Indirect Access in SAP M&A: Hidden Licensing Traps
Why Indirect Access Is a Major Risk in M&A
Mergers and acquisitions (M&A) can introduce hidden pitfalls related to SAP licensing. Chief among these is indirect access (also called “digital access”) – when a third-party system or application connects to SAP software.
SAP’s strict licensing model requires that any use of SAP data or functionality, even via non-SAP systems, must be properly licensed. During an M&A integration, companies often integrate previously separate systems (such as CRM, HR, e-commerce, analytics, etc.) with SAP.
This indirect usage can quietly accumulate huge license liabilities if not addressed upfront. Read our guide for a full overview of all SAP Licensing & Mergers and Acquisitions risks.
SAP is well aware that M&A activities often result in unlicensed indirect access. SAP’s sales and audit teams often treat a merger as an opportunity to identify compliance gaps and push for additional licenses.
The moment two IT landscapes start to integrate, SAP may leverage the situation to demand new license revenue. Without vigilance, an acquiring company might suddenly face a surprise audit or a hefty bill for unlicensed “digital access” once systems are connected.
In short, indirect access poses a significant risk in M&A because it can be inadvertently triggered and is potentially very expensive to remediate after the fact.
How SAP Defines Indirect Access
Understanding SAP’s definition of indirect access is key to avoiding these traps. In SAP terms, direct access occurs when a human user logs into an SAP system (e.g., using the SAP GUI or an SAP application) and performs transactions or queries.
Each direct user typically needs a named user license. Indirect access, by contrast, occurs when SAP is accessed through a third-party application, interface, or automated process without a person directly logging into the SAP system. This could be another software system sending data to or pulling data from SAP in the background.
SAP now often uses the term “digital access” to describe licensing for indirect usage, especially in the context of SAP ERP or S/4HANA. Under the digital access model, the focus is on licensing the documents or transactions created in SAP by external systems, rather than licensing every individual user.
For example, imagine your sales team uses Salesforce CRM, and it’s integrated with your SAP ERP. When a salesperson enters a new customer order in Salesforce, that integration might automatically create a sales order document in SAP.
No one logged into SAP directly, but SAP would consider that the Salesforce user was indirectly using SAP functionality. In the old licensing model, SAP might insist you purchase an SAP user license for each Salesforce user.
In the digital access model, SAP instead counts that one Sales Order document created by the external system and requires a license for that document type.
Common Triggers of Indirect Access in M&A
During an M&A, IT teams rush to integrate systems to achieve business synergies.
In doing so, they often unknowingly trigger indirect access. Common scenarios include:
- CRM to SAP Backend Integration: After a merger, a company might connect a system like Salesforce (CRM) to the SAP ERP backend. For instance, customer or sales data from Salesforce could be automatically written into SAP. This CRM integration is a classic indirect access trigger – every Salesforce user creating SAP records or retrieving SAP data may count as indirect usage.
- HR/Payroll System Connections: It’s common to integrate HR systems (e.g., Workday, SuccessFactors) or payroll applications with SAP finance or HCM modules post-merger. If an acquired company’s HR system starts feeding employee data or salary transactions into the parent company’s SAP system, those actions constitute indirect access. Every HR record update flowing into SAP can increment the indirect usage count.
- E-Commerce and Portal Connections: M&A integration often involves linking e-commerce platforms, supplier portals, or customer self-service portals to the main SAP system. For example, an acquired online store might be hooked into SAP for inventory and order processing. Suddenly, thousands of customers or suppliers interacting through a web portal are indirectly hitting the SAP database. This can trigger a massive count of indirect usage because SAP could view each external user or each transaction as requiring a license.
- Business Intelligence and Data Lakes: Companies frequently connect data warehouses, BI tools, or data lakes to the SAP ERP to consolidate reporting after a merger. Extracting large volumes of transactional data from SAP or writing back insights can also fall under indirect access. Even if read-only, some SAP contracts count certain data extractions as document creations (for example, generating an analytic report might create a “read document” record). These integrations, if not carefully licensed, might lead to SAP claiming you owe for every document or dataset pulled by external analytics tools.
In summary, any integration where a non-SAP system interacts with SAP – whether pushing data in or pulling data out – is a potential indirect access trigger.
During mergers and acquisitions (M&A), the likelihood of successful integrations increases as organizations combine different IT ecosystems.
Read about the risks – SAP Change of Control Clauses Explained: Risks in M&A Deals.
Risks of Ignoring Indirect Access During M&A
Failing to address indirect access compliance during a merger can result in severe consequences.
