SAP API Policy Raises Questions For Gen AI Integrations

As a global leader in enterprise applications, SAP manages complex data flows that power 90% of the world’s supply chains. Over the past two years, enterprise technology leaders have connected Gen AI to these core business systems to drive operational efficiency.

A clause in SAP’s April 2026 API policy is now raising a fundamental question for many AI and technology leaders. Does the vendor permit the very architecture that customers and partners have been building at speed?

Section 2.2.2 of API Policy v4/2026 states that SAP APIs may not be used for “interaction or integration with (semi-)autonomous or generative AI systems that plan, select or execute sequences of API calls”. 

In practice, this restricts third-party AI agents from deciding how to fetch or move data within the SAP ecosystem.

Policy versus promise

The clause creates immediate legal concerns for enterprise innovators, particularly those that have built Copilot integrations or supply chain tools with live access to SAP data. These architectures may now be in breach of their SAP agreement.

Christian Klein, CEO at SAP, addressed these concerns on the company’s Q1 2026 investor call. He clarified that the intent is to protect SAP’s domain know-how and avoid performance degradation and adds that the policy is not meant to block customers from their own data.

Observers point out that legal rights and practical access architectures are different issues. Despite these assurances, the policy text remains unchanged.

Stefan Nogly, CTO at the SAP User Group (DSAG), highlighted the customer perspective. He said: “In an era of increasingly heterogeneous architectures and intensive AI experiments, APIs are a key driver of innovation.” 

He calls for clarification and adaptation to avoid disrupting business-critical processes and to prevent organisations from becoming legally vulnerable.

Commercial tension and platform control

A deeper tension is commercial. Products such as SAP Joule, SAP Business Data Cloud and Agent Gateway are currently the approved pathways for AI to interact with SAP data.

This raises a question over whether the policy structurally advantages SAP’s own AI offerings when compared with third-party alternatives.

DSAG describes this as a contradiction between restrictive rules and SAP’s public commitment to an open platform.

For customers, the effect is that architectural choice can narrow to SAP’s own methods if they want to maintain autonomous orchestration while staying compliant.

Compliance risks for manufacturers and logisticians

The practical implications are significant for industrial leaders. BMW Group, a publicly confirmed S/4HANA customer, is exploring Gen AI across manufacturing and supply chain operations.

Any AI workflow that queries SAP for live production order status or supplier intelligence appears to fall within the prohibition, particularly where API patterns sit outside the official SAP hub.

Technology leaders at BMW Group now need to assess whether piloted tools remain compliant. Rebuilding systems on SAP-approved pathways would involve significant and costly changes.

DHL Supply Chain relies on SAP Transportation Management (TM) and Extended Warehouse Management (EWM) at the core of global logistics operations. The company is deploying AI tools for dynamic routing, exception management and capacity optimisation. 

If these tools use agent-style API sequencing to read and act on SAP data, they appear directly captured by Section 2.2.2.

Because most modern AI orchestration frameworks rely on this approach, the impact could be widespread.

What enterprise leaders should do now

SAP’s new rule may restrict many forms of AI automation unless enterprises adopt SAP-approved methods. Leaders must determine whether performing AI on SAP data now, in practice, mandates a tighter alignment with SAP software.

A prudent first step is to inventory use cases that plan, select or execute API sequences. Teams should review agreements, document risk and engage SAP account managers and DSAG representatives for written guidance.

Where feasible, organisations can redesign integrations to call SAP via approved services such as Agent Gateway and place guardrails that prevent agents from making unsupervised sequencing decisions.

Until SAP issues formal clarifications or amends the text, enterprise AI programmes that depend on autonomous API orchestration within SAP should reassess their architectures and compliance posture to ensure that innovation does not become an unintentional breach.