Key Compliance Concerns in SAP Digital Access
Executive Summary:
SAP’s Digital Access licensing model fundamentally changes how companies must manage compliance for the indirect use of SAP systems.
This article highlights key compliance concerns—unseen third-party integrations, complex document counting, licensing overlaps, and audit risks—and guides CIOs and IT leaders on navigating SAP’s indirect usage rules in 2025.
The goal is to help enterprises avoid costly surprises by proactively managing SAP Digital Access in their contracts and operations.
SAP Digital Access Licensing
SAP Digital Access (also known as Indirect/Digital Access) is a licensing model introduced to address the indirect use of SAP software. In traditional licensing, any user or system accessing SAP (even via a third-party app or API) needed a named user license.
This often led to confusion and large compliance gaps when external customers or systems interacted with SAP data without direct logins.
Digital Access replaces that user-centric approach with a document-based model: you pay for the number of certain business documents created in SAP by external (non-SAP) sources.
Nine document types are defined as the “Digital Core” outcomes that count under this model (e.g., Sales Orders, Invoices, Purchase Orders, Manufacturing and Quality records, Financial postings, Material movements, Time entries, Service & Maintenance documents).
Whenever an outside system triggers SAP to create one of these, it consumes your licensed document volume. Importantly:
- Read-only access (pulling or querying data from SAP) does not count toward Digital Access; SAP doesn’t charge for purely static reads under this model.
- Single charge per chain: If one external event generates multiple SAP documents, only the initial document is counted as a single charge. For example, a third-party order might create a Sales Order, Delivery, and Invoice in SAP; you pay for the originating Sales Order only, not the follow-on documents.
This outcome-based licensing aims to be more transparent than the old indirect use rules.
Read Key Compliance Concerns in SAP Digital Access.
However, it introduces new compliance challenges around counting and predicting document usage. The table below compares the traditional model vs. the Digital Access model:
| Aspect | Traditional Named User Model | Digital Access (Document Model) |
|---|---|---|
| Licensing Unit | Per named user (including any indirect user or system) | Per bundle of documents created via external systems (e.g. per 1,000 documents) |
| Coverage of Indirect Use | Each external user/device ideally needs a user license (hard to track at scale) | Indirect usage covered by document count (track transactions, not each user) |
| Cost Predictability | Fixed cost per user, but unknown number of external users can lead to surprise compliance gaps | Scales with volume; predictable if you can forecast document counts (cost spikes if usage exceeds plan) |
| Compliance Risk | High if many untracked external users (audits may find unlicensed users) | Risk if document volumes are underestimated; must monitor usage to stay licensed |
| Best For | Small, known external user groups or minimal third-party integration | High-volume external transactions, web portals, IoT integrations with many users/devices |
Hidden Indirect Usage: The Invisible Compliance Threat
One of the biggest compliance concerns is unseen or untracked indirect usage.
Many organizations integrate SAP with web portals, customer apps, supplier systems, IoT sensors, and other third-party tools. Often, these integrations evolve without a formal licensing review.
A classic example is a company deploying a customer self-service portal or connecting SAP to an e-commerce site, where thousands of customers or partners may create orders, invoices, or other records in SAP without ever logging into SAP directly.
Under SAP’s policies, this still constitutes the use of SAP that requires licensing.
The risk: If such integrations aren’t identified and licensed properly, an SAP audit can reveal that your SAP system processed countless transactions from external sources with no corresponding licenses.
Companies have been caught off guard by this “hidden” indirect use.
For instance, SAP auditors might examine interface logs, API calls, or document creation records and find that a third-party system (like a CRM or a warehouse app) has been generating SAP documents. Without the right licenses (user or document), those transactions are technically out of compliance.
The best practice is to inventory all touchpoints where non-SAP systems or users interface with SAP. This includes:
- Third-party applications (such as CRM, e-commerce, supplier portals, mobile apps, and robotic process automation bots) that create or update SAP records.
- Machine-to-machine integrations (IoT devices sending data to SAP, EDI transactions, etc.).
