SAP has updated its API policy to prohibit autonomous AI agents, including OpenClaw and other third-party tools, from accessing customer data unless they operate through SAP-endorsed integration pathways. The policy, last updated April 27, makes SAP the first major enterprise software vendor to publish formal restrictions targeting agentic AI access at the API level.
The Policy Language
The API policy document states that SAP prohibits API use for “interaction or integration with (semi-) autonomous or generative AI systems that plan, select, or execute sequences of API calls” and for “scraping, harvesting, or systematic and/or large-scale data extraction or replication,” except through SAP-endorsed routes. The scope is broad: any AI agent that autonomously chains API calls against SAP systems falls under the restriction.
The Information reported that SAP published the policy as a customer-facing document outlining how to install “tollgates” preventing unauthorized AI agents from reaching enterprise data. OpenClaw, the open-source agent framework with 3.2 million users, was named explicitly.
Consultant Backlash
The policy triggered immediate pushback from the SAP ecosystem. Independent SAP consultant Marian Zeis told The Register the changes were “more restrictive than the community expected” and warned they could affect customers directly, not just partners. Zeis pointed out that SAP’s list of documented APIs is not kept current, which forces developers to rely on undocumented APIs for legitimate use cases. Under the new policy, that workaround becomes a compliance risk.
German newspaper Handelsblatt reported the policy had “sparked immediate controversy,” with reporter Christof Kerkmann noting it appeared the document may have been published by mistake before SAP intended.
SAP’s Defense
On an investor call last week, CEO Christian Klein said customers would not pay to access their own data and claimed SAP wants to keep its architecture open, including for third-party AI agents. “Obviously, when there is mass data requests or millions of calls coming towards an API, we need to start throttling those APIs, because otherwise the customer is ending up in performance issues on the application side,” Klein said.
An SAP spokesperson told The Register the updates “clarify design-intended use of SAP interfaces, align with industry standard cloud practices, help protect system stability and customer data, and provide guidance on supported integration patterns, without changing customer data ownership.”
The Security Argument
Alisdair Bach, head of SAP practice at consultancy Dragon ERP, told The Register there is a legitimate security rationale for tighter controls. “We are moving into a landscape where enterprise systems are being tested constantly. Not occasionally, but continuously,” Bach said. “AI-driven agents can probe weak access points far faster than any human ever could. In that environment, loose integration patterns are not just inefficient. They are vulnerable.”
The Lock-In Question
The counter-argument from consultants is that SAP is bundling competitive AI gatekeeping inside a security wrapper. Under the new policy, customer data inside SAP becomes accessible only to AI tools SAP has endorsed, which includes its own Joule assistant and the Anthropic-powered integrations announced last year. Microsoft Copilot, Salesforce Einstein, and a long tail of agentic vendors that build SAP connectors now face uncertainty about whether their existing integrations qualify as endorsed.
For the FTSE 350 and Fortune 500 companies running SAP across finance, supply chain, and HR, the policy creates an immediate procurement question: which existing AI integrations have SAP-endorsed status, and what do the renewal terms look like? The UK’s Competition and Markets Authority has previously examined cloud and enterprise software lock-in as a competition concern. This policy is likely to surface in the next round of that review.