In April 2026, SAP quietly published a policy update that every enterprise architect working with AI should read carefully. Version 4 of SAP’s API Policy includes a clause that restricts third-party AI agents from accessing SAP APIs — unless those agents operate through SAP-endorsed architectures. The policy has generated enough reaction from independent consultants, integration partners, and SAP’s own user communities to confirm that the stakes are real. But the broader significance isn’t really about SAP. It’s about a structural dynamic that’s been building across the enterprise software stack for some time, and SAP just made it explicit.
What SAP’s new API policy actually says
The operative language in Section 2.2.2 prohibits use of SAP APIs for “interaction or integration with (semi-)autonomous or generative AI systems that plan, select, or execute sequences of API calls” — except through SAP-endorsed architectures. In concrete terms, that means SAP’s own Joule copilot, Business Data Cloud, and the forthcoming Agent Gateway are the permitted pathways for agentic AI access to SAP data. Third-party AI tools — Microsoft Copilot, Claude, major agentic frameworks — are formally restricted unless SAP certifies the pathway. Use of undocumented or private APIs is prohibited immediately; the ODP RFC interface is being blocked starting July 2026, and SAP has reserved the right to throttle, suspend, or terminate access for non-compliant patterns.
It’s worth noting that SAP CEO Christian Klein offered reassurances on the Q1 2026 earnings call that SAP “wants an open platform.” The policy text, however, has not materially changed since those comments. Enterprises making architectural decisions based on vendor reassurances rather than published policy terms are accepting exposure that the policy language itself does not support.
The stability argument — and its limits
SAP’s stated rationale deserves honest consideration before analysis. AI agents create fundamentally different load profiles than human users. An automated agent executing a sequence of SAP API calls doesn’t pause, doesn’t throttle, and doesn’t observe the natural rhythm of human interaction with a system. For mission-critical ERP infrastructure running financial close, payroll, and supply chain operations, that’s a real engineering concern — not a manufactured one. The stability justification, on those terms, is legitimate.
Where the justification stops explaining the policy is in its scope. The policy doesn’t restrict high-volume or poorly-governed agent traffic selectively — it restricts third-party AI tools categorically. SAP’s own products are exempt from the same restrictions. Independent SAP consultants and the German-speaking SAP user group (DSAG) have both stated publicly that the restrictions appear broader than infrastructure protection alone warrants, and that the practical effect constrains enterprises themselves, not just integration partners. The asymmetry is worth naming plainly: enterprises using SAP-endorsed AI get a structurally faster and more capable integration path than enterprises using independent tools. That is not a neutral infrastructure decision — it’s a competitive positioning decision expressed through API policy.
A pattern across the enterprise software stack
SAP’s move is unusually explicit, but the underlying dynamic isn’t unique to SAP. Enterprise software vendors increasingly store irreplaceable business data, and the emergence of AI as the primary interface for working with that data creates a structural incentive to control which AI tools can reason over it. Salesforce has restricted third-party tools from indexing or using Slack data for AI model training, creating a durable advantage for Agentforce. ServiceNow enforces API rate limits on inbound agent traffic that constrain non-ServiceNow agents at scale. The pattern is consistent: vendors controlling data are also shaping the conditions under which AI can access it, and in most cases their own AI products benefit from exemptions that third-party tools don’t receive.
Enterprise procurement teams are starting to notice. There’s a growing trend of enterprises embedding contractual requirements that vendors maintain published API access for integration use cases and not discriminatorily restrict third-party AI tools relative to their own AI products. That’s a leading indicator of how sophisticated buyers are beginning to think about this class of risk. The question every enterprise needs to answer is not whether it trusts any particular vendor’s stated intentions, but whether its AI architecture depends on access conditions that can be changed unilaterally without contractual recourse.
What “independent data layer” means for AI strategy
The counter-architecture to vendor-controlled AI access is what practitioners are calling an independent data layer — a connectivity and integration tier that sits between enterprise systems of record and AI tools, one the enterprise controls rather than any application vendor. It governs how data is accessed, by which agents, and under what permissions, independent of any single vendor’s policy changes or product roadmap decisions. The independent data layer doesn’t move data into a new silo — it provides governed, live access to data where it already lives, without replication and without the access conditions being subject to upstream vendor revision.
The AI agility argument for this architecture is straightforward. When an enterprise owns its connectivity layer, it can change AI tools, add new agents, or incorporate new data sources without renegotiating vendor permissions or rebuilding integrations. That flexibility compounds in value as the AI tooling landscape continues to evolve rapidly — organizations that bet on a single vendor’s AI stack today are making a long-term architectural commitment with significant switching costs. The independent data layer is also what makes cross-vendor intelligence coherent: SAP is one system in most enterprises, running alongside Salesforce, Workday, ServiceNow, and others. An AI architecture that depends on each vendor’s blessed AI pathway produces fragmentation, not a unified view of the business. We’ve written more about why 2026 is the critical year for enterprise-ready MCP adoption if you want to go deeper on the structural shift.
