Real-World Case Studies in SAP Indirect Access Disputes
SAP’s indirect access licensing has led to high-stakes disputes that cost enterprises tens of millions of dollars.
In recent years, companies such as Diageo and AB InBev have discovered that connecting third-party systems to SAP without proper licenses can trigger massive compliance penalties.
This article examines real-world case studies of SAP indirect access disputes and what IT leaders can learn from them.
We examine how ambiguous license terms led to unexpected outcomes, how SAP addressed this issue with its “Digital Access” model, and practical steps to prevent costly indirect access pitfalls.
What is SAP Indirect Access
SAP Indirect Access refers to using SAP software’s functionality without logging in directly through the SAP GUI. In these scenarios, a non-SAP system (such as a cloud CRM, e-commerce site, or custom application) serves as the front end, while SAP operates in the background.
For example, a customer placing an order on a web portal that then creates a sales order in SAP is an indirect use of SAP. The user never signs into SAP, but SAP is doing work on their behalf.
Under SAP’s licensing rules, any use of SAP (whether direct or indirect) has historically required a license.
This meant that if an external system triggered data or transactions in SAP, those interactions were supposed to be covered by an appropriate SAP license. SAP drew one important line: purely read-only scenarios.
If you export data from SAP to an external system and users only view that information (so-called “Indirect Static Read”), SAP has stated that it does not require extra licenses.
It’s the active use cases – where external systems create, update, or process transactions in SAP – that fall under indirect access licensing.
In short, if SAP’s digital core is being accessed or invoked by any third-party apps or interfaces, you need to ensure that usage is licensed, just as if those external users were logging into SAP directly.
Why Indirect Access Leads to Disputes
For years, indirect access was a quiet clause in SAP contracts – often vaguely worded but not vigorously enforced.
That changed dramatically in the mid-2010s.
Several factors made indirect usage a flashpoint between SAP and its customers:
- Ambiguous Contracts: Older SAP agreements stated that all use of SAP software, “directly or indirectly,” must be licensed, but did not specify what “indirectly” meant in practical terms. This ambiguity left room for SAP auditors to interpret any third-party integration as a licensable event. Customers unknowingly violated terms simply by building modern integrations.
- The proliferation of Integrations: As enterprises pursued digital transformation, they connected SAP with e-commerce sites, mobile apps, IoT devices, and cloud platforms. These innovations enabled more non-SAP systems to communicate with SAP in real-time. Each integration was a potential licensing grey area. What felt like normal use of your data could technically breach SAP’s rules.
- Aggressive Audits for Revenue: SAP, like many large vendors, began conducting license audits with a sharper focus on indirect access. When traditional license sales slowed, audits became a revenue opportunity. SAP auditors began requesting details on interfaces and external systems from customers. Audit findings blindsided some companies that willingly shared data, for which they owed millions for unlicensed indirect usage.
- High Stakes Surprises: Indirect use often involves large user counts or transaction volumes. For instance, connecting a customer portal to SAP might involve thousands of end users or orders. SAP’s stance was that each of those users or each document might require a separate license. The resulting compliance claims reached startling figures (as we’ll see in the case studies). CIOs who thought a simple integration was harmless suddenly faced enormous, unbudgeted fees.
These factors converged to create a compliance “perfect storm.” By 2017, indirect access disputes were making headlines and striking fear in SAP customers across industries. Next, we’ll look at two flagship examples that brought this issue into the spotlight.
Read Preventing Unauthorized Indirect Access in SAP Systems.
Case Study: Diageo’s Costly Lesson on Salesforce Integration
One of the most famous indirect access battles involved Diageo, a global beverage company.
In 2017, Diageo learned the hard way how expensive indirect SAP use can be.
The company had licensed SAP ERP for its operations, but it also introduced a Salesforce-based application (called “Connect”) for its sales representatives.
The Salesforce app lets reps input and view customer orders, and behind the scenes, it communicates with SAP to retrieve data and create sales orders.