- External users accessing SAP data indirectly (customers querying order status via a web portal, vendors updating info through an integration).
By mapping out these interfaces, you can assess how each one is licensed.
Many firms discover previously unknown indirect usage this way (e.g., a marketing system quietly feeding customer data into SAP). Identifying these issues now allows you to address licensing proactively rather than during an audit.
Read What is SAP Digital Access Licensing?.
Challenges in Counting Digital Documents
Switching to SAP’s Digital Access model introduces a new challenge: accurately counting and forecasting document creation. Unlike named user licenses (which are a fixed number), document licenses require you to estimate how many documents of those nine types will be created via external access.
Key compliance concerns here include:
- Estimation Difficulty: Predicting the number of SAP documents generated by third-party integrations over a year can be a challenging task. Usage may spike unexpectedly due to business growth, seasonal peaks, or new integrations. Suppose you underestimate or exceed your purchased document quota. In that case, you’ll be out of compliance and forced to buy additional blocks (often at true-up time or during an audit, potentially at higher rates). Overestimating, on the other hand, means you paid for capacity you didn’t use. Striking the right balance is tricky.
- Document Types and Multipliers: Each document type counts differently. SAP assigns “multipliers” or weightings to certain documents. For example, high-value transactions like sales orders or invoices count fully (1 document = 1 count), whereas something like a low-level financial posting or material movement might count as 0.2 of a document (meaning five such postings equal one full document credit). If you’re unaware of these rules, you might miscount your usage.
- Line-Item Counting: In many cases, SAP counts documents at the line-item level. That means one sales order with 10 line items could count as 10 digital documents. This granular counting can significantly increase your consumption if your transactions usually have multiple line items. A compliance concern is thinking “one order = one document” when, in reality, it could be many. Companies must carefully read SAP’s definitions for each document type to count them correctly.
- Tools and Measurement: SAP provides tools, such as the Digital Access Evaluation Service (an ABAP report or note that can scan your system), to help count historical document creation. Using these tools is essential; otherwise, you’re guessing your consumption. However, lack of real-time visibility is a problem, especially in SAP S/4HANA Cloud or RISE (where you may not have direct access to all system metrics). Companies sometimes need to rely on periodic SAP reports or third-party software asset management tools to track document usage. The lack of continuous monitoring can lead to compliance drift if not managed.
In summary, counting documents is an ongoing compliance task. Treat it as you would user license audits: implement regular checks (monthly or quarterly) of document counts so you can adjust before it becomes an audit issue.
Many organizations set up internal dashboards or scripts to monitor key document creation metrics (sales orders from interface X, purchase orders from system Y, etc.), ensuring they stay within licensed limits.
Licensing Overlaps and Double-Payment Risks
Another compliance concern is licensing overlap – essentially paying twice for the same usage or, conversely, thinking you’re covered when you’re not.
This can happen in a few ways:
- Mixing Named Users and Document Licenses: SAP allows a hybrid approach: you might license some external interactions via named users and others via Digital Access documents. However, it’s crucial to delineate which method applies to each scenario. If you adopt Digital Access for a specific integration (such as all e-commerce customer orders), you should exclude those external users from your named user count. If not, you could end up counting them as named users and paying for their documents, effectively double-licensing the same activity. On the flip side, if you think Digital Access covers everything and stop maintaining some user licenses, you might leave gaps for scenarios that aren’t covered by document licenses (for example, an external user running reports might still need at least a read-only license if not covered by Digital Access).
- Unclear Contract Terms: Your SAP contract needs to reflect your licensing approach. If you’ve moved to Digital Access, ensure the contract (or addendum) states which document volume is licensed and that the model covers indirect use. If the contract is silent (common in older agreements), SAP might later claim that indirect use still falls under traditional terms, potentially leading to arguments and back-charges. A vague contract poses a compliance risk; always update agreements to reflect any new licensing models or specific exclusions and inclusions for indirect usage.
