SAP indirect access — the commercial claim that third-party systems accessing SAP data or creating SAP documents must be separately licensed — is the single most financially dangerous area of SAP licensing for enterprises. Claims of $50M–$500M are not uncommon for large organisations with complex IT landscapes. SAP's landmark case against Diageo (£54.4M), the Anheuser-Busch InBev settlement, and dozens of confidential settlements across Fortune 500 companies attest to the scale of potential exposure.
This article is part of our SAP License Negotiation Guide. Here we focus specifically on indirect access mechanics, SAP's Digital Access Adoption programme, audit defense tactics, and the commercial strategies that resolve indirect access exposure at the lowest possible cost. If you have received an SAP audit notification or a Digital Access claim, this guide is your immediate reference.
If you have received an SAP audit notification or a Digital Access claim, do not respond to SAP until you have engaged independent technical and legal counsel. Your initial response to an SAP audit sets the tone and scope of the entire process. Premature disclosures or admissions can significantly increase your financial exposure.
What Is SAP Indirect Access?
Indirect access refers to the use of SAP software by third-party systems, applications, or devices that access SAP functionality or data without those users being directly licensed in SAP. In its most common form, indirect access occurs when a CRM, e-commerce platform, WMS, MES, RPA bot, or portal application reads from or writes to an SAP system on behalf of human users — users who are not themselves counted as SAP named users.
For example: an organisation deploys Salesforce CRM for its sales team. The sales team does not use SAP directly, but the Salesforce system automatically creates Sales Orders in SAP based on CRM opportunities. Under legacy SAP indirect access interpretations, every Salesforce user who indirectly caused SAP transactions might require a full SAP named user licence — even though they never log in to SAP.
This interpretation of licence terms was the basis for SAP's aggressive indirect access campaign of 2015–2018, which generated hundreds of millions in claim value and significant industry controversy. The Diageo ruling in 2017, while partially favouring SAP, also highlighted the ambiguity in SAP's legacy licence agreements and the courts' reluctance to award damages at the scale SAP sought.
Free Guide
SAP S/4HANA Negotiation Playbook
Proven tactics for reducing SAP costs: indirect access defence, RISE pricing, and S/4HANA migration.
SAP Digital Access Adoption (DAA): The New Framework
In 2018, SAP introduced the Digital Access Adoption (DAA) programme as a replacement for legacy indirect access licensing. Rather than licensing based on the number of human users indirectly accessing SAP, DAA charges based on the volume of specific document types created in SAP by third-party systems.
DAA Document Types
SAP's Digital Access model applies to the following primary document categories (known as "Digital Access Objects"):
- Sales Orders — created by CRM, e-commerce, EDI, or portal systems
- Purchase Orders — created by procurement platforms, EDI, or sourcing applications
- Production Orders — created by MES, planning, or shop floor control systems
- Material Documents (Goods Movements) — created by WMS, inventory systems, or logistics platforms
- Goods Receipts — created by WMS, delivery management, or IoT systems
- Inbound Deliveries — created by logistics, freight, or EDI systems
- Service Orders — created by field service management or ITSM systems
- Plant Maintenance Orders — created by EAM or maintenance management systems
- Accounting Documents — created by AP/AR automation, OCR, or ERP-adjacent financial systems
SAP charges for DAA documents at tiered pricing based on annual document volume. List prices range from approximately $3–$15 per 1,000 documents, depending on tier. For organisations processing millions of EDI transactions, IoT events, or e-commerce orders annually, the DAA exposure can be substantial.
A mid-size manufacturing enterprise processing 500,000 EDI transactions per year might generate 2–5M SAP documents annually across sales orders, goods movements, and accounting entries. At SAP's list prices, this represents $6,000–$75,000 per year in DAA fees — manageable. A large retailer processing 50M+ order lines across e-commerce and stores could face $600K–$7.5M annually. Know your volumes before SAP does.
Stay Ahead of Vendors
Get Negotiation Intel in Your Inbox
Monthly briefings on vendor pricing changes, audit trends, and contract tactics. Unsubscribe any time.
No spam. No vendor affiliations. Buyer-side only.
Legacy Indirect Access vs Digital Access: Which Applies to You?
Whether your organisation is exposed to legacy indirect access claims or DAA depends primarily on your SAP contract vintage:
- Contracts signed before 2018: Typically contain legacy indirect access language referencing "use" rather than document volumes. SAP may attempt to apply legacy language to enforce named-user-based indirect access claims. However, SAP also offers a migration path to DAA for legacy contract customers — often as part of an S/4HANA migration package.