From Diageo’s perspective, the reps were using Salesforce – they never logged into SAP directly. However, SAP viewed this differently: Salesforce was acting as a proxy to SAP, and those sales reps were indirectly using SAP ERP.
Under Diageo’s contract, every SAP user (whether direct or indirect) required a named-user license. SAP conducted an audit and claimed that Diageo’s Salesforce integration had introduced hundreds of unlicensed SAP users.
The dispute escalated to the UK High Court. The court sided with SAP’s interpretation that those Salesforce interactions counted as SAP use.
As a result, Diageo was held liable for a substantial sum in license fees and back maintenance, amounting to roughly £54 million (approximately $70 million).
This shocking figure was based on SAP’s calculation of what Diageo should have paid for those Salesforce-connected users.
Diageo argued that it had not anticipated needing separate SAP licenses, as the representatives were not direct SAP users; however, the ambiguity of the contract worked against them.
This case sent a shockwave through the SAP customer community. A routine integration with a cloud CRM ultimately cost Diageo tens of millions.
For many CIOs, the Diageo verdict was a wake-up call: even if you never intentionally misuse software, you can stumble into a giant compliance bill if contract terms like “indirect access” aren’t clearly understood.
After losing the case, Diageo reportedly sought to appeal or negotiate, but the immediate lesson was clear: companies needed to re-examine all the ways their systems interacted with SAP.
Read Managing SAP Indirect Access Compliance.
Case Study: AB InBev’s $600M Licensing Showdown
Around the same time, SAP sparred with another beer industry giant: Anheuser-Busch InBev (AB InBev).
In early 2017, SAP accused AB InBev’s U.S. subsidiary of breaching its software license agreement by allowing various systems (and employees) to access SAP without proper licenses.
While specifics were not publicly disclosed, it was reported that AB InBev, like Diageo, had begun using cloud-based platforms (including Salesforce) to interface with SAP for tasks such as data integration and supply chain processes.
SAP’s claim was staggering – they sought over $600 million in damages for unlicensed use. This number grabbed headlines globally.
It represented years’ worth of alleged unlicensed activity and served as a warning to any large enterprise interfacing with SAP.
Unlike the Diageo case, AB InBev’s dispute did not play out fully in open court.
The companies entered into private arbitration, a confidential legal process. By mid-2017, AB InBev and SAP had settled behind closed doors.
The settlement amount was not disclosed, leaving the industry guessing.
However, AB InBev’s financial filings later showed a significant uptick in expenses (hundreds of millions) related to IT investments that year, implying a portion might have gone toward resolving the SAP claim.
Analysts estimated that while SAP likely didn’t receive the full $600 million, AB InBev paid a substantial sum, possibly in the high tens or low hundreds of millions, to resolve the issue.
This case was notable for both its scale and its secrecy. AB InBev’s choice to settle quietly (versus battling in court) meant no legal precedent was set, but the message to customers was unmistakable.
If SAP were willing to pursue one of the world’s largest corporations for that amount, no one would be safe from indirect access enforcement.
Every SAP-reliant enterprise suddenly had to consider, “Could our integration projects trigger a $10M or $100M license bill someday?”
The AB InBev saga also highlighted SAP’s leverage: by using arbitration, SAP kept the dispute out of the public eye, limiting the reputational fallout while still pressuring the customer to pay up.
Both the Diageo and AB InBev cases demonstrated how confusing SAP’s rules had become and how steep the penalties could be.
Next, we’ll see how customers and SAP responded to the uproar these examples created.
Aftermath: Customer Backlash and SAP’s Response
The publicized disputes caused an outcry among SAP customers worldwide.
User groups and CIO forums lit up with concerns that SAP’s licensing was out of step with modern technology practices.
Many IT leaders felt it was unfair to be charged multiple times for the same business process (e.g., having to license both the user of a front-end system and the resulting SAP transaction).
The phrase “indirect access” became synonymous with unpredictable risk. Some organizations even slowed down or paused digital projects for fear of unknowingly breaching SAP licensing terms.
SAP had a PR and customer relations situation on its hands. In response, SAP’s leadership acknowledged the frustration and promised to clarify and simplify its licensing model.
