SAP Commerce on-premises (formerly Hybris) version 2205, the final on-premises release, reaches End of Mainstream Maintenance (EoMM) on July 31, 2026. After that date, SAP stops delivering security patches, bug fixes, and compliance updates. Your site won’t shut down on August 1, but the platform moves into a support model with a much thinner safety net.
If you’re running SAP Commerce on-premises (Hybris) today, this deadline is real, and timelines are tighter than most teams expect. The good news: you have options, and you don’t have to face this alone.
SAP Commerce EoMM is not the end of your platform. Rather, it’s the point where risk, cost, and roadmap pressure begin to increase faster. Organizations handling this transition successfully are creating a deliberate bridge strategy now, before support limitations become operational problems.
What the July 2026 Deadline Actually Means
SAP confirms that SAP Commerce 2205 is the final on-premises release and reaches End of Mainstream Maintenance (EoMM) on July 31, 2026, after which it transitions to customer-specific maintenance (CSM) with no further on-premises releases planned.
At that point, SAP will no longer provide security patches, support packages, legal change packages, or new functionality for SAP Commerce on-premises. The platform itself will continue to operate, but organizations will assume greater responsibility for ongoing support, risk management, and system stability.
Here’s what stops:
- Security patches: New vulnerabilities discovered after July 2026 stay open. SAP Commerce processes customer PII, payment data, and order information. Running unpatched commerce infrastructure can create PCI-DSS and GDPR exposure.
- JVM and dependency support: SAP stops shipping support for new JVM versions, third-party library updates, and database support changes. Running an unpatched JDK in production is a compliance risk on its own.
- Compliance updates: VAT rule changes, tax regulation updates, and data protection requirements will no longer ship. You’d need to modify SAP Commerce core compliance modules yourself — and most organizations lack the expertise to do that safely.
- Defect patches: You lose normal patch delivery for newly discovered defects or published vulnerabilities in dependencies.
There is no surcharge for customer specific maintenance (CSM). You can still open support cases and get workarounds if feasible, but the level of support coverage sharply diminishes. SAP stops shipping support packages, legal changes, third-party library updates, and new interfaces.
For most commerce teams, customer-specific maintenance is not a destination, but a temporary buffer for planning a controlled exit. While systems remain operational, support coverage becomes increasingly limited over time. Across SAP’s broader support model, organizations that postpone modernization initiatives often face higher long-term maintenance costs through extended support programs, which commonly add a two-percentage-point surcharge to annual maintenance fees.
The Case for Third-Party Support
This is where many organizations stabilize their position and where Spinnaker Support comes in.
Third-party support offers a practical, proven alternative to SAP’s post-EoMM CSM model. Rather than paying escalating fees for a reactive, limited support structure, organizations can transition to Spinnaker and receive:
- Dedicated, named engineers who know your environment — not a ticket queue
- Vulnerability monitoring, impact analysis, mitigation guidance, and custom remediation support to help protect your environment after SAP stops issuing patches
- Interoperability and custom code support for the deeply customized SAP Commerce environments most enterprises have built over years
- Significant cost savings — typically 50% or more compared to SAP maintenance fees — freeing up budget for strategic priorities
- Stability and peace of mind during the planning period, whether you’re evaluating migration, re-platforming, or extending your current investment
Third-party support doesn’t lock you into your current platform forever. It gives you the runway to make a smart, well-planned decision — on your timeline, not SAP’s.
The Security Reality After EoMM
Security is where EoMM becomes a primary concern quickly.
SAP Commerce processes some of the most sensitive data in your enterprise ecosystem: customer PII, payment information, pricing logic, and order management. After July 2026, SAP will no longer issue:
- Patches for newly discovered vulnerabilities
- Updates to third-party libraries (including encryption libraries)
- New JDK/JVM support
- Compliance adaptations for regulatory changes
That means every quarter after July 2026, your security posture on an unpatched SAP Commerce (Hybris) environment gets harder to defend to your CISO, to auditors, and to your own architecture review boards.
Spinnaker’s security-focused support teams help bridge this gap. We monitor vulnerability disclosures, assess impact on your specific environment, and work with you on remediation strategies, providing the kind of proactive, attentive coverage that SAP’s CSM model simply doesn’t offer.
