SAP audits in Germany run through annual system measurement (USMM/LAW) and the highest-value findings come from indirect / digital access and named-user misclassification, all sharpened by the S/4HANA 2027 conversion deadline. This page covers the SAP climate in Germany, the local legal and works-council context, and the firms that defend the pair — listed alphabetically with pros and cons, not ranked.
Last reviewed: 5 June 2026
SAP is headquartered in Germany, and its home market has one of the densest SAP install bases in the world — manufacturing, automotive, chemicals, the Mittelstand and the DAX names all run large ECC and S/4HANA estates. Around 30% of organisations report an SAP audit at least once. Compliance is measured through SAP Global License Audit & Compliance (GLAC), with annual system measurement run by the customer using USMM and consolidated through LAW, then reviewed by SAP.
The signature high-value finding is indirect — now “digital” — access: third-party or custom systems (Salesforce, e-commerce front-ends, bots, EDI) that read or write SAP data can trigger licensing under SAP’s 2018 document-based model, counted per document rather than per user. Named-user misclassification (Professional versus Limited Professional versus self-service) is the other recurring gap, and the S/4HANA 2027 mainstream-maintenance deadline is driving conversion-linked measurement and re-licensing across German estates.
The named-user, indirect/digital-access and S/4HANA mechanics that decide the number, the same worldwide but enforced locally.
ECC and S/4HANA users are licensed by type (Professional, Limited Professional, self-service); misclassification is a recurring finding.
Third-party systems reading or writing SAP data trigger the 2018 document-based digital-access model — the signature high-value finding.
SAP engines are measured on their own metrics (orders, records, cores); each must be reconciled against entitlement.
Annual self-measurement runs through USMM per system and consolidates via LAW before SAP’s GLAC review.
The 2027 maintenance deadline drives conversion-linked re-measurement and a fresh look at the licence position.
Digital access is counted per document; how documents are defined and de-duplicated moves the number materially.
Germany is a civil-law jurisdiction governed by the Bürgerliches Gesetzbuch (BGB). The standard limitation period for contractual claims is three years under §195 BGB, running from the end of the year in which the claim arose and the creditor became aware of it, subject to the agreement’s terms. SAP’s audit rights are contractual, so the licence agreement and price-list definitions — including how named-user types and digital-access documents are defined — largely determine exposure. German courts have addressed indirect use (the well-known SAP/Diageo and AB InBev disputes elsewhere shaped the debate), and disputes are typically resolved by negotiated settlement.
Data handover is governed by the GDPR as implemented in the Bundesdatenschutzgesetz (BDSG), which constrains transfers of employee-linked and usage data to an offshore auditor. Distinctively, German co-determination law gives the works council (Betriebsrat) participation rights where measurement tools touch employee usage data, so usage measurement can require works-council involvement — a genuine procedural factor in German audits that does not exist in most jurisdictions. A well-advised buyer can use these constraints to shape scope and timing. Procurement culture favours precise, documented process.
This page is general information about the Germany legal and procurement environment and SAP’s audit practices, not legal advice for your situation. SAP’s program is described factually; figures are labelled indicative.
Listed alphabetically with balanced pros and cons — a directory, not a ranking.
Vendor- and tool-agnostic licensing boutique working across Microsoft, Oracle, SAP, Salesforce and IBM. Engagements run buyer-side, from compliance position through negotiation and ongoing optimization.
German vendor-neutral consultancy with a SAM and audit-defense practice across the DACH region, fluent in German contract and works-council practice.
Central- and Eastern-European SAM and audit-support boutique with its own SAM tooling, covering Adobe, IBM, Microsoft, Oracle, SAP and VMware.
Independent SAP-licensing specialist covering audit defense, indirect/digital access, S/4HANA conversion and renewal negotiation, with decades of SAP experience.
German licensing consultancy offering multi-vendor SAM and audit-management support across the DACH region.
Independent boutique with strong IBM and VMware/Broadcom review depth and broader multi-vendor coverage, known for current licensing-change analysis.
Independent SAP advisory focused on the licensing roadmap, audit defense and negotiation, including indirect/digital access and S/4HANA conversion.
Independent IT sourcing and negotiation advisor with no vendor ties, focused on large-enterprise deals across SAP, Microsoft, Oracle, Salesforce, ServiceNow and Workday.
DEMO — listings are compiled from public information and labelled demo until the verified registry is live. Firms are listed alphabetically, never ranked. Independence is shown as a pro; a reseller, Big-Four or vendor-side audit relationship is shown as a con — each a factual trade-off for you to weigh.
SAP matters in Germany resolve through negotiated settlement, very often bundled into an S/4HANA conversion or a RISE with SAP migration rather than litigation. What moves the number is the preparation: a clean USMM/LAW measurement, named users reclassified to the correct (and lowest defensible) type, indirect/digital-access documents defined and de-duplicated tightly, and the conversion modelled so the new licence position is negotiated deliberately rather than inherited. Timing against SAP’s quarter and fiscal year-end (31 December) is part of the leverage.
Indicative outcomes vary widely by estate and are not scored here: independent firms report meaningful reductions where user types and digital-access counting are corrected before SAP’s review, but any figure a firm cites is self-reported and indicative until independently verified.
Up to the SAP hub and the Germany hub, across to sibling markets and services.
Indirect (now “digital”) access is when a third-party or custom system — Salesforce, an e-commerce front-end, a bot, EDI — reads or writes SAP data without a named SAP user. Under SAP’s 2018 model it is licensed per document rather than per user, and it is the signature high-value SAP finding. This is information, not legal advice.
SAP counts the initial documents created across nine document types (such as sales, invoice and material documents). How documents are defined, scoped and de-duplicated has a large effect on the number, which is why the counting methodology is central to any defense.
Conversion is the moment SAP re-examines and re-prices your estate, so it effectively forces a new licence position. That makes it both a risk and an opportunity: modelling the conversion in advance lets you negotiate the position deliberately rather than inherit SAP’s proposal.
It can. German co-determination law gives the Betriebsrat participation rights where measurement tools process employee usage data. That is a genuine procedural factor in German audits, and engaging it correctly is part of managing scope and timing.
No. Every firm covering SAP in Germany is listed in neutral alphabetical order with balanced pros and cons. Independence is shown as a pro and a reseller or partner tie as a con, never a ranking or a recommendation.
Tell us your situation and we route your brief to firms covering SAP in Germany. The directory and matching are free for buyers, no vendor ever sees your brief, and no firm is recommended over another.
Our weekly dispatch on vendor audit programs, regional developments and one buyer move. Subscribe to The Licensing Radar.