The Coming Wave Of Indirect Access Disputes

A finance manager at a California company opens Microsoft 365 Copilot and asks, “Summarize our open purchase orders over $50,000 and flag anything unusual.” Copilot reaches SAP through a connector or other integration layer, builds the answer, and drops it into a dashboard she shares with four hundred colleagues. She is a licensed SAP user. The four hundred colleagues are not.

Is that indirect access? Does each of those four hundred colleagues now need an SAP Named User license? Does it matter if Copilot creates a purchase order on her behalf rather than just summarizing one? What if the whole workflow runs autonomously, with no human prompting the agent at all?

There is no clear AI-specific published guidance that answers those questions — and that is precisely the problem. SAP and Oracle are actively marketing AI-enabled products and integrations, customers are deploying them at speed, and the contract language that will ultimately be used to assess licensing exposure was drafted decades before anyone imagined an AI agent as a user.

This Is Not a New Problem — It Is the Diageo Problem in New Clothes

In 2017, the UK High Court ruled in SAP UK Ltd v. Diageo Great Britain Ltd that thousands of Diageo customers and sales representatives using Salesforce-based apps — apps that in turn exchanged data with SAP — constituted indirect users of SAP ERP. SAP claimed more than £54.5 million in additional license fees. The case settled before the damages phase, but the liability ruling became a touchstone for later indirect-access disputes and helped catalyze SAP’s move toward its current Digital Access model, while reinforcing the broader vendor view reflected in Oracle’s aggressive enforcement of its multiplexing rule.

Diageo was ultimately a case about middleware. The court concluded that even though Salesforce users never logged into SAP directly, the fact that their actions flowed through middleware into SAP meant they were using the SAP software. That reasoning — that “use” and “access” can reach through whatever sits in the middle — is exactly what makes AI agents a likely next battleground.

What’s Different Now: The AI Agent Fact Patterns

AI agents raise the indirect access problem in four distinct ways, and each one introduces contractual ambiguity the vendors have not resolved.

First, conversational assistants with ERP connectors. Microsoft 365 Copilot, ChatGPT with custom connectors, and similar tools allow a licensed user to query SAP or Oracle data and then redistribute the result to an unlimited audience. The licensed user pays for the license, but the practical beneficiaries may be hundreds of colleagues who never had a seat.

Second, agentic workflows that create transactions autonomously. Procurement-to-pay pipelines can match invoices to purchase orders and post documents into S/4HANA without a human in the loop. Under SAP’s Digital Access model, every posted document — sales order, invoice, purchase order, journal entry, and others — may be a countable event. An agentic pipeline can multiply a customer’s historical document volume many times over, and SAP’s published materials do not clearly exclude AI-generated documents from the count. Drafts, retries, and reversal entries only compound the issue.

Third, service-account connections in Oracle environments. A customer-service AI agent might use a single Oracle service account to answer billing or shipment questions on behalf of thousands of end customers. Oracle’s multiplexing rule, essentially unchanged for years, states that multiplexing does not reduce Oracle license requirements and that users at the multiplexing front end must still be licensed. On its face, that rule could be read to reach every one of those end customers — a potentially devastating position in an audit.

Fourth, retrieval-augmented generation pipelines. A common enterprise pattern now is to extract master data from SAP or Oracle nightly, embed it into a vector database, and answer employee questions from the vector store. Is the nightly extract the relevant “access” event — a single licensed pathway? Or does every downstream question count because the data originated in SAP or Oracle? The contract language usually does not resolve that issue, and a motivated vendor auditor can argue it either way.

The Vendor Silence Is Deliberate

SAP now offers Joule base capabilities at no additional cost, while pricing certain premium AI capabilities separately, including in some cases through consumption-based AI Units. Oracle has embedded hundreds of AI agents across its Fusion Cloud applications. Both vendors are actively marketing these capabilities. Neither vendor, however, has published clear guidance answering the licensing questions above.

That silence is a feature, not a bug. Ambiguous contract language is one of the most powerful tools a licensing team has in an audit. When the rules are unclear, the vendor gets to assert the most expensive reading first and negotiate downward from there. Customers that did not think to negotiate AI-specific language in their 2019 or 2022 renewals are the ones most exposed.

Why California Customers Have Leverage

California is home to a disproportionate share of enterprise SAP and Oracle customers, and California law gives customers several tools when a vendor tries to stretch pre-AI contract language to cover an AI deployment the parties never discussed.

Every California contract carries an implied covenant of good faith and fair dealing. Where one party holds discretionary power — as vendors often do when interpreting their own license terms — that discretion must be exercised reasonably and with proper motives. A vendor that assesses a multi-million-dollar compliance finding against a customer on a theory the parties never discussed at signing may face a substantial good-faith challenge.

California Civil Code section 1654 codifies the rule that ambiguous contract language is construed against the drafter. California courts apply that principle seriously, particularly in agreements drafted by sophisticated legal teams — and SAP and Oracle agreements are drafted by some of the most sophisticated licensing teams in the industry. Ambiguous words like “user,” “access,” or “multiplexing front end” belong to the vendor. If the vendor intended those terms to cover AI agents, copilots, downstream recipients, or vector-database architectures, it should have said so in the contract rather than for the first time in an audit demand.

California’s Unfair Competition Law, Business and Professions Code section 17200, reaches unlawful, unfair, and fraudulent business practices. It can be especially useful when a vendor changes its interpretation of the same contract language between customers or over time, or when audit conduct crosses the line into misrepresentation or concealment.

Finally, course of performance matters. If a vendor audited a customer in 2022 and did not flag an AI-enabled integration that was already in place, that audit history may support the customer’s interpretation of the contract and may strengthen waiver, estoppel, or course-of-performance arguments when the same vendor audits the same integration in 2026 and suddenly claims a compliance failure. Customers should be preserving audit history, support tickets, and account-team correspondence now, while memories are fresh, rather than scrambling later.

Getting Ahead of the Problem

There are a handful of practical steps every SAP or Oracle customer deploying AI agents should take before the first audit letter arrives.

Revisit your most recent vendor contract and study the definitions of “user,” “access,” “indirect use,” and — for Oracle — “multiplexing.” Where the language is silent on AI agents, that silence is both an argument for you in the short term and a redline target in the next renewal. If the vendor is offering a new AI product as an add-on, insist on written confirmation of how that product interacts with your existing license metrics before you buy.

Document your AI deployment architecture now. How does the agent connect? Who are the prompting users? What does the agent read, and what does it write? Which outputs create countable documents under Digital Access, and which are merely transient summaries? The time to build that file is before a vendor audit team builds it for you.

Treat vendor-native AI differently from third-party AI. SAP’s Joule and Oracle’s Fusion AI agents are the vendor’s own products. There is a strong argument that licensing a vendor’s AI features should come with bundled indirect-access rights for the downstream outputs those agents produce. That argument should be made in writing, and it should appear in the contract itself.

How Tactical Law Can Help

The intersection of AI deployment and ERP licensing is where two fast-moving areas collide, and the customers who will pay the least are the ones who start the conversation before the vendor does. Tactical Law advises enterprise customers on licensing strategy, audit defense, and contract negotiation across exactly these issues.

If your organization is deploying AI agents, copilots, or agentic workflows against an SAP or Oracle estate — and you have not yet had a conversation with outside counsel about what that means for your license position — now is the time.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.