API Policy: Is Your Supply Chain Ecosystem SAP Compliant?

For years, supply chain organisations have been connecting SAP to a significant network of visibility platforms, demand planning tools, carrier networks and more. 

It was previously connected to anything that worked, but SAP's new API policy calls into question how many legacy systems meet today's standards.

The v4/2026 policy standardises the use of application programming, interfaces and more.

SAP's new rules

The release of API Policy v4/2026 means that only published APIs can be consumed, disallowing the use of internal, private or non-published APIs. The APIs which are not published – and listed on SAP Business Accelerator Hub – are at risk of being changed or removed by SAP without any notice. 

This also reflects the move by SAP to explicitly prohibit API use for interaction with third-party agents, unless the interaction has been routed through SAP-endorsed models. As a result, leaders are now questioning how much their supply chain landscape would be upheld amid an audit, and whether or not upgrades need to take place.

The policy covers all non-published APIs, which includes RFC calls, BAPIs and routes which have been the backbone of many supply chain data flows. All third-party AI tools which have been applied to SAP data need to be reviewed against the new policy. It helps avoid 'backdoor' risks, where businesses have been using undocumented APIs to run. This will encourage greater compliance and transparency across the supply chain network.

It is also a move towards further integration of SAP tools across supply chains – through this policy, the company is aiming to direct the AI value chain more towards BTP and Joule, rather than in external tools. 

Supply chain concerns

Though SAP argues this is a positive thing, stating that it is taking place to ensure solution health, many have criticised it for jeopardising its customers planning capabilities.

The German-Speaking SAP User Group (DSAG) has voiced its concerns regarding the new policy, claiming that it limits how innovative customers can be. 

“For SAP-to-non-SAP scenarios, this means that reliable support is only available where SAP has explicitly published and documented the underlying interfaces,” explains Jens Hungershausen, DSAG Chairman.

Customers are seeking further clarification on reliable framework and impact assessments. Though SAP argues this policy is clear and efficient, businesses are concerned on the impact this will have on their supply chains. Many organisations have supply chains which were built years ago, when regulations were thinner and the published APIs had less availability. 

Leaders are also demanding further transparency regarding pricing models, as SAP's policy aims for a fair-use model. The customer needs clarity as it adapts to the new policy, especially to avoid becoming legally vulnerable in the midst of change. 

As companies work to change their API status, they need to be careful to avoid service interruptions and legal risks, all while maintaining innovation capacity and compliance.

“The question is which interfaces are used in the partner solutions," explains Jens.

“That is why it is essential that SAP grants customers more time for the transition."

Global disruption

Global giants like Maersk and Nestlé have integrated SAP into their ecosystems, utilising it across their expansive, global networks. Maersk has been using SAP S/4HANA to improve, standardise and automate its global logistics operations. As much of this took place before the SAP policy, it needs to examine its integration estate to understand whether it meets SAP's regulations. 

As Nestlé has one of the biggest SAP environments in the FMCG sector, applied across its procurement, manufacturing and distribution, the company connects SAP to third-party demand planning systems and external logistics partners. 

As a result, it is highly likely that its immense network includes some non-compliant integrations. Therefore, it needs to undergo a remediation programme and prepare itself for disruption during this time. 

"It's time to play by the official rulebook," explains Ricardo Resendiz, Specialist Senior (SAP Development) at Deloitte.

"If your company relies on custom-built integrations or third-party software connecting to SAP, a quick audit to ensure you are only using official APIs is highly recommended to prevent surprise breakages down the line."

For businesses of all sizes, this new policy could mean disruption across supply chains.