- Overlooked Named User Requirements: Remember that Digital Access only covers indirect, system-triggered activity. Your human SAP users (employees, contractors, etc.) who log in directly still require named user licenses. There is sometimes confusion that adopting Digital Access means you no longer need as many user licenses. In reality, it’s additive: Digital Access covers scenarios where no named user is involved in the transaction creation. Ensure you continue to manage your named user license counts for all the people who use SAP directly (or via shared accounts). Non-compliance can occur if companies, for example, drop user licenses, assuming everything is documented now.
Key mitigation: Map each integration or use case to a single licensing method and document this mapping. For example, “Customer web portal orders – covered by 10,000 Digital Access documents/year” or “Field technician mobile app – covered by 50 Employee Self-Service user licenses.”
By clearly allocating each scenario, you reduce the chance of overlap or omission. Also, communicate these decisions internally so that IT and procurement teams don’t accidentally purchase redundant licenses or retire needed ones.
A coordinated approach avoids both overspending and compliance holes.
Audit Exposure and Real-World Penalties
SAP licensing audits are a major source of risk when it comes to Digital Access compliance. SAP’s Global License Audit and Compliance (GLAC) team has been increasingly focused on indirect usage in recent years.
The stakes are very high: some of the largest SAP compliance penalties in history have stemmed from disputes over indirect access.
Consider these examples:
| Company (Year) | Indirect Usage Issue | Outcome |
|---|---|---|
| Diageo (2017) | Customers and sales reps accessed SAP via a Salesforce-based portal without SAP licenses. | ~£54 million in license fees assessed after UK court ruling. Huge financial hit and industry wake-up call. |
| AB InBev (2017–2018) | Multiple systems (incl. Salesforce and others) interfacing with SAP without proper licenses. | SAP claimed ~$600M. Case settled out of court for undisclosed sum, likely large. Highlighted SAP’s willingness to pursue massive claims. |
| Global Manufacturer (2019) | IoT devices and plant systems creating thousands of SAP material documents daily, unlicensed. | Discovered in audit; resulted in multi-million dollar true-up. Could have been mitigated by an earlier Digital Access license purchase. |
| Mid-size Enterprise (ongoing) | Numerous third-party add-ons reading/writing SAP data without clear license assignment. | During audit negotiations, SAP offered Digital Access conversion deal (with discounts) to resolve years of non-compliance. illustrates SAP’s preference to convert rather than litigate, if engaged proactively. |
These cases demonstrate that ignoring Digital Access compliance can result in substantial bills or legal disputes.
Auditors typically look for large volumes of document creation in SAP by RFC interfaces, API calls, or background users; external-facing modules (like SAP PI/PO, integration middleware logs) to identify data flowing into SAP from outside; and inconsistencies in user counts (e.g., far fewer named users than the number of actual business partners interacting with the system).
If they find unlicensed usage, SAP will charge the list price for those missing licenses retroactively, often including back maintenance fees for past years. This can easily amount to millions of dollars.
Why audits catch companies off guard:
Many firms assumed that if they paid for SAP’s integration software or simply had a few technical user accounts, they were covered. The Diageo case was a stark reminder that this was not true under older contracts – every individual using SAP data, whether directly or indirectly, counted.
SAP’s introduction of Digital Access was partly to offer a more palatable solution, but it did not mean SAP stopped enforcing compliance. They simply provided customers with a defined path to remediate the issue.
As of 2025, SAP continues to audit and enforce indirect use licensing. The difference is that customers now have the option to proactively switch to the document model (often with incentives) before an audit forces the issue.
Audit preparedness tips:
Treat indirect usage like any other licensable usage. Maintain documentation of which licenses cover which integrations (so you can demonstrate compliance to auditors). Keep proof of any measurements you’ve done (e.g., results from SAP’s Digital Access evaluation report) and the assumptions behind your licensing counts.
If you discover a compliance gap internally, it’s often better to approach SAP with a plan—possibly via the Digital Access Adoption Program or as part of a broader contract renewal—instead of waiting for auditors to find it.
