Icelandic organisations facing an SAP review are tested on how named users are classified, whether indirect or digital access pulls third-party systems into scope, and whether engine metrics and deployment match entitlement. This page covers the SAP audit climate in Iceland, the local legal context, and the firms that defend it, listed alphabetically with pros and cons, not ranked.
Published 19 December 2025 · Last reviewed 28 April 2026
SAP is a core ERP platform in Iceland across financial services, fisheries and seafood, energy and aluminium, retail and wholesale, and the public sector. With roughly 62–63% of organisations reporting a software audit within any twelve-month period globally, and around 52% now bringing outside defense help, Icelandic SAP estates carry real exposure despite the country’s small size, particularly where automation has grown around the core. These global figures are indicative and not specific to Iceland.
SAP reviews turn on the same levers as elsewhere: named-user classification (Professional versus Limited Professional and Employee types), separately licensed engine and package metrics, and above all indirect or digital access, where third-party and automated systems touching SAP data can trigger licensing under the 2018 document-based model. Migration to S/4HANA or RISE is where SAP re-prices the estate, so conversion timing and credits are part of any negotiation. Because Iceland is in the EEA, the procedural side of any review is shaped by GDPR.
The named-user classification, engine-metric, indirect/digital-access and S/4HANA-conversion mechanics that decide the number — the same worldwide, enforced locally.
SAP charges per named user by type (Professional, Limited Professional, Employee and others); users classified richer than they actually work are the single most common cost leak.
Third-party and automated systems that read or write SAP data can trigger licensing — since 2018 under a document-based digital-access model. It is SAP’s biggest and most contested exposure.
SAP ‘engines’ are licensed on their own units (orders, revenue, records, GB); each carries a separate measurement and reconciliation point beyond the user count.
SAP measures consumption through USMM and the License Administration Workbench (LAW); how the system is configured and how users are classified drives the declared position.
Migration to S/4HANA or RISE is where SAP re-prices the estate; conversion credits and contract conversion are a central negotiation lever.
Licensed versus genuinely-used named users and engines is the biggest swing, surfaced in the annual system measurement.
Iceland is a civil-law jurisdiction and an EEA member state (within the European Economic Area but not the EU). Contract formation and performance draw on general contract principles and the Act on Contracts No. 7/1936, while limitation is governed by the Act on the Limitation of Claims No. 150/2007, under which the general limitation period is four years — subject always to the SAP agreement’s terms and its choice-of-law and dispute-resolution clauses. Software is protected under the Copyright Act No. 73/1972 (as amended), which covers computer programs and treats unlicensed use as infringement. SAP agreements with Icelandic customers are commonly governed by a foreign law and routed through SAP’s regional contracting entity, while domestic disputes would otherwise point to the Icelandic courts or arbitration.
Because Iceland is in the EEA, data handover is governed by the General Data Protection Regulation (GDPR), as incorporated into Icelandic law and supervised by the Icelandic Data Protection Authority (Persónuvernd). Transfers of personal and employee-linked measurement data to an auditor are lawful within the EU and EEA and, beyond them, require an appropriate transfer mechanism, so a well-advised buyer can insist on controlled, GDPR-compliant processing. This is general information about the Icelandic market, not legal advice.
This page is general information about the Iceland legal and procurement environment and SAP’s audit practices, not legal advice for your situation. SAP’s program is described factually; figures are labelled indicative.
Listed alphabetically with balanced pros and cons — a directory, not a ranking.
ServiceNow-centric licensing and estate-reconciliation practice that also covers Salesforce, Oracle, Microsoft, SAP, IBM and Adobe. Reconciles entitlement against actual consumption ahead of renewals and reviews.
Independent multi-vendor SAM advisory and managed-service (ISAMaaS) boutique covering software asset management and optimisation worldwide.
Independent multi-vendor SAM managed-service provider with an audit-readiness focus, serving large multinationals from a London base since 2010.
Buyer-side independent licensing advisory with one of the broadest multi-vendor footprints, covering Oracle, Microsoft, SAP, IBM, Broadcom, Salesforce, ServiceNow and Workday.
Independent IT sourcing and negotiation advisor with no vendor ties, focused on large-enterprise deals across SAP, Microsoft, Oracle, Salesforce, ServiceNow and Workday.
DEMO — listings are compiled from public information and labelled demo until the verified registry is live. Firms are listed alphabetically, never ranked. Independence is shown as a pro; a reseller, Big-Four or vendor-side audit relationship is shown as a con — each a factual trade-off for you to weigh.
SAP claims in Iceland typically resolve through negotiated settlement rather than litigation, with SAP preferring to convert a finding into an S/4HANA or RISE migration commitment, additional named-user licences or a digital-access document subscription. What moves the number is an independent re-classification of named users, a defensible indirect and digital-access position, reconciling engine and package metrics, contesting deployment that is not actually in production, and timing the conversation against SAP’s quarter and fiscal year end (31 December). Because Iceland is in the EEA, GDPR transfer rules constrain how measurement evidence leaves the country, which in practice supports a buyer’s position on controlled, EEA-bounded processing.
Indicative outcomes vary widely by estate and are not scored here: independent firms report meaningful swings where over-classified users are right-sized or an over-broad indirect-access assertion is challenged, but any figure a firm cites is self-reported and indicative until independently verified.
Up to the SAP hub and the Iceland hub, across to sibling markets and services.
Yes. SAP runs an annual system measurement (USMM/LAW) and can escalate to a formal audit, applying the same named-user, engine and indirect-access levers as elsewhere. An independent Effective License Position built first is what keeps the conversation balanced. This is information, not legal advice.
As an EEA member, Iceland applies the GDPR, supervised by Persónuvernd. Sharing personal and employee-linked measurement data with an advisor is lawful within the EU and EEA and, beyond them, needs an appropriate transfer mechanism, so buyers can insist on controlled, GDPR-compliant processing — a legitimate lever over audit scope.
The general limitation period under the Act on the Limitation of Claims No. 150/2007 is four years, though SAP’s reach is also governed by the agreement’s terms and choice-of-law clause. Confirm the position for your specific contract with qualified Icelandic counsel.
When third-party or automated systems read or write SAP data, SAP may require separate licensing — since 2018 under a document-based digital-access model that counts documents created in SAP. It is SAP’s most contested exposure and a distinct workstream from named-user counting. This is information, not legal advice.
SAP customers run an annual self-measurement through the USMM transaction and consolidate it with the License Administration Workbench (LAW). How named users are classified and how the system is configured drive the declared position, so an independent review before submission is what keeps the conversation balanced.
No. Every firm covering SAP in Iceland is listed in neutral alphabetical order with balanced pros and cons. Independence is shown as a pro and any vendor or reseller tie as a con, never a ranking or a recommendation.
Tell us your situation and we route your brief to firms covering SAP in Iceland. The directory and matching are free for buyers, no vendor ever sees your brief, and no firm is recommended over another.
Our weekly dispatch on vendor audit programs, regional developments and one buyer move. Subscribe to The Licensing Radar.