 |
SAP’s recent announcement on restrictions to AI agents using APIs to access data has raised questions and concerns across the sector and among CISPE members. We feel that the announcement poses an additional risk of customer lock-in, a restriction of data portability and potentially non-compliance with Data Act and European competition law. As such, we will ask the European Cloud Competition Observatory (ECCO) to scrutinise these moves. |
AI and agentic systems are rapidly becoming the main interface through which data is accessed, moved and used. For customers operating in hybrid, multi-cloud ecosystems – something that the Data Act is designed to facilitate and encourage, AI Agents are increasingly the tools they turn to in order to leverage their data assets. For cloud service providers they offer innovative and effective ways to develop and deploy new services that deliver what customers want and need. Limiting the interaction of AI Agents across environments, especially with dominant ERP systems isn’t just a technical tweak, it could be a strategic play to lock-in customers and preference SAP’s own cloud services.
CISPE is concerned that SAP’s actions, introduced to “safeguard solution health and security, promote equitable access,” may in fact breach the Data Act. The Act is quite explicit in its aims: users must be able to switch, port data, and operate across providers without artificial friction. Security is important, but here too, the Data Act is clear that security cannot be used as a blanket excuse to deny interoperability and portability of data. Using its API policy as digital border patrol able to deny access to AI Agents from 3rd party providers certainly breaks the spirit if not the letter of the law.
SAP’s large market share in business-critical ERP systems, and its well-publicised desire to move customers to SAP Cloud raise additional concerns related to fair competition. SAP’s restriction of AI Agent access could be a way to self-preference and steer customers to its own cloud and AI solutions.
CISPE created ECCO following its agreement with Microsoft as a way of maintaining scrutiny on large cloud service providers and software companies to ensure that their actions were fair, abiding by European regulation, and aligned with CISPE’s Ten Principles for Fair Software Licensing. As Europe endeavours to strengthen its sovereign cloud and AI capacity it is vital that we remain focused on protecting a genuinely open, multi-cloud Europe. Even European champions such as SAP should not be given a pass if they seek to reinvent vendor lock-in, or use their dominance to disadvantage competitors in the AI era.