Voluntarily addressing the gap typically yields better financial terms than an imposed audit resolution.
New Developments: Cloud Subscriptions and Licensing Programs
SAP’s licensing landscape is evolving, which can both alleviate and complicate Digital Access compliance:
- RISE with SAP (Cloud Subscription): For organizations transitioning to SAP S/4HANA Cloud under the RISE subscription model, indirect access is typically included in the subscription. Instead of buying separate document licenses, RISE customers purchase a certain capacity measured in Full User Equivalents (FUEs) or similar metrics, which covers typical indirect usage scenarios. This has greatly reduced the classic indirect access panic for many – standard third-party integrations (e.g., your e-commerce site creating orders in SAP Cloud) are generally included as long as they fall within the scope of your subscription. However, “bundled” does not mean “unlimited.” Extremely high-volume scenarios (such as millions of transactions from an IoT network or heavy API usage beyond normal operations) may exceed your subscription’s assumptions. In such cases, SAP may require you to upgrade your subscription tier or purchase add-ons. Compliance concern: Cloud customers sometimes get a false sense of security and stop monitoring usage. It’s essential, even in RISE, to monitor integration volumes and ensure they align with the contract terms. Also, ensure your RISE contract explicitly lists any special high-volume interfaces or non-standard use cases so they are unquestionably covered. Ambiguity in a cloud contract can still bite you later if SAP claims an edge case wasn’t included.
- Digital Access Adoption Program (DAAP): For on-premise SAP customers, SAP introduced the DAAP to encourage the switch to Digital Access licensing. Initially launched in 2018 as a time-limited offer, it has been extended multiple times (and, as of now, remains available without a set end date). Under DAAP, SAP offers steep discounts (up to 90% off list price) on your first purchase of Digital Access documents and allows you to trade in certain existing license investments for credit. For example, a company with a surplus of unused user licenses or engine licenses might convert that value into digital document licenses at a favorable rate. This program presents a significant compliance opportunity: it allows you to legitimize your indirect usage at a fraction of the normal cost before an audit reveals it. Many enterprises have taken advantage of DAAP to eliminate their indirect use exposure—essentially “immunizing” themselves against that audit risk. However, SAP reserves the right to end or modify this program at any time. The compliance risk here is delaying action; if you wait and SAP discontinues the discounts, resolving an indirect use gap later could be far more expensive.
- Contract Negotiation Trends: In recent contract negotiations (especially for S/4HANA upgrades or big renewals), SAP has been somewhat more flexible on indirect use. Customers are negotiating caps or clarifications in their contracts (for instance, defining specific use cases that are allowed without an additional license or securing a pool of free documents as part of a larger deal). If you’re entering a new agreement, it’s wise to address indirect access head-on: specify how it’s licensed, include a buffer for growth, and seek assurances like “no audit back-charges for indirect use up to X volume once we adopt digital access.” Getting such language can be challenging, but even a simple clause acknowledging your licensed document amount as covering indirect use can prevent debates later.
In short, stay informed on SAP’s current programs and cloud offerings. The situation in 2025 is more favorable to customers than the wild-west days of 2017, but only for those who leverage these changes.
Cloud subscriptions can simplify compliance if sized correctly; DAAP can resolve legacy risks at a low cost.
The onus is on the customer to proactively utilize these options. Not doing so—sticking your head in the sand—remains a compliance concern despite the available solutions.
Recommendations
To manage SAP Digital Access effectively and avoid compliance surprises, consider the following actions:
- Inventory All Integrations: Maintain a detailed list of every system, interface, and user community that interacts with SAP, either directly or indirectly. Update it whenever a new integration is introduced. This is the foundation for understanding where Digital Access licenses might be needed.
- Evaluate the Best License Model per case: For each integration or scenario, decide whether it’s best covered by traditional named user licenses, by Digital Access documents, or a combination. Small, infrequent integrations may be more cost-effective to manage with a few user licenses, whereas large-scale external processes typically require document licenses.
