M&A Software Audit Risk

How SAP Targets Recently Acquired Companies

SAP reads an integration as an opportunity. New systems begin reading SAP data, user populations get reclassified, and digital access enters the conversation. This page sets out how SAP works after a deal and how a buyer keeps the named user and indirect access exposure in hand.

How SAP targets recently acquired companies matters to any buyer inheriting an SAP estate, because SAP licensing rewards exactly the conditions a deal creates. Integration connects new systems to SAP, merges and reclassifies user populations, and changes data flows faster than any record can keep pace. SAP measurement, the publisher's term for its compliance process, is designed to find the gap that opens in that period. The result, if a buyer is unprepared, is a named user and indirect access claim that can dwarf the cost of the underlying software. This page explains the mechanics, as a child of the cluster on M&A software audit risk.

How SAP targets recently acquired companies after integration

SAP does not need to behave aggressively to benefit from a deal. Its licensing model is built around two measures that integration disturbs almost automatically: named users and the use of SAP data by other systems. When an acquirer begins to connect its applications to the target's SAP environment, or merges two user directories, the licensable picture changes immediately, while the documentation does not. SAP account teams track ownership changes through public filings and renewal conversations, and a self declaration or a formal measurement run then prices the gap. Because the buyer is mid integration and the target's SAP knowledge has often walked out the door, resistance is low. That combination of rising exposure and falling visibility is why SAP measurement so often follows a transaction.

Named user classification and the cost of getting the mix wrong

SAP licenses people as named users, classified by type such as Professional, Limited Professional, and Employee, each at a different price. The classification is meant to reflect what a user actually does, but in practice it drifts, and a merger accelerates the drift. Two workforces are combined, roles are duplicated, leavers are not removed, and contractors are counted as full professionals. When SAP measures the system, it reclassifies users against actual activity and against the contracted mix, and the gap between the assumed and the measured population becomes a charge. The fix is unglamorous but effective: clean the user master, remove duplicates and leavers, and reclassify down to the correct type before the measurement, not after.

Indirect access after an integration A diagram showing acquirer systems and third party applications connecting to a target SAP system, creating digital access that is licensable even though the users never log in to SAP directly. Acquirer CRM Ecommerce platform Logistics bot Target SAP system data read = digital access
After integration, acquirer systems read SAP data without any human logging in. SAP treats that machine to machine use as licensable digital access.

Indirect access, the exposure buyers underestimate

The exposure that most often surprises buyers is indirect access, which SAP now frames inside its digital access model. The principle is that SAP data has value wherever it is used, not only where a person logs in. When an acquirer connects its own customer system, an ecommerce front end, or an automated process to the target's SAP environment, those systems read and write SAP data, and SAP treats that use as licensable. Because the connections are built by integration engineers solving a technical problem, no one in procurement sees them coming. SAP can then price the resulting document throughput under digital access, and the number can be large precisely because automated systems generate high volumes. Buyers should map every interface into and out of an inherited SAP system before connecting anything new, a discipline explored in indirect access and audit risk after a merger.

SAP exposure points that integration disturbs
ExposureWhat SAP measuresIntegration trigger
Named usersUser type and activity against contracted mixTwo workforces merged without cleanup
Indirect or digital accessDocuments created by connected systemsAcquirer apps connected to target SAP
Engine and package metricsOrder volume, revenue, or recordsCombined volumes cross contract tiers
S/4HANA conversionNew baseline and digital accessMigration of the inherited estate

Key takeaways

  • SAP exposure grows fastest during integration, exactly when the buyer can document it least.
  • Named user classification drifts when two workforces merge, and SAP measurement reclassifies the gap into a charge.
  • Indirect access through digital access is the most underestimated SAP risk, driven by system to system connections.
  • An S/4HANA migration is a natural moment for SAP to reset the baseline, so resolve the position first.
  • Public cases show inherited SAP exposure reaching hundreds of millions once it is measured.

Engine metrics and the volumes a merger changes

Beyond users and access, SAP licenses many components by business volume, such as orders processed, revenue recognised, or records held. These engine and package metrics are easy to overlook because they are not about people at all. A merger that combines two order books or two customer bases can push the combined volume past a contracted tier, creating a shortfall against a metric no one was watching. The exposure is genuine but it is also forecastable, because the volumes are visible in the businesses being combined. A buyer that models the post integration volumes against the inherited contract tiers can see the breach coming and negotiate before SAP raises it, rather than after.

Why the S/4HANA migration changes the calculus

Many inherited SAP estates are headed for S/4HANA, and that migration deserves care. A conversion is a natural moment for SAP to revisit the entire licensing baseline, including digital access, because the contract and the technical platform are both changing at once. A buyer that migrates an unmeasured estate effectively asks SAP to price the inherited gap as part of the move. The better sequence is to resolve the existing named user and indirect access position first, on the buyer's terms, and only then plan the S/4HANA path. That way the migration carries a clean baseline rather than importing a liability the deal created.