| Vendor-native AI path | Independent data layer |
AI tool choice | Vendor's AI only | Any AI (Claude, Copilot, Gemini, etc.) |
Access governed by | Vendor policy | Your organization |
Multi-system data access | Single vendor scope | Cross-vendor (SAP + Salesforce + Workday) |
Exposure to policy change | High | Low |
Data stays in place | Sometimes | Yes — live access, no replication required |
What to audit in your current SAP integration architecture
For IT and data leaders, the immediate practical question is whether existing SAP integrations are in a compliant posture relative to the new policy — and what the remediation path looks like for those that aren’t. There are three risk categories worth auditing now:
Use of undocumented or non-published SAP APIs (those not listed on the SAP Business Accelerator Hub or described in product-specific documentation)
Third-party AI tools that call SAP APIs directly without going through a compliant intermediary
Pipelines built on ODP RFC, which will be blocked starting June 2026
A useful starting audit sequence: inventory all systems and tools that query SAP data today, including AI tools and automated pipelines; assess whether those calls go through published Business Accelerator Hub endpoints; identify any ODP RFC dependencies that need migration before June; and map which agentic workflows would break first if SAP further restricts non-endorsed access. One important architectural note from the policy itself: SAP explicitly prohibits circumvention through proxies, intermediary services, or custom code. Workarounds are not a compliant fallback — the policy closes that door directly. The path forward is governed access through published, documented interfaces.
The contractual dimension: making openness a requirement
The SAP API policy was revised within a week of its initial publication, which illustrates the practical risk of relying on vendor goodwill rather than contractual commitments to maintain integration access. Enterprises that currently have no contractual language governing vendor API access are exposed to unilateral future changes with no recourse. The technical architecture and the contractual posture need to work together.
Procurement teams negotiating SAP agreements — new or renewal — should consider making API access and AI tool interoperability explicit contractual requirements: the vendor maintains published API access for integration use cases and does not discriminatorily restrict third-party AI tools relative to its own AI products. This kind of clause is becoming real practice in sophisticated enterprise negotiations across major SaaS platforms. The combination is what provides durable protection: the independent data layer provides technical insulation from vendor policy drift, and the contractual clause provides the legal leverage to enforce the commitment. Neither alone is sufficient.
Frequently asked questions
Does CData comply with SAP's API policy?
CData connectivity accesses SAP data through published RFC interfaces using RFC_READ_TABLE — not ODP-RFC, which is the specific mechanism SAP Note 3255746 targets and which SAP is blocking for third-party applications starting June 2026. The restriction that has affected replication-based SAP integrations does not apply to CData's SAP driver. CData customers are not affected by that ban.
What SAP systems does CData support?
CData supports SAP S/4HANA (on-premises and cloud), SAP HANA, SAP Business One, SAP SuccessFactors, and SAP Concur, among others. Access is OAuth-authenticated and scoped using role-based permissions.
What's the difference between using CData Connect AI versus SAP's endorsed AI stack?
SAP's endorsed stack — Joule, Business Data Cloud — provides tight integration for SAP-native AI workflows but limits AI tool choice to what SAP has certified. Connect AI is AI-tool agnostic: the same SAP connection can feed Claude, Copilot Studio, Gemini, IBM watsonx, or any MCP-compatible agent. Enterprises that want freedom to choose or change AI tools should own that connectivity layer independently. For more on how Connect AI handles the security requirements that come with that flexibility, see How to Secure MCP for Enterprise.
What should I do if I have existing AI integrations that call SAP APIs directly today?
Audit which APIs those integrations use. Integrations using published Business Accelerator Hub endpoints are in a compliant posture. Integrations using undocumented or internal APIs, or making high-volume agentic calls without a governed intermediary, need remediation before SAP's July 2026 enforcement of the ODP RFC restriction.
Access SAP data on your terms with CData
CData solutions access SAP data through published RFC interfaces using RFC_READ_TABLE — not ODP-RFC, which is the specific mechanism SAP Note 3255746 targets and which SAP is blocking for third-party applications starting June 2026. The restriction that has affected replication-based SAP integrations — tools like Azure Data Factory and Qlik Replicate that rely on ODP-RFC — does not apply to CData’s SAP connectivity. Connect AI customers are not affected by that ban.
In practical terms, CData Connect AI is a managed MCP platform that provides governed, real-time access to SAP data — and hundreds of other enterprise sources — through a single, AI-neutral endpoint, without data replication or vendor lock-in. Because Connect AI exposes SAP data as an MCP server, any AI that supports MCP — Claude, Microsoft Copilot Studio, IBM watsonx, Google Gemini, n8n — can query the same governed SAP data through the same endpoint. No rebuilding the integration for each AI tool. No dependency on SAP’s certified pathway list. CData covers SAP S/4HANA, SAP HANA, SAP Business One, SAP SuccessFactors, SAP Concur, and more — giving enterprises a single connectivity layer across SAP’s product surface and across the rest of the enterprise stack. It just so happens that the architecture that keeps your SAP integration policy-compliant today is the same architecture that keeps your AI options open for whatever comes next.
Your enterprise data, finally AI-ready.
Connect AI gives your AI assistants and agents live, governed access to any enterprise system — so they can reason over your actual business data, not just what they were trained on.