- Leverage SAP’s Measurement Tools: Use SAP’s Digital Access evaluation reports and audit tools (USMM/LAW in ECC or measurement apps in S/4HANA) to regularly measure indirect usage. Run these tools at least annually (if not quarterly) to see how many documents you’re generating. This data should guide your license true-ups and negotiations, and it’s exactly what SAP auditors will look at.
- Monitor Usage Continuously: Don’t set and forget. Implement document creation monitoring in your SAP environment to ensure seamless integration with external systems. For example, set up alerts if the monthly count of certain documents exceeds a threshold. Early warning enables you to take action (optimize processes or plan a license expansion) before violating your license terms.
- Negotiate Proactively in Contracts: Whenever you renegotiate your SAP agreement or add new licenses, explicitly address Digital Access. If you’re adopting it, get the terms in writing (document volume, pricing, and that it covers specified interfaces). Request protections such as a growth buffer (e.g., 10-20% extra documents at no additional charge) and ensure that any past indirect use is waived once you’re compliant in the future. Clarity now prevents disputes later.
- Avoid Double-Counting: If you start using Digital Access for a certain set of transactions, adjust your user license counts accordingly. Ensure those external users or technical accounts aren’t also counted as full-named users in your license compliance reports. Clear internal guidelines can help licensing and IT teams stay aligned and avoid overlapping coverage.
- Educate and Communicate: Train your IT architects, project managers, and procurement teams about indirect access rules. Make it standard practice to consider the impact of SAP licensing when proposing a new third-party system integration. This way, compliance is designed upfront (for example, knowing that you might need to purchase additional document licenses if a new portal generates thousands of orders).
- Use DAAP or Similar Incentives: If you suspect you’re not compliant with indirect usage, strongly consider using SAP’s Digital Access Adoption Program while it’s available. The generous discounts and conversion credits can drastically reduce the cost of becoming compliant. It’s far better to resolve it proactively under a program than to wait for an audit and pay full price plus penalties.
- Document Your Compliance Efforts: Keep records of what you have licensed for indirect use and the methodology used to determine those numbers. For each third-party interface, have a one-pager that states “Licensed via [Digital Access – X documents/year]” or “Covered by [Y Named User licenses].” In an audit, this documentation demonstrates that you’ve been deliberate and can expedite the resolution.
- Periodically Perform Self-Audits: Conduct internal “mock audits” focusing on Digital Access. Have your SAP basis team or an external licensing advisor simulate an audit by examining usage logs and license assignments for indirect scenarios. This exercise can reveal any lurking compliance issues and provides an opportunity to address them discreetly. It also prepares your team to answer auditor questions with confidence.
By following these recommendations, enterprises can significantly reduce the risk of an unexpected indirect licensing issue.
The key is proactive management and continuous oversight—treat Digital Access as an integral part of your SAP license management strategy, not a one-time checkbox.
FAQ
Q1: What exactly is SAP “indirect access” and Digital Access?
A1: Indirect access occurs when a person or system uses SAP through a third-party application rather than directly logging on to SAP. For example, if a customer places an order on a website that, in the background, creates a sales order in SAP, the customer is indirectly using SAP. Traditionally, SAP required a named user license for each such indirect user. Digital Access is the newer licensing model SAP introduced to handle these cases more gracefully. Instead of licensing each user, you license the documents (business records, such as orders and invoices) created in SAP through any external inputs. It’s essentially SAP’s method of charging for indirect use based on outcomes (transactions) rather than individuals.
Q2: Which SAP documents count towards Digital Access?
A2: SAP defines nine key document types as “Digital Access documents.” These include Sales Documents (e.g., sales orders, quotations), Purchase Documents (purchase orders), Invoices (billing documents), service and maintenance documents, Manufacturing orders, Quality Management records, Inventory Movement (Material) documents, Financial Accounting documents (journal entries), and Time Management records. Each time an external system triggers the creation of one of these in SAP, it’s counted. SAP doesn’t charge for other document types outside this list, and it doesn’t count purely read actions. Essentially, these nine types cover the most common transactions that represent business value in ERP.