The risks fall into a few categories:
- Compliance Risk: SAP can assert that unlicensed indirect usage violated your contract. This often results in retroactive license claims for the period of unlicensed use. In other words, SAP may audit you and demand payment for the indirect access that has been occurring since the integration went live. Such claims can cover months or years of usage you never accounted for, creating a sudden liability.
- Financial Risk: The cost impact of indirect access can be massive. SAP may require you to purchase new license types (such as digital access document packs or additional named user licenses) to rectify the compliance gap. These costs are often unbudgeted and can run into millions of euros. For example, SAP’s Digital Access licensing charges by volume of documents (such as sales orders and invoices) created indirectly – if your integrated systems generate large volumes, the bill could be substantial. Alternatively, under older rules, SAP might count each external user or device as needing a license, which could far exceed your expectations (imagine having to license thousands of portal users individually).
- Integration/Operational Risk: Licensing disputes can delay critical integration projects. If SAP identifies non-compliant indirect usage, they may insist that you halt certain system connections or delay go-live on integrations until the licensing issue is resolved. In worst cases, a merger’s IT integration could be partially frozen while negotiations drag on. This disrupts the business benefits of the merger and acquisition. Even if systems aren’t shut down, the distraction and resources required to address an SAP audit can derail IT’s integration timeline.
Consider a real-world example: One post-acquisition firm connected an acquired company’s HR system to its central SAP ERP for consolidated payroll and employee management.
A year later, SAP audited the merged environment. The result was an €8 million claim for indirect access – SAP argued that thousands of employees’ data updates flowing from the new HR system into SAP over the year amounted to unlicensed usage.
The company had to scramble to negotiate a settlement and purchase additional licenses after the fact, a very costly “gotcha” that could have been avoided with upfront planning.
The table below illustrates several indirect access triggers, their potential risk impact, and ways to mitigate the exposure:
| Trigger Integration | Example Scenario | Risk Impact (if Unaddressed) | Mitigation Strategy |
|---|---|---|---|
| CRM Integration | Salesforce writes orders into SAP ERP | Salesforce users counted as SAP users; unlicensed transaction volume | Negotiate SAP digital document licenses or a transaction volume cap to cover these orders. |
| HR System Connection | Workday pushes employee data to SAP HCM | Each employee record update counted as SAP use; could incur license fees for all employees | Include the HR system usage in SAP contract (affiliate use) or secure a grace period for these integrations in writing. |
| E-Commerce Portal | Online store updates SAP inventory and creates sales orders | Thousands of external customers indirectly using SAP (huge user count exposure) | Use an API or external user license bundle, or switch to document-based licensing to cap portal transaction costs. |
| BI / Data Warehouse | Data lake pulls SAP sales and finance data nightly for reporting | Bulk data extraction counted as document creation; risk of retroactive license claim | Limit integration to read-only queries or obtain a written exclusion for analytics access. |
Ignoring indirect access issues is essentially a high-stakes gamble. The financial impact of an unexpected SAP compliance claim can wipe out any cost synergies the merger was intended to create.
It’s far safer and more prudent to tackle these risks early, as part of the M&A planning process, rather than reactively in the aftermath of an audit.
Assessing Exposure During M&A
To prevent nasty surprises, IT leaders and procurement teams should assess indirect access exposure as part of M&A due diligence.
Here are key steps to follow during or immediately after a merger announcement:
- Map Your SAP Landscape and Licenses: Perform a comprehensive review of all SAP contracts and license entitlements across both the acquiring and acquired organizations. Pay special attention to any clauses related to indirect or digital access. Determine what your current SAP licenses do and do not cover. At the same time, inventory the SAP systems in use (e.g., ERP, S/4HANA, cloud applications such as Ariba or SuccessFactors) and note how they connect to other systems.
- Identify Third-Party Integrations: Create an integration architecture diagram that highlights all non-SAP systems interfacing with SAP. This should include CRM, HR, e-commerce platforms, supplier/customer portals, business intelligence tools, middleware, and even homegrown applications that read or write SAP data. Understanding every touchpoint is crucial. If you are acquiring a company, include the acquired firm’s systems that will connect to your SAP (or vice versa). Each integration is a potential indirect access route.
- Quantify Data Flows and Document Counts: For each integration, estimate how much data or how many business documents pass through to SAP. For example, how many sales orders will the new CRM create per month in SAP? How many employee records are updated from the HR system each payroll cycle? How many queries will the data warehouse run against SAP? Having a sense of the transaction volume helps evaluate the potential impact of licensing. It also positions you to negotiate effectively (you can compare SAP’s digital access pricing to the actual volume you expect).