- Contracts signed 2018 onwards: Typically reference Digital Access and document-based licensing. DAA document types, pricing tiers, and measurement methodology should be explicitly defined in the agreement.
- Mixed contract environments: Large enterprises often have multiple SAP agreements signed at different points. Understanding which indirect access framework applies to each agreement is a critical pre-audit analysis step.
Common SAP Indirect Access Scenarios
CRM Integration (Salesforce, Microsoft Dynamics)
CRM-to-SAP integration for order management, quote-to-cash, and customer master synchronisation is one of the most common indirect access scenarios. Sales Orders created automatically by Salesforce CPQ or Microsoft Dynamics CRM in SAP's SD module trigger Digital Access obligations. The volume depends on quote-to-order conversion rates and order complexity.
E-Commerce Platform Integration
B2B and B2C e-commerce platforms (Shopify, Magento, custom portals) that integrate with SAP for order capture, inventory checks, and fulfilment create high-volume Sales Order and Goods Receipt documents. High-volume retail and B2B commerce environments can generate SAP document volumes that dwarf traditional named-user licence costs.
WMS and Logistics Integration
Warehouse Management Systems (Manhattan, Blue Yonder, HighJump) that integrate with SAP for goods movements, transfer orders, and delivery confirmation create Material Document and Goods Receipt documents. In high-throughput logistics environments, these volumes can be extremely large.
RPA and Automation
Robotic Process Automation (UiPath, Automation Anywhere, Blue Prism) bots that interact with SAP GUI or SAP APIs to process invoices, create purchase orders, or update master data are a growing source of indirect access exposure. SAP's position on RPA-generated documents has evolved — bots creating documents in SAP trigger DAA obligations regardless of whether a human was involved.
IoT and Shop Floor Systems
IoT sensors, SCADA systems, and manufacturing execution systems (Siemens Opcenter, Rockwell, Aveva) that trigger SAP Production Orders, Goods Movements, or Quality Notifications create indirect access exposure. Manufacturing environments are among the highest-volume indirect access scenarios and often among the least well-managed.
Concerned About Indirect Access Exposure?
An independent Digital Access assessment identifies your true document volumes and exposure before SAP does. Our advisors have conducted these assessments at dozens of enterprises — the results are almost always surprising. Book a free consultation to discuss your situation.
SAP Audit Process: What to Expect
SAP conducts two types of audits relevant to indirect access: SAP's contractual Licence Audit (LAudit) and SAP's Digital Access Measurement (DAM) process. Understanding both is essential for effective audit defense.
SAP Licence Audit (LAudit)
SAP's standard LAudit is a contractual right in most SAP agreements, typically limited to once per year with 30 days' notice. The audit covers named user licence compliance across the production landscape. LAudit commonly triggers indirect access claims when SAP's audit tools identify third-party system connections or API calls from unlicensed sources.
Key LAudit defense principles:
- Review your agreement's audit clause carefully before SAP executes. Scope limitations, timing restrictions, and prior notice requirements are all negotiable and enforceable.
- Engage legal counsel to define what information you are contractually obligated to provide. Many enterprises over-disclose in audits, providing SAP with information beyond the contractual scope.
- Conduct a self-assessment before the formal audit. If non-compliance is identified, you have the option to address it before the audit concludes or to include it in a commercial resolution discussion.
Digital Access Measurement (DAM)
SAP's Digital Access Measurement is a separate process specifically for DAA document volume assessment. SAP deploys measurement tools (typically SAP USMM or Digital Access Cockpit) to count document volumes by type over a representative period. The measured volumes are then extrapolated to annual totals and priced against SAP's DAA rate card.
Key DAM defense principles:
- Challenge the measurement methodology: SAP's document counting tools often over-count due to system configuration issues, duplicated document creation events, reversal documents counted as new documents, and test environment documents included in production counts. Independent technical analysis of SAP's measurement output typically reduces claimed volumes by 20–60%.
- Challenge document classification: Not all documents created by third-party systems trigger DAA obligations. SAP's measurement tools sometimes misclassify documents. Verify that each document type claimed is correctly classified and that the creating system is genuinely "indirect" rather than a licensed SAP component.
- Validate the measurement period: SAP often selects measurement periods that coincide with peak business activity. Challenge whether the measurement period is representative of typical annual volumes.
