If you thought that following the German DSAG annual congress it was all smooth sailing and calm waters for customers, SAP might just have a surprise stocking stuffer for all of us. At DSAG it was announced that SAP was planning to put a hold on premature Indirect Access non-compliance claims based on the output from their preliminary detection tool (read our critical review here) – that is until USMM 2.0 will be able to accurately count customers’ annual consumption of business documents. It was believed customers would be safe in the interim, but instead SAP has begun employ a different strategy during audits with customers. That story is topped only by rumors that SAP is about to release yet another iteration of the Indirect Access licensing model in 2019 due to mounting antitrust pressure in Europe.

What happened during the last 10 months?

In April, SAP released a radically new licensing model for Indirect Access to SAP systems that was touted as an optional choice for existing customers. Under this new model, 9 different document types are subject to licensing fees if they are generated by 3rd party software that interfaces with SAP’s ‘Digital Core’ (ECC or S/4). How SAP was planning to accurately measure these documents in a fair way for customers remained a mystery.

Fast forward three months to the summer of 2018, and SAP released “Note 2644139”, with which customers could approximate their future license spend required by SAP’s new Indirect Access policies. Our analysis of SAP’s preliminary detection method found multiple flaws that caused inflated consumption rates. The fact that all documents in all systems were counted regardless of their source didn’t exactly make this preliminary easy to use or interpret.

So what now?

To help customers with their objective analysis of potential non-compliance, we included SAP’s preliminary tool into samQ to enable an automatic data analysis. Now there’s not only the possibility to use samQ’s existing Indirect Access Risk Dashboard which flags flagged 3rd party software interfaces that pose a legitimate risk for Indirect Access fees. We also improved on SAP’s inaccurate detection methodology by only counting cost-relevant documents created by 3rd party software. These results are then processed by our License Advisory Group to create a licensing strategy for our customers that minimizes risk and additional spending.

By now, SAP has incorporated the same flawed version of its detection tool into its official USMM / LAW audit protocol. USMM now spits out a huge pile of generated documents when run – whether created directly or indirectly. Here’s the problem with that approach from the perspective of an unknowing customer: SAP’s creative sales teams figured that they can surely generate sales from these mountains of detected documents. The assumption? There must surely be some amount of legitimate Indirect Access within USMM’s output – so why not offer customers to prepay for their randomly estimated consumption of documents as part paired with a nice year-end discount?

What does that mean for SAP customers?

Quite simply, customers’ IT Procurement and SAP teams who have never dealt with Indirect Access are suddenly confronted with a pile of generated documents measured by USMM. SAP’s audit and sales team do not clearly communicate that this audit output is inaccurate. Even worse: the underlying license model discussed earlier doesn’t even apply to existing customers automatically. To the contrary, the information is presented as fact based on a ‘finger in the wind’ assumption that within an abundance of detected documents, at least some must have certainly been created indirectly.

Industry analysist have long argued that SAP’s driving force behind Indirect Access fees is the fact that it’s proven itself a venerable revenue generator to compensate for revenue lost in other areas. Despite multiple revisions in its approach and user group inquiries, SAP still can’t measure reliably which customer is a potential target for Indirect Access conversations. We believe this prompted this latest innovation by SAP’s sales teams: just ballpark it.

This means that a number of customers already paid SAP additional licensing fees for a percentage of their detected business documents without having any exact numbers to rely on. It’s a catch 22: as a customer you have no idea if the data SAP presents you with is a legitimate non-compliance issue. On the other hand you cannot easily prove that it isn’t. So, is it time to just pay up?