Key Takeaways

  • The five highest-risk digital access scenarios are: unexpected DAAP true-up claims, S/4HANA migration exposure, RISE with SAP contract traps, automation and RPA liability, and governance breakdown during digital transformation.
  • DAAP true-up claims of €1M–€10M are not rare — they are the routine outcome for enterprises that have not run independent measurement and built their own compliance position.
  • S/4HANA migration is the single most common trigger for new digital access exposure, because integration architectures change and DAAP re-baselining is rarely included in migration contracts.
  • SAP RISE agreements frequently include digital access terms that are materially worse than the pre-RISE DAAP agreement — this is rarely disclosed by SAP's account team.
  • Every risk described here has a proven mitigation — the common thread is acting before SAP acts, with independent data and independent representation.

SAP digital access optimisation risks are not theoretical. They are playing out in finance offices, ITAM teams, and legal departments across every major industry sector. The pattern is consistent: an enterprise runs its SAP landscape with complex integrations for years, assumes digital access is managed, then receives a compliance notice — or a renewal proposal — that reveals multi-million-pound exposure. This article maps the five highest-risk scenarios and provides concrete mitigation for each.

Understanding these risks is the prerequisite for effective SAP digital access optimisation. Without a risk framework, optimisation programmes address the wrong problems or sequence their actions in a way that creates new exposure while resolving old ones. The following is drawn from our SAP licence optimisation advisory practice across 80+ enterprise engagements.

Risk 1: Unexpected DAAP True-Up Claims

High Severity

Uncontested DAAP True-Up Claims

The Risk

Your DAAP agreement includes a true-up mechanism — typically annual or at the end of the contract term — allowing SAP to charge for document volumes that exceed the contracted baseline. Most enterprises have no independent measurement of their actual document volumes, and accept SAP's USMM-based counts without challenge. True-up claims ranging from €500K to €10M+ are common outcomes.

The Trigger

SAP's account team initiates a "licence position review," requests a self-declaration of USMM data, or sends a formal true-up notice. In many cases, the first indication is a renewal proposal that includes a higher DAAP baseline — implying that the customer is already over-contracted relative to SAP's measured volumes.

Mitigation

Run quarterly USMM extractions and maintain an independent document count. Build your exclusion inventory (reversed documents, background job-created documents, SAP middleware-originated documents) before any SAP-initiated review. If a true-up notice arrives, pause all data submission to SAP and engage independent advisers before responding. Independent measurement reduces final agreed claims by 40–70% on average. See our SAP audit defence service if a formal compliance review is already in progress.

Risk 2: S/4HANA Migration Digital Access Exposure

High Severity

Migration-Triggered DAAP Re-scoping

The Risk

S/4HANA migrations change integration architectures, and the new integrations may create digital access obligations that did not exist under ECC. SAP migration contracts rarely include DAAP re-baselining provisions — meaning SAP retains the right to measure your new S/4HANA landscape against your existing DAAP agreement, which was designed for your ECC integration architecture.

The Trigger

Six to eighteen months after go-live, SAP requests an updated USMM measurement. The new S/4HANA integration landscape generates significantly higher document counts than the legacy ECC estate, often due to new API-based integrations, additional connected SaaS applications, and automation layers added as part of the digital transformation programme. The resulting claim is frequently twice the pre-migration DAAP obligation.

Mitigation

Before signing an S/4HANA migration contract, commission an independent digital access impact assessment. This maps the new integration architecture against DAAP exposure, identifies architectural alternatives that reduce document creation, and establishes a re-baselining provision in the migration contract that gives you contractual protection post-go-live. Our S/4HANA migration licensing advisory includes DAAP scoping as a standard component.

⚠ Post-Migration DAAP Exposure is Underreported

Based on our advisory engagements, more than 60% of enterprises that completed an S/4HANA migration in 2020–2024 are carrying undisclosed digital access exposure that they do not yet know about. SAP is systematically working through these estates with compliance reviews. If you have migrated to S/4HANA without an independent digital access audit, the question is not whether you have exposure — it is how much.

Risk 3: RISE with SAP Contract Digital Access Traps

High Severity

RISE Digital Access Terms Worse Than Pre-RISE DAAP

The Risk

RISE with SAP contracts include digital access provisions, but the specific terms are determined in negotiation — and SAP's default RISE digital access terms are typically less favourable than the pre-RISE DAAP agreement they replace. Key risk areas include: reduced exclusion categories (fewer document types qualify for exclusion), lower volume thresholds before true-up charges apply, and measurement methodology provisions that give SAP's team more discretion.

The Trigger

This risk materialises either at contract signing (the RISE digital access terms are agreed without independent scrutiny) or at the first true-up review under the RISE agreement (when the less favourable terms result in a higher-than-expected charge). The commercial pressure during RISE sales processes is significant — SAP's account team presents the overall RISE deal as an improvement, and the digital access provisions are buried in the contract schedules.

Mitigation

Before signing any RISE with SAP agreement, commission an independent review of the digital access provisions specifically. Compare the proposed RISE digital access terms against your existing DAAP agreement clause by clause. Negotiate RISE digital access terms that include: the same exclusion categories as your pre-RISE DAAP, a re-baselining mechanism at migration go-live, and a measurement methodology provision that allows customer-submitted data. Our RISE with SAP advisory service includes digital access contract review as a standard deliverable.