Your Three Paths Forward
If you’re running SAP Commerce (Hybris) on premises today, here is an honest look at the three options in front of you:
Path One: Bridge Strategy: Extend and Plan with Third-Party Support
Stay on SAP Commerce on premises while you plan your next move deliberately. With Spinnaker Support in place, you reduce risk, control costs, and buy the time needed to evaluate migration options without the pressure of an artificial deadline forcing a rushed decision.
Best for: Organizations that aren’t ready to migrate, are managing competing transformation priorities (like planning for the ECC/on-premises deadline in 2027), or simply want to right-size their migration timeline.
What it requires: A trusted third-party support partner, a clear security mitigation plan, and a defined planning horizon.
Path Two: Migrate to SAP Commerce Cloud
SAP positions Commerce Cloud (CCv2) as the natural successor to SAP Commerce on premises. For organizations deeply embedded in the SAP CX ecosystem — Emarsys, CDP, Sales Cloud, Service Cloud — and requiring native S/4HANA integration, this path offers continuity.
Be clear-eyed about what this involves: it is primarily a deployment migration, not an architectural transformation. The core Java backend, type system, and extension mechanism are largely the same engine. Customized Accelerator storefront templates do not migrate automatically, and SAP has deprecated Accelerator UIs with a hard end date.
The TCO reality: Some organizations report substantial increases in long-term operating costs after moving from SAP Commerce on premises to Commerce Cloud, particularly when implementation services, infrastructure, and ongoing platform fees are factored in.
Best for: Organizations tightly aligned with SAP’s roadmap and CX suite, for whom cloud deployment and native SAP integration outweigh cost increases.
Path Three: Strategic Re-platform
Use EoMM as the business case to reassess your entire commerce stack. If your organization is going to invest the time and budget of a migration anyway, the question becomes: does that investment also buy you architectural freedom?
Modern commerce platforms, whether they fit MACH architecture or an open SaaS model, integrate with SAP ERP via standard APIs and middleware. The ERP integration barrier that kept organizations on Hybris a decade ago is no longer a blocker. SAP ERP remains your system of record; the commerce platform becomes your experience layer.
Best for: Organizations willing to treat this as a five-year platform investment, with engineering capacity for a modern stack and a clear desire to move away from SAP’s release cycle.
| Factor | Bridge + Third-Party Support | SAP Commerce Cloud | Strategic Replatform |
| Cost | Lowest near-term | Highest | Moderate to high initially |
| Time to Stabilize | Immediate | 3-12 months | 6-12+ months |
| Security Coverage | Spinnaker-supported | SAP-managed | Platform-managed |
| Flexibility | Full planning freedom | Locked into SAP roadmap | Architectural freedom |
| SAP ERP Dependency | No change | Native | API via middleware |
| Risk during transition | Low | Moderate | Moderate to high |
What Smart Organizations Are Doing Right Now
The enterprises navigating this well share a few things in common:
- They’ve separated the deadline from the decision — EoMM is a forcing event, but it doesn’t have to force a bad outcome.
- They’ve engaged a third-party support partner to stabilize their environment and reduce cost while they plan.
- They’ve started the conversation early — architecture reviews, vendor evaluations, and data migration planning take longer than most teams expect.
- They’ve protected their security posture proactively, rather than waiting for a vulnerability to surface on an unpatched system.
The business risk after July 2026 is less about an immediate outage and more about running a revenue-critical system on aging dependencies that get harder to defend every quarter. Enterprise migrations typically take 4 to 9 months. The window for a non-rushed transition is closing.
Don’t Wait Until July 2026 to Start Planning
The organizations navigating SAP Commerce EoMM successfully are the ones acting now, before security exposure, compliance pressure, and support limitations become urgent operational problems.
Spinnaker Support helps SAP Commerce customers stabilize their environments, reduce risk, and create the breathing room to evaluate what comes next on their terms.
Get an SAP Commerce EoMM Readiness Review
We’ll help you assess:
- Current support and security exposure
- Customer-Specific Maintenance risk
- Commerce Cloud migration considerations
- Third-party support fit
- Timeline and roadmap options