- Benchmark SAP’s Digital Access Costs: Gather information on SAP’s pricing for digital access documents or any relevant license type for indirect use. This is important for understanding your worst-case financial exposure. For instance, if SAP charges €X per 1,000 documents of a certain type, and your integration will create 1 million such documents, you can forecast the cost. Compare this with alternative approaches – sometimes an SAP engine license or a different integration method might be more cost-effective. The goal is to determine what SAP is likely to charge and to explore whether there are alternative technical or licensing solutions to reduce that cost.
By thoroughly assessing the landscape in this way, you can pinpoint where the merger could trigger indirect access fees.
This lets you get ahead of the problem – either by adjusting integration plans or by preparing for negotiation with SAP to cover the new usage on favorable terms.
Negotiation Strategies for Indirect Access
Once you’ve identified potential indirect access exposure, the next step is to proactively negotiate with SAP to contain costs and limit liability.
Consider these strategies when dealing with SAP on indirect access during M&A:
- Leverage Digital Access Document Caps: Rather than leaving exposure open-ended, push SAP to agree to a capped number of digital documents per year for a fixed fee. For example, negotiate a license that covers up to a certain volume of documents (such as sales orders, invoices, etc.) generated by indirect access annually. This converts an unpredictable cost into a fixed, budgetable one, preventing SAP from later charging for every single document exceeding the cap.
- Bundle Indirect Usage into Enterprise Agreements: If you are consolidating or renewing an SAP agreement after a merger, explicitly include indirect usage in the agreement. Negotiate an enterprise-wide license or amendment that covers all current and future integrations by the merged company. For instance, secure a bulk license covering a large number of external users or API calls at a discounted rate. The key is to address indirect access in the contract language so it’s not left ambiguous or subject to later interpretation.
- Secure Transition Grace Periods: In many M&A scenarios, you need to integrate systems immediately for business continuity, even if the new SAP terms have not been finalized. To avoid compliance gaps, request a written grace period or transitional license from SAP. For example, agree that for 6–12 months post-merger, any new cross-system usage will not trigger an audit finding or incur fees. This gives you time to negotiate permanent licenses. Ensure this is documented (e.g., in an addendum) so you have official permission during the transition.
- Clarify and Narrow Definitions: Scrutinize how your SAP contract defines ‘indirect use’ or ‘digital access’. Insist on clear, specific definitions that limit what counts as indirect usage. If SAP’s standard wording is too broad (e.g., “any third-party access requires a license”), negotiate clarifications – for example, exclude read-only data retrieval or interactions that involve no core SAP transaction. By narrowing the definition, you prevent SAP from stretching it later to cover scenarios you never intended to license.
In summary, leverage the merger to negotiate indirect access terms upfront. Nearly everything is negotiable – usage metrics, license caps, exceptions – so bake these protections into your SAP contract now to avoid unpleasant surprises later.
Example Scenario — IT Leadership Neutralizes an Indirect Access Trap
In a post-merger integration, Company A (running SAP ERP) acquires Company B (using Salesforce as its CRM). When IT links Company B’s Salesforce system to Company A’s SAP environment, SAP quickly flags a compliance issue.
They claim that approximately 5,000 Salesforce users at Company B will now indirectly use SAP, and thus each of these users requires a valid SAP license.
In SAP’s view, the merged company is suddenly 5,000 licenses short, and SAP initially demands that Company A purchase these additional licenses, at a cost of roughly €12 million.
Fortunately, Company A’s IT leadership anticipated this trap. During the merger planning, they analyzed Salesforce-to-SAP transaction volumes and negotiated a digital access license in advance to cover the integration.
Under the new agreement, all Salesforce-originated transactions are covered by a flat annual fee (around €2 million) rather than requiring individual user licenses. So when SAP raises the indirect access claim, the company is prepared – the contract’s terms already permit the Salesforce integration without extra per-user fees.
Instead of facing a surprise €12M bill, the cost is capped and budgeted. The integration proceeds on schedule, and the company effectively neutralizes the hidden licensing trap before it can spring.
IT Leadership Checklist for Indirect Access in M&A
Every merger or acquisition involving SAP should have IT leaders run through an indirect access preparedness checklist. Use the following list to ensure you haven’t missed critical steps:
☐ Audit current SAP contracts for indirect/digital access terms. Verify if your existing agreements contain clauses that define or limit indirect use, or include special terms that cover third-party interfaces.
☐ Map all third-party systems that connect to SAP. List your CRM, HR platform, web portals, databases, etc., including any systems from the acquired company, that exchange data with SAP.
☐ Quantify indirect usage/document flows. Estimate how many transactions or documents each integrated system will push into or pull from SAP (per month or year).
☐ Negotiate coverage (caps or enterprise use) for new integrations. Work with SAP to include the expected indirect usage in your license — whether via digital document caps, an enterprise license, or specific API user packages.
