Michael Keller's Blog

follow my thoughts and experiences

Drama, drama, drama

Published on

in

Tags: , ,

Reading time:

2–3 minutes

A document of barely one and a half pages of English text written in legalese, published by SAP SE, has caused quite a stir in recent days. Unfortunately, the reaction hasn’t been positive. As the well-informed reader will have guessed, it’s the document “SAP API Policy.”

Many members of the SAP community have already commented on this document across various platforms. Here are a few of my thoughts on it:

  1. In my experience, any document that considers the legal aspects of technological possibilities is somehow complicated. The SAP API Policy is no exception. Legal scholars sometimes view the real world differently than other disciplines, such as computer science. And vice versa. Added to this are the problems inherent in any language. Sometimes, the right words are simply lacking to express an intuitive or universally understood concept.
  2. Point 1) implies that everyone reads and understands the document differently. There is a certain degree of room for interpretation. This is not only due to the language or the chosen words, but also to one’s own experiences, against which everyone compares what they read and uses it to inform their understanding.
  3. I can roughly understand what published and non-published APIs are from the document. However, I would like significantly more clarity in the definitions of these two terms. Ideally, there should be an absolutely unambiguous criterion for determining whether an API belongs to the “published APIs” category. If this criterion is not present, the API automatically belongs to the “non-published APIs” category.
  4. The chapter “API CONTROLS” deals exclusively with APIs, regardless of whether they are published or non-published.
  5. The chapter “General API Controls” reveals the true issue: AI access to SAP software. This has already been a concern for many other software and platform providers (e.g. Medium and Stack Overflow). It’s high time SAP SE published a legal document on this. After all, the experiences of other companies regarding the (unwitting) use of their services by AI are far from positive. I can understand why.
  6. Regarding the chapter “MONITORING AND REMEDIES”: Hopefully, one never falls under false suspicion, for whatever reason. I don’t want to know how complicated it is to prove the opposite of an erroneously detected use of AI. Perhaps every employee in the company will have to prove they’re not AI if they’re under suspicion. At least 5 correctly solved CAPTCHAs in under 10 seconds. It’s supposed to be a challenge, after all.
  7. I find the chapter on “COMPLIANCE” more than interesting. In my opinion, the data generated by an SAP SE customer using their software belongs to that customer. They might want to use the data in connection with AI. But how?
  8. I still have many questions about the document. From past experience, I know that much has been written about it, but in practice, things are often different. I’m curious to see what happens.
read more blogs about