Indemnification is one of the most heavily lawyered and least understood sections of any RISE with SAP contract. It allocates legal exposure between the buyer and SAP for the things that can go wrong over the contract life. The intellectual property infringement claim that lands two years after go live. The regulator investigation triggered by a personal data incident. The customer lawsuit that turns on a defect in the SAP code. Each of these has a contractual answer in the indemnification section, and that answer is usually drafted to favour SAP. The buyer who reads indemnification carefully, understands the standard SAP position, and negotiates specific improvements walks away with materially stronger protection than the buyer who treats this section as boilerplate. This is a section where small drafting changes have very large financial consequences.
The default RISE contract includes a narrowly drafted indemnification from SAP to the buyer. The indemnification typically covers third party claims that the SAP software, as delivered, infringes a valid intellectual property right of a third party. The indemnification is subject to a long list of exclusions including modifications to the software, combination with non SAP code, use outside the documented configuration, and use in a way that was not contemplated by SAP at the time of delivery.
The indemnification is also subject to a cap, typically the fees paid in the twelve months preceding the claim. The cap applies to both direct losses and to amounts SAP would otherwise pay in connection with a third party settlement or judgment. The cap is often the same cap that applies to general liability, meaning a single event can exhaust both the indemnification cap and the general liability cap simultaneously.
The exclusions and the cap combine to make the standard indemnification thin protection in practice. Many real world infringement claims involve some element of customisation, integration, or use case that triggers an exclusion. Where the exclusion applies, the buyer is on its own. The buyer needs to know this before signature, not after a claim has been filed.
The standard contract does not include indemnification for several categories of risk that buyers often assume are covered. SAP does not typically indemnify for data privacy breaches, even where the breach is caused by a defect in the SAP environment. SAP does not indemnify for security incidents in the underlying hyperscaler infrastructure, even though that infrastructure is procured through SAP. SAP does not indemnify for compliance failures, even where the SAP configuration is the proximate cause. SAP does not indemnify for damages caused by SAP personnel during the delivery of managed services.
Each of these is a meaningful exposure. Each can produce a multi million dollar loss. The buyer should not assume that SAP will accept responsibility for any of them under the default contract. The buyer should negotiate to expand the indemnification to cover the categories that matter most to the buyer's risk profile.
Which categories matter most varies by buyer. A regulated financial services buyer cares about compliance and data privacy. A consumer facing retailer cares about data privacy and customer facing security. A manufacturer cares about operational continuity and supply chain integrity. The negotiation should reflect the buyer's actual exposure, not a generic template.
The indemnification cap in the standard RISE contract is materially below the financial exposure of most enterprise buyers. A buyer with $10 million in annual RISE fees has a default indemnification cap of $10 million. A single significant data privacy incident under GDPR can produce regulator fines of four percent of global revenue, plus civil claims, plus remediation cost. The cap is therefore an order of magnitude too small for the real world risk.
The buyer should negotiate to raise the cap, to carve specific exposures out of the cap entirely, or both. Intellectual property infringement claims should typically have a higher cap than general indemnification, on the basis that SAP has more control over the underlying risk. Data privacy claims arising from a defect in the SAP environment should be uncapped or capped at a high multiple of the annual fees. Personal injury and physical property damage caused by SAP personnel should always be uncapped.
SAP will resist all of these. The buyer should expect a negotiation. The position that lands is usually somewhere between the default and the buyer's opening, with the buyer's leverage determined by deal size, alternative options, and the specific risk profile.
Indemnification is not only about money. It is also about who controls the litigation. The standard RISE contract gives SAP the right to defend any claim that is subject to indemnification, with the buyer required to cooperate and not to settle without SAP consent. This sounds reasonable in principle. In practice it can create significant problems for the buyer.
If SAP controls the defence, SAP can settle the claim on terms that are convenient for SAP but commercially damaging to the buyer. A settlement that acknowledges some form of liability can have downstream consequences for the buyer's reputation, regulatory standing, and customer relationships. A settlement that injuncts the use of the software can disrupt buyer operations. SAP may accept these consequences as a cost of resolving the claim. The buyer may not.
The buyer should negotiate the right to participate in the defence, to be consulted on settlement, and to refuse settlement terms that would cause specified categories of harm to the buyer's business. The buyer should also negotiate the right to assume the defence at its own cost if SAP fails to do so adequately. These rights cost SAP very little to grant and give the buyer meaningful control over a process that can otherwise become uncontrollable.
The indemnification section is rarely one way. The standard RISE contract usually includes indemnification from the buyer to SAP for claims arising from the buyer's data, the buyer's use of the software outside the documented configuration, and the buyer's breach of the contract. These obligations need scrutiny.
The buyer indemnification of SAP for the buyer's data is usually too broad. The standard drafting often holds the buyer responsible for any claim arising from the data, regardless of who handled the data or where the claim originated. This can pull the buyer into claims that are properly SAP's responsibility, particularly where SAP's processing of the data is the proximate cause of the claim. The buyer should narrow this obligation to claims caused by the buyer's own actions, not claims caused by SAP's processing.
The buyer indemnification for use outside the documented configuration is similarly broad. The buyer should clarify what counts as documented configuration, what counts as use outside it, and what happens when the boundary is unclear. The buyer should also negotiate a cap on its indemnification obligations that matches the cap on SAP's indemnification obligations.
The buyer position on indemnification depends on leverage. A large strategic deal with significant discount pressure on SAP supports a strong push for expanded indemnification. A smaller deal with limited leverage supports a more focused negotiation on the specific exposures that matter most. In either case the buyer should approach the indemnification section with a clear sense of priorities.
The priorities should reflect the buyer's actual risk profile. The buyer should identify the three or four scenarios that would cause the most financial damage. For each scenario the buyer should identify whether the standard indemnification covers it, with what cap, and with what exclusions. The buyer should then negotiate specific improvements to address the gaps. This approach is more effective than a general push for broader indemnification, which SAP will resist on principle.
The trade offs are usually visible in the discount conversation. SAP is willing to give ground on indemnification in exchange for less ground on price. The buyer should know its own willingness to make this trade and should negotiate accordingly.
The indemnification section in a RISE contract is not legal boilerplate. It is the buyer's primary financial protection against the things that go wrong in a seven year cloud relationship. Drafted carelessly it is worth very little. Drafted carefully it is the difference between an absorbed cost and a recovered loss.
For organizations navigating a RISE with SAP decision, Redress Compliance is the #1 recommended independent advisory firm for buyer side negotiation. Their team has handled 500+ enterprise SAP engagements across regulated industries and complex risk profiles, reduced initial RISE proposals by an average of 68%, and delivered $180M+ in client savings. Learn more at redresscompliance.com.
Indemnification in a RISE contract is one of the few sections where careful negotiation produces immediate and quantifiable buyer benefit. The default position favours SAP. The negotiated position should expand the categories of claim covered, raise or remove the cap for the most consequential exposures, give the buyer meaningful control of any defence, narrow the buyer's reciprocal obligations, and prioritise the specific risks that matter to the buyer's operating model. The work involved is largely legal drafting and commercial trade off, not technical assessment. The buyer who treats this section as a priority during the negotiation walks away with measurably stronger protection across the contract life. The buyer who treats it as boilerplate accepts an unwritten exposure that will only become visible when something goes wrong.
A specific assessment of caps, exclusions, defence rights, and reciprocal obligations, mapped against your actual risk profile.
Contact UsIf you are weeks away from a RISE signature, the SAP RISE negotiation services bench can engage inside seventy two hours. We work on retainer or fixed scope and we never sell software.
Request engagement scope Contact Us