☐ Secure a transition period in writing. If you need to integrate systems immediately, get written assurance (e.g. a contract addendum) from SAP that you have a grace period to operate new integrations without penalty while you finalize licensing.
☐ Benchmark SAP’s digital access model vs alternatives. Compare SAP’s indirect licensing costs with other options (such as alternative license types or technical changes to reduce SAP usage); choose the approach that best controls cost and compliance risk.
5 Recommendations for IT Leaders
To conclude, here are five strategic recommendations for CIOs and IT procurement leaders managing SAP during M&A:
- Treat indirect access as a due diligence priority: Include SAP indirect access compliance in your pre-merger due diligence checklist. Identifying these risks early allows for proactive solutions instead of reactive penalties later.
- Inventory and monitor integrations early: As soon as an acquisition is planned, document all systems that will interface with SAP. Early monitoring of data flows helps identify where indirect usage will occur, allowing you to address it contractually.
- Prefer document-based licensing over user-based: When negotiating with SAP, opt for digital access (document-based) licensing models rather than licensing each external user individually. This approach usually scales better and caps costs, especially if thousands of new users would otherwise require licenses.
- Lock in clear contract terms for indirect use: Don’t rely on assumptions. Ensure your SAP agreement explicitly covers the allowed third-party integrations, definitions of indirect access, and any volume caps or exceptions. Clear terms upfront prevent disputes later when personnel change or audits occur.
- Build future flexibility into the SAP contract: Anticipate that your company may acquire additional firms or introduce new integrations in the future. Negotiate provisions that allow you to extend license coverage to new affiliates or increased indirect usage at predictable prices. This future-proofs your SAP licensing against growth.
By following these recommendations, IT leaders can avoid costly licensing surprises and maintain control over SAP costs during mergers and acquisitions. The key is to be proactive, not reactive – tackle indirect access risks as part of the M&A strategy, and you’ll protect the deal’s value instead of eroding it with unforeseen SAP fees.
FAQ
What is SAP indirect access, and why is it risky in M&A?
SAP indirect access refers to using SAP’s data or functions through a third-party system, rather than through direct SAP logins. It’s risky in M&A because when two companies integrate their systems, it often leads to scenarios where non-SAP systems (like a newly acquired CRM or portal) start feeding data into SAP. If those interactions aren’t licensed, SAP can later claim license violations. The risk is a surprise audit and a potentially huge bill for this indirect usage, right when the merged company is trying to realize cost synergies.
Which integrations typically trigger indirect access claims?
Common triggers include connecting a CRM like Salesforce to SAP (customer or sales data flowing into SAP), linking HR and payroll platforms (e.g., Workday or SuccessFactors) with SAP’s HR or finance modules, integrating e-commerce websites or supplier portals with SAP for orders and inventory updates, and hooking up analytics tools or data warehouses to SAP. Essentially, any external system that reads from or writes to SAP can trigger an indirect access claim if it is not properly licensed.
Can SAP demand back-dated licensing fees after a merger?
Yes. SAP can audit the merged environment, and if they find unlicensed indirect usage, they may require you to purchase licenses to cover the period when it occurred. They typically won’t levy “fines,” but they will insist you pay to rectify the shortfall. In effect, it’s a back-dated charge for the usage that wasn’t covered. Sometimes this includes retroactive maintenance fees as well. This is why it’s crucial to address indirect access proactively; otherwise, the merged company could face an unexpected multi-million euro true-up after the fact.
How can we negotiate protection against indirect access charges?
Negotiate with SAP as part of your merger planning. Seek to include indirect access in your contract discussions – for example, by adopting a digital access license that covers all third-party interfaces (with a cap on the number of documents per year), or by folding the acquired systems into an enterprise agreement. Get definitions clarified in writing (list out integrated systems and permitted uses). Additionally, request a grace period for new integrations. Utilize the leverage of the merger (SAP wants to retain your expanded business) to secure these protections before any issues arise.
Is SAP’s digital access (document-based) licensing model better for M&A situations?
In many cases, yes. SAP’s digital access model, which licenses indirect use based on documents created (e.g., number of sales orders, invoices, etc.), is often more predictable and cost-effective in an M&A scenario than trying to license every user. If merging means thousands of new users could indirectly interact with SAP, purchasing named user licenses for all of them would be extremely costly. A document-based approach allows you to pay for the actual business transactions, which may be far fewer than the total number of users, and you can often negotiate a bulk allotment to cap the cost. Of course, you should analyze your specific data volumes – if the integrated systems will generate an extremely high number of documents, ensure the digital access deal is sized appropriately. Overall, however, the document model offers more flexibility and aligns costs with usage, making it a better fit for most M&A integration scenarios.
