenarios. For every cloud workload we define contractually how data portability, repatriation and handover to an alternative provider are governed. The EU AI Act Implementation Timeline tightens this requirement for AI workloads further. Without explicit exit clauses the architecture decision is not finished.
Decision-criteria checklist
Twelve yes/no questions for managing directors and IT leaders. A majority of “yes” answers points to on-premises; a majority of “no” answers points to cloud; a mixed picture indicates a hybrid architecture.
Majority “yes” points to on-premises; majority “no” points to cloud; a mixed picture indicates a hybrid architecture.
1.Do your ERP data fall under KRITIS, NIS-2 (essential entity) or supply-chain law?
2.Have you applied more than 400 ERP modifications over the past ten years?
3.Does your current data centre still have more than three years of remaining lifetime?
4.Do you have at least three in-house full-time IT positions with ERP scope?
5.Are your manufacturing lines real-time-critically connected to the ERP?
6.Do your existing SaaS contracts contain concrete exit clauses?
7.Do your customers or auditors explicitly reject US-cloud processing?
8.Would a three-hour internet outage halt your operational business?
9.Do you have a documented repatriation scenario for every productive cloud workload?
10.Is your leadership prepared to adapt processes to the software standard?
11.Can you forecast annual public-cloud consumption stably over three years?
12.Do you have enough negotiation leverage to amend a hyperscaler contract within two rounds?
Our take
More than eight “yes” — on-premises or sovereign cloud. Fewer than six “yes” — cloud, with strict exit-clause discipline.
Frequently asked questions
Next steps
The cloud-vs-on-premises decision in the Mittelstand in 2026 is not an IT-only decision. It is a leadership and strategy question — and it gets worse under vendor pressure. We run the four-stage method with you: workload inventory, regulatory mapping, real-world TCO model and exit scenarios. More on our methodology on independent ERP consulting and in our overview of digitalisation services.
30 minutes with Dr Dreher
A structured review of your workload architecture, the four-stage method and a clear per-workload recommendation — vendor-independent.