How a buyer gets ahead of SAP

The defensible response mirrors the risk. Before signing, a buyer should build an independent view of the target's named user mix and its system connections, so the exposure can be priced into the deal or held back. During integration, the buyer should map every interface before connecting new systems, and clean the user master before any measurement. And where an S/4HANA move is planned, the buyer should sequence the licensing resolution ahead of the technical migration. The scale of getting this wrong is on the public record. As of mid 2025, SAP pursued AB InBev for a reported 600 million dollars and Diageo for a reported 60 million over disputed and inherited licensing, the clearest available evidence that these exposures are real and large. The lessons of those cases are drawn out in the AB InBev and Diageo SAP cases.

Recommendations for buyers

  1. Map every SAP interface before integrating. Know which systems read SAP data so digital access cannot grow unseen.
  2. Clean the user master before any measurement. Remove duplicates and leavers and reclassify users to the correct type.
  3. Model engine metrics on combined volumes. Check orders, revenue, and records against contracted tiers before a breach is raised.
  4. Sequence licensing ahead of S/4HANA. Resolve the inherited position before a migration resets the baseline.
  5. Price the exposure into the deal. A measured number can be escrowed or covered by warranty and indemnity.

The carve out angle: shared SAP and transition services

Carve outs sharpen the SAP risk in a particular way. When a buyer acquires a division that ran on the seller's shared SAP system, the target does not arrive with its own clean instance. It arrives dependent on a system it does not own, usually under a transition services arrangement that keeps the lights on for a fixed period. During that window the buyer must stand up its own SAP environment or migrate to another platform, and every choice carries a licensing consequence. Copying configuration, users, and interfaces from the seller's system can replicate indirect access and named user exposure into the new estate. Running the carved out unit on the seller's licenses beyond the agreed terms can itself be a breach. The transition period feels like breathing room, but it is the moment the new SAP position is set, often by engineers under deadline rather than by anyone weighing the licensing. A buyer should treat the SAP target operating model as a diligence item, not a transition afterthought, and design the destination estate before the clock starts.

How SAP targets recently acquired companies, in one line

How SAP targets recently acquired companies comes down to the two measures a deal disturbs most: who is classified as a user and which systems read SAP data. Integration grows both faster than the documentation can follow, and SAP measurement prices the gap. A buyer that maps interfaces, cleans the user base, models volumes, and sequences any S/4HANA move turns a predictable exposure into a managed one. We do that work on the buyer side only, paid solely by the acquirer.

Independent and buyer side. We act only for the acquirer. We hold no affiliation with any software publisher or reseller and are paid solely by you. This page is commercial and licensing guidance, not legal advice. Confirm any contractual interpretation with your own counsel.

Frequently asked questions

Why does SAP focus on recently acquired companies?
Because integration is when SAP exposure grows fastest. New systems connect to SAP and read its data, user populations are merged and reclassified, and the buyer is least able to document what is happening. SAP measurement targets exactly that period of change and low visibility.
What is indirect access and why does it matter after a deal?
Indirect access, which SAP frames within digital access, is the use of SAP data by people or systems that do not log in to SAP directly. When an acquirer connects its own applications to the target's SAP system, those connections can create licensable use that no one ordered. It is the most cited and most misunderstood SAP exposure in M&A.
How does SAP named user licensing create risk in an acquisition?
SAP named users are classified by type, such as Professional or Limited Professional, and each carries a different price. When two workforces merge, users are often over classified or counted twice. SAP measurement reclassifies them, and the gap between the assumed and the measured mix becomes a charge.
How does SAP find out about an acquisition?
From public announcements, filings, and its own account management. A consolidated contract, a renewal conversation, or an S/4HANA migration discussion all reveal the change. SAP account teams track ownership so they can align the commercial relationship with the new group.
Does an S/4HANA migration increase the risk?
Yes. A migration to S/4HANA is a natural moment for SAP to revisit the licensing baseline, including digital access. Buyers planning to move an inherited estate to S/4HANA should resolve the existing position first, so the migration does not import an unmeasured liability.
How large can an inherited SAP claim be?
Very large. As of mid 2025, SAP pursued AB InBev for a reported 600 million dollars and Diageo for a reported 60 million over disputed and inherited licensing. Those public cases show the scale that named user and indirect access exposure can reach once measured.

Quantify the SAP exposure the deal creates.

We measure named user classification and indirect access across the combined estate and build the defensible SAP position before a measurement is requested, on the buyer side only.

Request an audit risk assessment