Q3: How can I figure out how many Digital Access licenses (document counts) my company needs?
A3: Start by measuring your current indirect usage. SAP provides a Digital Access Estimation tool (typically implemented via an SAP Note or program) that can scan your system and count the number of documents of the nine specified types created by external IDs over a specified period. Use this as a baseline – for example, you might find you had 20,000 qualifying documents created last year. Next, consider growth and new projects: will you be adding an e-commerce site or more interfaces that could increase that number? It’s wise to add a buffer (say +10-20%) to whatever volume you measured to account for business growth and avoid immediate compliance issues. SAP sells Digital Access in blocks (often per 1,000 documents per year), so you would then decide how many blocks to purchase based on your specific needs. It can also be helpful to engage an SAP licensing expert or utilize third-party tools to simulate various scenarios. The key is to get data – without measuring, any number is just a guess.
Q4: If we haven’t formally adopted Digital Access, are we automatically out of compliance?
A4: Not necessarily, but you do need some license coverage for indirect usage. Suppose you have not signed up for Digital Access. In that case, the traditional rules apply by default, meaning that a named user license or another appropriate license type should cover every indirect use. Some companies unknowingly cover indirect use by having a few “interface” user accounts (e.g., a generic SAP user that all external transactions route through). However, unless your contract has special terms, that might not fully cover you if hundreds of actual people are behind those interfaces. In short, if you haven’t opted into Digital Access, audit your indirect scenarios under the old model: do you have enough user licenses for those external users?
Q5: How do we decide between sticking with named user licenses vs. switching to Digital Access?
A5: It comes down to the nature of your indirect usage. Suppose you have a limited number of external users or systems (for example, a handful of partners or a third-party app used by 10 employees). In that case, it may be more cost-effective and simpler to purchase named user licenses for those users. The named user model can cover an unlimited number of transactions for these individuals, making it well-suited for scenarios with low volume or a small user count. On the other hand, if you have high-volume transactions or a large number of external users, such as thousands of customers or automated systems generating numerous SAP entries, Digital Access is typically more cost-effective and provides cleaner compliance. Do the math: estimate how many documents you’d license vs. how many user licenses you’d otherwise need. Often, if you have scenarios like a customer portal with 5,000 customers, you’d never buy 5,000 SAP user licenses, but you could license, for example, 50,000 documents/year to cover their activities. It’s not an all-or-nothing choice either; many companies use a mix: Digital Access for the big external integrations and named users for the smaller internal-facing ones. The key is to analyze each use case and choose the model that covers it at the lowest cost and risk.
Q6: Can we use both Digital Access and traditional licensing together?
A6: Yes. Most SAP customers ultimately adopt a hybrid approach. You can still maintain your normal named user licenses for employees and direct users and allocate some for small-scale external use cases. Meanwhile, you might adopt Digital Access for other areas of your business (particularly customer-facing processes, large B2B interfaces, or IoT scenarios). There’s no technical conflict in using both models. A crucial caution is to manage overlap: once an interface or process is licensed via Digital Access, you should not also include those external users in your tally of named users. Segregate which licenses cover which systems. When done correctly, a hybrid model can optimize costs – for example, you may cover a supplier portal with 20 named user licenses for your 20 main suppliers, but use Digital Access for your customer’s online store, which has thousands of users. This way, each part of your ecosystem is licensed appropriately.
Q7: How is indirect access handled if we move to the cloud or RISE with SAP?
