thomas.wieberneit@aheadcrm.co.nz
SAP Draws a Perimeter around Agentic AI and What That Means for the Rest of US

SAP Draws a Perimeter around Agentic AI and What That Means for the Rest of US

by | Apr 29, 2026 | Analysis, Blog |

The most consequential enterprise AI governance document published this year arrived in late April with surprisingly little fanfare. SAP’s updated API Policy, version 4/2026, is a short document in plain English. The clause that is most interesting is Section 2.2.2. It restricts how autonomous and generative AI systems are permitted to interact with SAP APIs. Read literally, it has the potential to change the architecture of agentic AI projects across every SAP customer landscape. Read carefully, it is also more interesting than the lock-in headlines suggest. The policy targets a specific category of AI behavior, not AI as such. It connects to commercial mechanics that go well beyond API stability. And the literal text, in its current form, will probably not survive the next two policy revisions intact. There is a lot to unpack. I will walk through what the policy actually says, how the SAP-watching community is reading it, what the rest of the major enterprise vendors are doing in comparison, what counts as an “endorsed architecture”, and what customers and partners should be doing about it now. I’ll close with a view on whether the policy can stand the test of time. What Section 2.2.2 actually says The operative sentence is direct. “Except through and within the limits of SAP-endorsed architectures, data services, or service-specific pathways expressly identified and intended for such purposes, SAP prohibits API use for interaction or integration with semi-autonomous or generative AI systems that plan, select, or execute sequences of API calls”. The same paragraph also prohibits scraping, harvesting, or systematic large-scale data extraction. Three things flow from that. First, only Published APIs,...