Risk 4: RPA and Automation Digital Access Liability

Medium–High Severity

Bot and Automation Document Creation Liability

The Risk

RPA bots, AI agents, and automation scripts that create SAP documents are a contested area of DAAP liability. SAP's current position is that all automated document-creation events are chargeable unless explicitly excluded by contract. Enterprises deploying RPA at scale — particularly in finance (automated journal entries), procurement (automated purchase orders), and order management (automated sales orders from e-commerce) — can accumulate significant automated document volumes that are not reflected in their DAAP baseline.

The Trigger

RPA deployments typically scale rapidly once initial automation programmes prove their ROI. A finance automation programme that starts with 50,000 journal entries per year can reach 2 million within 18 months. DAAP agreements signed before the RPA programme was in scope have no provision for this volume, and SAP's true-up methodology captures all automated document creation events.

Mitigation

The most effective mitigation is contractual: amend your DAAP agreement to include a "sponsored agent" provision, establishing that bots operating on behalf of named SAP users (who hold valid named-user licences) are covered under the existing named-user licence for document creation purposes. This position has been successfully negotiated in multiple engagements. Where contractual amendment is not achievable, architectural mitigation — routing automated document creation through SAP-licensed middleware — can reduce chargeable events. Our SAP indirect access advisory team handles RPA-specific DAAP structuring.

Risk 5: Governance Breakdown During Digital Transformation

Medium Severity — Compounding

New Digital Transformation Projects Creating Hidden DAAP Liability

The Risk

Every new digital transformation initiative — a new SaaS application, an IoT deployment, a new API-based integration, an analytics platform — potentially creates new digital access liability. Without DAAP governance embedded in the change management process, these liabilities accumulate invisibly. Two or three years of unmanaged digital transformation can double or triple digital access exposure without anyone noticing until SAP runs a compliance review.

The Trigger

The trigger is typically either a SAP-initiated audit or a DAAP renewal discussion. When SAP presents its USMM data for the renewal, the enterprise discovers that document volumes have grown far beyond the contracted baseline — often because five or six new integrations, each approved independently, have collectively created material new exposure.

Mitigation

Embed a mandatory DAAP impact assessment into your enterprise architecture review and change management process. Any new integration connecting a third-party application to SAP requires a documented DAAP assessment — estimated document creation volume, contract scope coverage, and whether architectural alternatives exist. This is a one-to-two page process addition to your existing governance framework, but it prevents multi-million-pound liability from accumulating invisibly. See our digital access checklist and action plan for the specific governance templates.

Risk Assessment Matrix: Where Does Your Enterprise Stand?

The following quick diagnostic helps you assess which of these five risks is most acute for your estate:

  • Have you run an independent USMM extraction in the last 12 months? If no, Risk 1 is immediate.
  • Have you migrated to S/4HANA since 2020 without an independent digital access review? If yes, Risk 2 is likely materialised but not yet visible.
  • Are you in active RISE negotiations, or have you signed a RISE agreement without independent legal review? If yes, Risk 3 requires urgent attention.
  • Do you have RPA or automation programmes creating more than 100,000 SAP documents per year? If yes, Risk 4 is your highest-priority commercial issue.
  • Have you launched three or more new SaaS or digital transformation initiatives in the last 24 months without a DAAP assessment? If yes, Risk 5 is compounding.

If you answered yes to two or more of these questions, engaging in a SAP licence optimisation review before your next SAP commercial interaction is strongly advisable. The cost of mitigation before a SAP-initiated review is an order of magnitude lower than the cost of settling after one.

Risk Assessment

Identify Your DAAP Risk Exposure in 5 Days

Our rapid digital access risk assessment gives you a prioritised risk inventory, independent document count, and a structured mitigation roadmap — before SAP raises a claim.

Book Your Free Risk Assessment →

Frequently Asked Questions

Do not respond to SAP's claim or submit USMM data until you have run independent measurement. Your first response creates a baseline for negotiation — responding with SAP's numbers, or submitting USMM data without independent review, concedes your strongest negotiating position. Engage independent advisers immediately, run your own USMM and integration log extraction, build your exclusion inventory, and only then engage SAP with your counter-position.

Partially. Some enterprise SaaS vendors — particularly major CRM and procurement platforms — include indemnification clauses in their agreements covering SAP indirect access or digital access claims arising from their integration with your SAP system. These provisions are worth identifying and activating if you face a DAAP claim related to a specific vendor integration. However, most SaaS agreements do not include this provision, and even where they do, the indemnification is usually capped and conditional.

In some respects, yes. Cloud SAP deployments under RISE or GROW include digital access provisions that are integrated into the subscription agreement — meaning SAP has contractual visibility into your usage patterns and can act on true-up opportunities more systematically than with on-premise customers. On-premise customers retain more control over USMM scheduling and data submission. However, the absolute exposure amount depends on integration volume, not deployment model.

If you are evaluating an SAP replacement — whether a full system migration to Oracle, Microsoft Dynamics, or a hybrid approach — your existing digital access obligations remain until the SAP contracts are formally terminated or expired. An active DAAP dispute or undisclosed true-up exposure can significantly complicate contract termination. Resolving digital access risk before initiating a competitive evaluation gives you a cleaner commercial position for exit negotiations.

SAP Digital Access Optimisation — Complete Series

👤

SAP Licensing Experts Advisory Team

Independent SAP Licensing Advisory

25+ years of combined SAP licensing expertise. Former SAP licence executives, audit specialists, and enterprise contract negotiators. 100% buyer-side — zero commercial ties to SAP SE.