At the Sapphire NOW conference in 2017, SAP’s CEO famously announced that the company would no longer charge for “static read” scenarios (view-only external access to data) and would move toward a more “business outcome-based” approach for certain processes.
This was a direct nod to the idea that, for example, licensing should focus on the number of orders processed (a measurable outcome) rather than the number of users on a third-party system.
By 2018, SAP introduced a new paradigm called Digital Access licensing – essentially a revamp of how indirect use could be licensed going forward.
Under the Digital Access model, instead of requiring a named-user license for every person or device that indirectly uses SAP, the licensing is based on documents (records) created in the SAP system.
SAP identified nine core document types (such as Sales Orders, Invoices, Purchase Orders, etc.) that cover common business transactions.
The idea was that if an external system triggers the creation of these documents in SAP, you simply count them and pay per document (often sold in blocks or packs), rather than licensing the external users individually.
This document-based licensing was portrayed as a win-win: customers wouldn’t be double-charged for external users, and SAP would still get compensated for the workload on its system.
It also removed the theoretically infinite liability of “what if millions of consumers indirectly touched our SAP” – now only actual transactional documents (such as orders) would incur costs, and read-only data views would not.
SAP also offered incentives, such as programs to convert existing user licenses into Digital Access credits and limited-time discounts (in some cases, deep discounts for early adopters), to encourage customers to switch to the new model.
Below is a simplified comparison of the old vs. new approach:
| Licensing Model | Traditional Named Users | Digital Access (Document-Based) |
|---|---|---|
| What is Licensed | Human users of SAP (each individual needs a license, even if accessing via third-party systems). | Documents created in SAP by third-party or automated processes (e.g. each sales order from an external app). |
| Example Scenario | 500 customers place orders via a non-SAP web portal → 500 SAP user licenses required (even though customers don’t use SAP directly). | 10,000 sales orders created via the portal per year → 10,000 document count licensed (regardless of how many users involved). |
| Cost Basis | One-time per user license fee (tiered by user type), plus annual maintenance (~20% of license cost). Can be expensive if counting thousands of external users. | Purchase document license packs (e.g. in thousands of documents). Cost scales with transaction volume. Could be cheaper for moderate usage, but high-volume environments might still incur large fees. |
| Pros | Well-understood model for internal users; fixed cost per user allows unlimited use by that person. | Aligns cost to business activity/results; no charge for read-only access; removes need to license each end-customer or device individually. |
| Cons | Indirect ambiguity: Difficult to apply to external users or IoT. Risk of “surprise” liabilities if external use isn’t tracked. | Counting complexity: Requires tracking document metrics. High volumes of documents can drive up costs; needs analysis to determine if it truly saves money in each case. |
SAP’s Digital Access model was a direct result of the real-world cases we discussed. It represented a shift in philosophy: from policing “users” to measuring actual business outputs in the system.
Many customers welcomed the change as a step toward clarity. However, it did not automatically erase the issue – it just reframed it.
Companies now had to determine whether to stick with traditional licensing or opt for Digital Access (SAP gave existing customers a choice), and how to estimate their document volumes to budget accordingly.
Lessons Learned and Ongoing Challenges
The saga of indirect access disputes has provided several valuable lessons for IT leaders: compliance cannot be taken for granted, and license terms are just as important as technical solutions.
Even after SAP’s pivot to Digital Access, organizations must remain vigilant.
Firstly, visibility is key. Many companies realized they lacked a clear inventory of how third-party systems were interacting with SAP.
A takeaway from the case studies is that you should map out every integration point – whether it’s a middleware interface, a customer-facing app, or an IoT sensor network – and understand what data or transactions flow into SAP.
Surprises often come from areas outside of IT’s immediate purview (for example, a sales department adding a new cloud tool that hooks into SAP).
Secondly, license management needs to be proactive. Diageo and AB InBev demonstrate that waiting for an SAP audit to uncover a shortfall is a recipe for significant, unplanned costs.