SAP Audit Defense: The Five-Step Framework
When an SAP audit is initiated, effective defense follows a structured process:
- Immediate legal and advisory engagement: Engage specialist SAP licensing counsel and an independent technical advisor within 48 hours of receiving an audit notification. Do not communicate with SAP's audit team without preparation.
- Contract review: Pull and review all SAP agreements, schedules, and order forms. Identify the audit rights clause, scope limitations, and any prior audit settlements that may constrain the current audit.
- Landscape mapping: Map the full SAP production landscape including all third-party integrations, API connections, and automated processes that interact with SAP systems. This is the foundation for both exposure assessment and defense.
- Parallel self-assessment: Run your own document volume measurement before and in parallel with SAP's measurement. Having independent volume data enables you to challenge SAP's findings with credible counter-evidence.
- Commercial resolution strategy: Determine the commercial resolution framework before engaging SAP on findings. Options include DAA licence purchase, S/4HANA migration amnesty, RISE with SAP bundled settlement, or contested resolution. Each option has different commercial implications — select the strategy before SAP presents its findings.
SAP's preferred resolution for indirect access and DAA claims is a bundled commercial package that includes S/4HANA migration commitment, DAA licence purchase, and a long-term SAP Cloud subscription. This package is frequently more expensive than a standalone DAA resolution. Negotiate the components separately — and always challenge SAP's document volume findings before agreeing to any resolution.
Digital Access Amnesty in S/4HANA Migrations
One of the most valuable provisions available to enterprises with DAA exposure is the inclusion of a Digital Access amnesty within an S/4HANA migration commercial package. SAP regularly offers DAA amnesty — a defined document volume allowance that covers existing and future indirect access exposure — as a concession within migration deals.
The amnesty approach works as follows: the enterprise commits to an S/4HANA migration; SAP includes a Digital Access allowance (e.g., 50M documents per year) within the commercial package; the enterprise's existing DAA exposure is resolved within that allowance. For organisations with significant DAA exposure, amnesty within an S/4HANA package is often the most cost-effective resolution path.
Critical caveats: the document allowance must be sufficient to cover your actual measured volumes (negotiate based on your independent measurement, not SAP's); the amnesty must explicitly cover historical exposure (not just future periods); and the amnesty terms must be binding and contractually documented.
Proactive Digital Access Management
The best defense against SAP indirect access claims is proactive management. Organisations that continuously monitor their Digital Access document volumes, understand their contractual obligations, and manage integrations with DAA compliance in mind rarely face audit surprises.
- Deploy Digital Access monitoring tools: SAP's Digital Access Cockpit (available in ECC and S/4HANA) provides ongoing document volume visibility. Implement this tool and review volumes quarterly.
- Review all new integration projects for DAA impact: Before deploying any new system that integrates with SAP, assess the Digital Access document impact and budget accordingly.
- Include DAA obligations in IT architecture standards: Establish governance that requires DAA impact assessment for any technology procurement decision that involves SAP integration.
- Negotiate DAA volume caps in contracts: When renewing SAP agreements, negotiate explicit DAA volume allocations that are sized to cover your current and projected document volumes with headroom.
- Maintain an integration registry: Keep an up-to-date register of all systems that integrate with SAP, the integration method (API, middleware, direct DB connection), and the SAP document types each integration creates.
Key Takeaways for Enterprise SAP Buyers
SAP indirect access and Digital Access represent the most significant unmanaged financial risk in most enterprises' SAP licensing positions. The key principles:
- Know your document volumes before SAP measures them
- Never respond to an SAP audit notification without independent legal and technical counsel
- Challenge SAP's document measurement methodology and volume findings — over-counting is common
- Negotiate Digital Access amnesty as part of any S/4HANA migration deal
- Implement proactive DAA monitoring to eliminate audit surprise
- Integrate DAA impact assessment into all new technology procurement decisions
IT Negotiations has defended enterprises against SAP indirect access and Digital Access claims across all major industries. Our advisors combine legal contract knowledge, technical SAP measurement expertise, and commercial negotiation experience to achieve the best possible resolution for clients. Contact us immediately if you are facing an SAP audit or Digital Access claim.
Facing an SAP Indirect Access or Audit Claim?
Our advisors have resolved hundreds of millions in SAP audit claims. We work on your side — no vendor affiliations, no conflicts. Get specialist support before you respond to SAP.