At some point, every SAP customer faces the same realization: The rules of the relationship can change, and they do not always change in your favor.
April 27, 2026 was one of those moments. SAP updated its API Terms of Use – without announcement or customer briefing – to prohibit using SAP APIs to connect any AI system capable of planning or executing sequences of actions, unless SAP has explicitly sanctioned the pathway. The implications are significant, specifically regarding ERP data control, and the industry reaction has been swift.
In plain terms: SAP now prohibits the use of its APIs to interact with third-party or autonomous AI systems outside of SAP-endorsed architectures. If you want an AI agent to access your SAP data, reason over it, and act, SAP has decided that only SAP-endorsed APIs can do so. For example, Joule, SAP’s own AI assistant.
Your data. Your system. Your infrastructure. But SAP will control who and how to access it.
At Spinnaker Support, we have been analyzing this policy closely. Here is what we think it really means, and why it should inform how you think about your AI strategy today.
What the Policy Actually Says
SAP’s updated Terms of Use include this language:
“Except through and within the limits of SAP-endorsed architectures, data services, or service-specific pathways expressly identified and intended for such purposes, SAP prohibits API use for: (a) interaction or integration with (semi-)autonomous or generative AI systems that plan, select, or execute sequences of API calls, and (b) scraping, harvesting, or systematic and/or large-scale data extraction or replication.”
In practical terms, this may restrict:
- Third-party AI agents from autonomously accessing your SAP environment
- Large-scale data extraction outside SAP-controlled pathways
- Any AI integration that sequences API calls without SAP’s blessing
SAP’s official position is that this protects system stability and customer data — a legitimate security argument, given that AI-driven agents interacting with enterprise APIs at scale do introduce real risks.
However, the policy goes further than that concern warrants. Rather than targeting rogue or unapproved agents specifically, it blocks all third-party AI agent integration. The practical effect is the same regardless of intent: the AI tools talking to your operational SAP data must be the ones SAP has approved, including its own. Indirectly, this policy enforces control over customer ERP data ownership and its usage.
Why This Matters: The Vendor Lock-In Pattern
This policy does not exist in a vacuum.
SAP customers are already navigating significant pressure as the December 2027 end of mainstream maintenance for on-premise SAP environments approaches. The RISE with SAP migration narrative is well-established, and SAP has been clear that its strategic direction is cloud. For organizations still working through what that deadline really means for their business, the API policy is one more data point in a broader pattern.
Consider what we have observed over the past 18 months:
- RISE with SAP bundling locks infrastructure, application management, and support into a single contract, limiting optionality
- Clean Core mandates are erasing decades of customer customization and their unique differentiation
- Compatibility Pack rights expired in May 2026, increasing commercial pressure for those still on S4/HANA on premise to forcefully move them to RISE
- Pricing for on-premise solutions has been unreasonably inflated to push customers towards cloud migration
- And now: The latest API restrictions already calling into question the true ownership and usage of customer ERP data in cloud environments
The direction is consistent. SAP is tightening its architecture. Each move, taken individually, has a plausible justification. Taken together, they represent a deliberate strategy to make the cost of independence progressively higher.
The ERP-Vendor-Agnostic Case Has Never Been Stronger
Here is the core principle Spinnaker Support has long held, and the SAP API policy makes it more relevant than ever:
ERP vendors can change the rules at any time.
This week, they did. And there is no reason to believe this is the last change.
When your AI strategy, your integration architecture, and your operational data access are all defined by your ERP vendor’s commercial roadmap, you have exchanged flexibility for dependency. That trade-off may not be visible today. It becomes visible when the policy changes, when the pricing changes, or when a capability you rely on is suddenly behind a new paywall or permission structure.
ERP-vendor-agnostic AI means:
- You choose the AI tools best suited to your business needs
- You control how your data is accessed, processed, and acted upon
- You retain the negotiating leverage that disappears when you are fully committed to a single vendor’s ecosystem
- You future-proof your architecture against policy changes you cannot predict
- You own your IT roadmap, rather than ceding it to a vendor who can change the playing field at any time
This is not an argument against SAP. It is an argument for maintaining the strategic freedom to make decisions based on what is best for your business, not what your ERP vendor permits.
What Customers Should Do Now
The 2027 deadline is real, and planning decisions made in the next 6 to 12 months will shape your cost structure and flexibility for years. Here is how we recommend thinking about this:
- Do not accept SAP’s pressure to move to the cloud without a clear business value proposition. SAP’s urgency narrative is deliberate. The 2027 end-of-mainstream-maintenance deadline creates real planning requirements, but it does not require a rushed decision on SAP’s terms. Moving without a clear business value proposition, or without fully understanding the implications for data ownership and control, is a risk that will outlast the deadline itself.
- Recognize that a wait-and-watch approach may be exactly right. Agentic AI is already reshaping ERP processes, and the landscape will look materially different in 3-5 years. Organizations that keep their options open now rather than rushing into a cloud-based subscription ERP model are often better positioned to adopt the right solutions when the market has matured. Patience, in this case, is a prudent strategy.
- Pressure-test your AI roadmap against vendor dependency. If your AI strategy runs exclusively through SAP-endorsed tools, ask what happens when those tools change, get repriced, or are deprecated. Build in optionality now, while the cost of doing so is still manageable.
- Evaluate third-party support as a strategy lever. Customers who have moved to third-party support consistently report greater negotiating leverage with SAP and more freedom to invest in the technologies that serve their business, rather than the ones SAP bundles. With 2027 approaching, the window to act strategically is narrowing.
- Use savings to fund a vendor-agnostic AI strategy. The commercial headroom created by moving to third-party support is an opportunity to invest in the AI strategy you actually want: One built around the tools best suited to your business, with data access and integration architecture that you control, not your ERP vendor.
The Bottom Line
SAP’s April 2026 API policy is a signal, not an isolated event. It reflects where SAP is heading: a tighter, more controlled architecture where access, integration, and AI capability increasingly flow through SAP-endorsed pathways.
Your data is yours. The decisions about how it is accessed, used, and controlled to support your IT and AI strategies should be yours as well.
Spinnaker Support helps SAP customers navigate exactly these moments. Whether you are evaluating your 2027 options, assessing your AI strategy, or looking for ways to reduce dependency and increase flexibility, we’re here to help.