It’s far better to identify indirect usage yourself and address it on your terms (either by purchasing the needed licenses or re-architecting the integration).
Another lesson is the importance of contract clarity. Smart enterprises now negotiate their SAP agreements with explicit language around indirect use.
This might include defining the types of indirect access permitted, ensuring that static read access is exempt, and agreeing on metrics if adopting the document-based model.
The goal is to eliminate grey areas so that both you and SAP know how future integrations will be treated.
Many newer SAP contracts (especially for S/4HANA or cloud offerings) come with updated terms that embed digital access rules – a direct result of customer pushback.
Ultimately, even with the Digital Access model, cost optimization remains a persistent challenge. Some organizations have found that when they have very high transaction volumes, document-based fees can surpass traditional licensing costs.
Others found the opposite. The key is analysis: tooling and trial audits can help estimate the number of documents generated by your external systems.
SAP even offers a Digital Access evaluation tool to simulate charges under the new model. Using these tools, IT leaders can make an informed decision on which model (or mix of models) is most cost-effective and low-risk for their environment.
In summary, the real-world disputes taught everyone that SAP licensing is as much a strategic issue as a legal one. Technology decisions now must factor in the impact of licensing.
The good news is that awareness is higher than ever, and SAP has shown a willingness to adapt its models. But the responsibility ultimately lies with each enterprise to govern its SAP usage wisely.
Recommendations
To avoid expensive surprises and maintain control over your SAP licensing, IT leaders should consider the following actions:
- Audit Your SAP Integrations: Inventory all third-party systems, interfaces, and users that connect to SAP. Determine where indirect access is happening (e.g., web storefronts creating SAP orders, middleware updating SAP records). This baseline is critical for managing compliance.
- Assess License Coverage Proactively: Don’t wait for an audit. Simulate how SAP would view your indirect usage. Use SAP’s tools or licensing experts to estimate document counts and user equivalents. If gaps exist, address them by acquiring the appropriate licenses or adjusting usage before SAP comes knocking.
- Evaluate the Digital Access Option: Analyze whether SAP’s Digital Access (document-based licensing) would benefit your organization. Calculate the costs of staying on named user licenses versus switching to document licensing for certain scenarios. For some, the new model can reduce costs and risk; for others with low external transaction counts, the status quo might be more cost-effective. Make an evidence-based decision.
- Negotiate Contract Clauses: When renewing or signing SAP agreements, explicitly negotiate terms for the indirect use of the software. Seek to include language that clarifies what counts as indirect access, ensures static read access is free, and prevents “double dipping” (e.g., if you pay for Digital Access documents, those interactions shouldn’t also require user licenses). A well-defined contract can save millions in the long run by preventing disputes.
- Train and Govern Internally: Educate your architects, developers, and procurement teams about SAP indirect access. Establish governance that requires any new system or app integrating with SAP to undergo a licensing impact review. It’s easier to design an integration correctly up front than to retrofit licensing after an audit.
- Engage with SAP (or Experts) Early: If you anticipate a major new integration (such as deploying a new CRM or e-commerce platform linked to SAP), discuss it with SAP ahead of time. In many cases, SAP is open to finding a licensing solution (and possibly offering a deal) before it becomes a compliance problem. Likewise, consider engaging independent licensing advisors who have experience negotiating with SAP – they can often pinpoint risks and savings that others miss.
- Monitor and Adapt: Make indirect access oversight a continuous process. Monitor SAP systems for unanticipated usage patterns (for example, an excessive number of documents being created by a system account might indicate a new integration you weren’t aware of). Regularly review license utilization and adjust your licensing mix as business conditions change (e.g., a spike in online orders may indicate it’s time to invest in more document licenses). Being dynamic in your license management ensures you’re never caught off guard.
FAQ
Q1: What exactly counts as “indirect access” in SAP?
