SAP Licensing in M&A: Audit Risk
SAP licensing in M&A is driven as much by the systems that touch SAP as by named users. Indirect access, user classification and engine metrics all become a buyer exposure.
SAP licensing in M&A is a distinctive exposure because the largest risk is not always the software a target runs directly, but the systems and people that touch SAP indirectly. SAP holds a contractual audit right, measures named users and engine metrics, and since 2018 prices indirect or digital access by the documents created in SAP rather than by the human logging in. For an acquirer, that turns an integration plan into a licensing question that standard diligence rarely sizes.
Why SAP licensing in m&a is a deal risk
SAP licensing rests on two pillars: named users, classified by role and priced very differently, and engine or package metrics tied to volume such as orders, revenue or documents. Acquired estates routinely carry users misclassified into cheaper categories and engines consuming more than entitled. A transaction is when SAP measures the gap.
The public proof points are large. SAP pursued AB InBev for a reported 600 million dollars and pursued Diageo over indirect access, a dispute decided in SAP UK Ltd v Diageo Great Britain Ltd in 2017 (SAP UK Ltd v Diageo Great Britain Ltd [2017] EWHC 189 (TCC), as of June 2026). Those cases show how a connected system, not a named SAP user, can drive a claim into eight or nine figures.
Where SAP exposure hides
Indirect, or digital, access is the headline risk. When a customer relationship system, an ecommerce front end or a bolt on application reads or writes SAP data, SAP can treat the documents created as licensable. After an acquisition, integrating the target systems into SAP can create exactly this exposure, often without anyone noticing until an audit.
User classification is the quieter risk. Professional, limited professional and self service users carry very different prices, and acquired populations are frequently classified to minimise cost rather than to reflect actual use. An S/4HANA conversion sharpens both issues, because it forces a fresh measurement and a move toward the digital access model.
| Risk area | How it arises | Buyer action |
|---|---|---|
| Indirect access | Connected apps create SAP documents | Map every interface into SAP |
| User classification | Roles priced to minimise cost | Reclassify users to real usage |
| Engine metrics | Volume exceeds entitlement | Reconcile measured volume to contract |
| S/4HANA conversion | Forces fresh measurement | Model conversion before committing |
How SAP audits behave after a deal
SAP measurement typically starts with the standard system measurement, then moves to a more detailed review where indirect access and engine consumption are examined. The opening position often assumes the least favourable user classifications and counts every connected document as licensable, which produces a headline number built for negotiation.
The defence mirrors the Oracle pattern: reconstruct what is genuinely owned, reclassify users to their real activity, and separate licensable digital access from system to system traffic that should not count. For an acquired estate, the evidence usually has to be rebuilt because the target never kept it.
SAP and deal structure
In a stock purchase the SAP contracts ride with the entity, so historic misclassification and indirect access exposure transfer intact. In an asset purchase, SAP licenses may need consent to assign, and the buyer may have to relicense. In a carve out, the divested unit often used the parent SAP landscape and must stand up its own contracts, which is the moment to right size rather than replicate the parent estate.
Whichever structure applies, the integration roadmap should be tested for the indirect access it will create, because the cheapest time to fix that is before it exists.
What buyers should do about SAP licensing in m&a
Quantify SAP during software due diligence: classify users, reconcile engines, and map every system that touches SAP to size indirect access. Present a worst case and a likely settlement so the deal team can price the risk or hold an indemnity.
After close, M&A software audit defense challenges the SAP position, separating genuine licensable access from traffic that should not count. We are independent and paid only by the acquirer, so the goal is always the smallest defensible number.
Key takeaways
- SAP indirect access can drive a claim from systems, not named users.
- Public cases against AB InBev and Diageo show the scale of the risk, as of June 2026.
- User misclassification and engine overuse transfer with the target in a deal.
- An S/4HANA conversion forces a fresh measurement that can crystallise exposure.
Recommendations for buyers
- Map indirect access first. Inventory every system that reads or writes SAP data before integrating.
- Reclassify users. Match named user types to real activity rather than inherited labels.
- Model S/4HANA early. Test any conversion for its measurement and pricing impact before committing.
- Price the exposure. Carry a quantified SAP number into negotiation as an indemnity or holdback.
Frequently asked questions
Why is SAP a licensing risk in M&A?
SAP combines named user metrics, engine volumes and indirect access, all of which an acquired estate commonly exceeds. A transaction triggers measurement, so misclassified users and connected systems that were latent before the deal can surface as a large claim afterward.
What is indirect access and why does it matter in a deal?
Indirect access is when systems or applications, rather than named SAP users, read or write SAP data. SAP can license the documents created. Integrating a target into SAP after a deal often creates this exposure, which is why interfaces should be mapped before integration.
How large can SAP exposure be?
Very large. SAP pursued AB InBev for a reported 600 million dollars and pursued Diageo over indirect access in a 2017 ruling. These public cases show how connected systems can drive claims into eight or nine figures, as of June 2026.
Does an S/4HANA conversion increase risk?
It can. A conversion forces a fresh system measurement and a move toward the digital access model, which can crystallise user classification and indirect access exposure that was previously unmeasured.
Can inherited SAP exposure be reduced?
Yes. Reclassifying users to their real activity, reconciling engine volumes to entitlement, and separating licensable digital access from system to system traffic can move a headline demand down substantially with evidence.
When should SAP exposure be assessed?
Before signing. Quantifying user, engine and indirect access exposure during due diligence lets the buyer price it, negotiate an indemnity or plan the integration to avoid creating new exposure.
Quantify your inherited SAP licensing exposure.
We size SAP named user, engine and indirect access exposure before signing and defend it after close. Independent, buyer side, paid only by the acquirer.