A7: In SAP’s cloud subscription model, especially with RISE with SAP, indirect usage is generally bundled into your subscription based on overall usage metrics. You don’t explicitly buy “Digital Access” licenses; instead, you purchase a certain amount of capacity (often measured in metrics like business users, FUEs, or resource capacity), and SAP considers typical integration usage as covered. This simplifies compliance because you’re not required to separately track document counts for licensing purposes. However, it’s not carte blanche – your contract will have assumptions. For example, suppose you run an extremely high-volume public API through your SAP cloud that exceeds normal expectations. In that case, SAP may require an adjustment (either a larger subscription or a specific add-on). Practically speaking, most common integrations (connecting your CRM, e-commerce, etc.) are unlikely to cause a compliance issue in RISE as long as your overall user count and system usage remain in line with what you purchased. Always confirm with SAP or your provider how any unusual scenario is handled. And even in the cloud, keep an eye on usage metrics. You might not have to count “documents” per se. Still, you should monitor whether your interfaces are hitting any service limits or if your usage pattern changes drastically so you can renegotiate or rearchitect as needed.
Q8: What is the Digital Access Adoption Program (DAAP), and should we consider it?
A8: The Digital Access Adoption Program is SAP’s incentive program to encourage customers to switch to the digital document model. Essentially, DAAP offers heavy discounts (often 90% off the list price for the initial purchase) and allows you to convert some of your existing license investment into credits toward Digital Access. For example, if you have shelfware (unused SAP licenses) or if you’re willing to surrender some older licenses, SAP might give you document licenses at a much-reduced cost in exchange. The program was initially time-limited but has been extended indefinitely as of the mid-2020s. Yes, you should strongly consider it if you have any indirect usage risk. It’s the most cost-effective way to legitimize that usage. Even if you haven’t been audited, DAAP allows you to resolve the uncertainty on favorable terms rather than waiting for an audit and potentially paying full price plus penalties. Keep in mind that SAP could end or alter the program, so there’s a limited window of opportunity now. Many companies use DAAP during S/4HANA migrations or big renewals to clean up indirect access once and for all. It’s wise to consult with a licensing expert to maximize the credits and discounts under DAAP. Still, in principle, it’s a smart move for compliance if indirect access is currently a gray area for you.
Q9: How can we monitor and ensure ongoing compliance with Digital Access?
A9: Ongoing compliance hinges on effective monitoring and governance. First, make sure you’ve implemented SAP’s measurement tools for Digital Access – for example, apply the SAP Note that collects document statistics or use SAP’s license administration tools that now include indirect usage reporting. Set a schedule (e.g., quarterly) to review these stats. Second, leverage your integration middleware or logs: many interfaces can be monitored by counting transactions (for instance, if you use SAP Process Orchestration or SAP Integration Suite, check how many messages or IDocs are flowing in that create documents). Some organizations use third-party license management solutions that can alert you if indirect usage is trending above a threshold. In addition, governance processes are key: whenever a new project comes along that will integrate with SAP, it should include a step to assess the licensing impact. Make it a checklist item in project approvals to estimate new digital documents or external users introduced. By catching that upfront, you can adjust licenses proactively. Finally, keep an eye on SAP’s communications – they periodically update tools or guidelines for Digital Access, especially as S/4HANA evolves. Staying current on these will help you utilize the most effective methods to track compliance.
Q10: What happens if we ignore Digital Access and SAP audits us?
A10: If you ignore the issue and an SAP audit uncovers unlicensed indirect usage, be prepared for a potentially significant financial hit. In an audit scenario, SAP will quantify unlicensed usage by either counting the documents generated (and charging the list price for those with back maintenance) or by counting the external users who should have had licenses. The result can be a huge bill, as seen in public cases where companies were charged tens of millions. SAP may also require you to purchase the appropriate licenses in the future at standard (non-discounted) rates. Additionally, during an audit settlement, you lose leverage – SAP knows you’re in breach, so you can’t negotiate from a position of strength. You might end up with a very costly one-time settlement and still have to sort out a proper licensing model afterward. There’s also indirect damage: these things can become public (if legal action is involved) and cause reputational harm or budget crises. In short, ignoring it is playing with fire. It’s far safer to address indirect access licensing now, on your terms, either by adopting Digital Access or tightening your named user assignments, than to risk not being audited. SAP audits operate on a cycle, and as the saying goes, it’s not if but when you’ll be audited.
Read more about our SAP Advisory Services.