A: Indirect access occurs when a user or application utilizes SAP’s functionality through another system, rather than logging in directly. For example, if your customer portal or a third-party app updates or queries data in SAP on behalf of a user, that’s indirect access. SAP requires that such use be licensed. However, simply pulling data out of SAP for viewing elsewhere (with no action back into SAP) is usually considered a “static read” and not counted as use. The rule of thumb: if an external system triggers SAP to do work (create or change something), you likely need a license for that usage.
Q2: How can we determine if our company has indirect access exposure?
A: Start by mapping all the systems that interface with SAP. Look at whether they write to SAP or execute transactions. Common culprits include systems such as CRM systems sending orders to SAP, procurement tools querying SAP inventory, or mobile apps used by employees that update SAP records. Once you have the list, review your SAP license entitlements – do you have licenses that cover those users or scenarios? You can also use SAP’s Digital Access Evaluation Service or similar tools that analyze your SAP logs to count how many documents external systems are creating. This will provide you with a quantifiable measure of your indirect usage. If this seems daunting, consider engaging a software asset management consultant or SAP’s licensing team to assist with the assessment.
Q3: Is switching to SAP’s “Digital Access” document licensing model mandatory, and will it solve our indirect access issues?
A: Switching to Digital Access is not mandatory for existing SAP customers – it’s an option. New SAP S/4HANA contracts, however, often include Digital Access by default. Adopting it can simplify compliance for indirect scenarios because you focus on counting documents instead of users. It can “solve” the classic indirect access issue of surprise user claims, but it’s not a universal fix. You need to evaluate if the cost model is favorable for you. In some cases, companies with modest external usage found Digital Access very cost-effective and freeing (no more worries about user counts). In other cases, businesses with extremely high transaction volumes found that maintaining user licenses (and tightly restricting indirect use) was more cost-effective. The best approach is to run the numbers: SAP often provides a one-time assessment that shows how many documents your systems generate. Use that data to decide if Digital Access makes financial sense. If you do switch, ensure your contract is updated so you aren’t double-charged (i.e., those documents are now licensed via Digital Access and don’t also require a user license).
Q4: Can we negotiate away indirect access charges or get protection in our SAP contract?
A: Yes, to a degree. You can and should negotiate clarity and protection into your SAP agreements. Many customers have successfully added contract addendums that define indirect use cases and set specific licensing requirements for them (or even exclude certain scenarios from fees). For example, you might negotiate that a special license covers a particular interface or software, or that you can have X number of external read-write users at no extra cost. While SAP may not “give away” usage for free, they might agree to bundle some indirect usage into your deal if it’s discussed upfront. It’s much better to hash this out during a purchase or renewal than to leave it vague. Additionally, if an audit reveals indirect access, there is usually room to negotiate a resolution, typically in the form of purchasing additional licenses or migrating to Digital Access, rather than paying pure penalties. The key is to engage in dialogue early, show that you’re seeking to comply, and push for a fair and transparent licensing arrangement.
Q5: What should we do if SAP audits us and claims unlicensed indirect usage?
A: Don’t panic, and don’t immediately concede. First, ask SAP for detailed evidence of the indirect usage they’ve identified – which systems, how they measured it, and how they calculated the license shortfall. Often, this process is negotiable. While you shouldn’t stonewall (that can escalate matters), you can buy time to analyze their findings. Assemble an internal team (including legal and procurement) and, if needed, bring in an experienced third-party licensing advisor or lawyer who knows SAP contracts. In many cases, the outcome of an indirect access audit is that you’ll negotiate a deal to purchase the necessary licenses moving forward (and sometimes a retroactive fee). You may be able to choose between purchasing additional named user licenses or adopting the Digital Access model to cover usage – use whichever option is more cost-effective for you as a bargaining point. Also, remember that SAP’s auditors and sales teams have some flexibility; they generally want to sell you software, not engage in a protracted legal fight. Demonstrating that you’re willing to become compliant, but on fair terms, can lead to a settlement that is far less costly than the initial scary number. The worst-case scenario (litigation) is rare and usually only happens if negotiations completely break down, as seen with Diageo. Almost always, it’s resolved via a commercial agreement, so focus on reaching a resolution that your company can live with.
Read more about our SAP Advisory Services.
