Skip to content
← All insights

RISE with SAP: what the contract actually covers, what stays on your plate, and how to negotiate the scope

Why this needs an honest assessment

RISE with SAP is, in SAP’s own framing, its offering to move mission-critical core systems to the cloud, with the components brought together into a single contract. A single contract is genuinely useful: one commercial counterparty, one accountability line for infrastructure and technical operations. But a single contract also invites a single mental model — “SAP runs it now” — and that model is where budgets go wrong. What follows keeps two things separate on purpose: what SAP itself states is included (SAP’s words), and what independent analysts say remains the customer’s responsibility and cost (their analysis, attributed as such).

What SAP says is in the bundle

From SAP’s own announcements, the bundle centers on SAP S/4HANA Cloud Private Edition as the ERP foundation, with SAP Enterprise Cloud Services providing technical managed services, and SAP taking more accountability for customers’ SAP systems. Infrastructure runs on hyperscalers — AWS, Google Cloud, Microsoft Azure — with SAP managing that relationship as prime contractor.

Around the core, SAP’s stated inclusions have grown with each repackaging: Business Technology Platform credits, a Business Network supplier portal, Signavio and LeanIX process-and-architecture tooling, and onboarding tooling — Readiness Check, Cloud ALM, Enable Now — plus expert activation support. Since mid-2024, SAP has stated that all RISE customers get Joule, its AI copilot natively integrated into S/4HANA Cloud, plus SAP AI units for piloting; Premium tiers add low-code development, generative AI capability, a CFO suite, Datasphere and Analytics Cloud for planning, and the 2025 private package names SAP Build, HANA Cloud, Master Data Governance, Enterprise Service Management and Taulia among included capabilities.

Two observations before the other side of the ledger. The bundle’s contents have changed materially across 2022, 2024 and 2025 announcements — so “what’s in RISE” is a dated question, and your contract’s answer is the service description attached to your order form, not a press release. And note what the inclusions above are: products, platforms, credits and tooling. What they are not is your project.

What independent analysis says stays with you

Security researchers at Onapsis, analyzing RISE’s shared-responsibility model, put the boundary bluntly: SAP applies technical patches to the operating system and standard database, while the customer retains 100% responsibility for securing everything inside the application — including all user provisioning, role and segregation-of-duties management; the security, compliance and performance of all custom code; assessing, requesting and validating application-level patches; and classifying and protecting business data. That is their analysis, not SAP’s marketing — and it is the single most important paragraph in this article for anyone budgeting a RISE operating model.

There is an honest tension here worth naming rather than smoothing over: SAP’s own 2022 description of Enterprise Cloud Services mentions application management services within the bundle, while independent assessments consistently describe the delivered scope as technical operations, with the functional and application layer remaining the customer’s. We do not assert that functional AMS is contractually excluded — we could not verify the definitive service description document (see flags). The defensible planning position is the analysts’: treat functional support, custom-code ownership and role governance as yours until your contract explicitly says otherwise.

On service levels, trade press reporting of Gartner analysis notes that RISE’s standard uptime SLA of 99.7% sits below the roughly 99.9% industry standard, and that service requests can lack committed completion times — attributed to Gartner analyst Alessandro Galimberti via The Register. Clean-core discipline has a cost side too: practitioner commentary warns that RISE is not designed to expand outside a clean-core environment, and highly customized estates will notice inefficiencies, while independent reviewers note that clean-core mandates often require rewriting or eliminating custom code — a cost the customer absorbs — and that under brownfield migrations the customer remains responsible for upgrading to stay supported.

The costs CFOs miss

Four commercial mechanics recur across independent analyses — none of them line items on the RISE order form:

How to negotiate the scope

The pattern in everything above is that RISE’s headline is fixed and its boundary is negotiable — so negotiate the boundary. Get the service description document for your specific package and walk its inclusion list against your current operating model, task by task; every task on neither list is yours by default. Price the retained scope (roles and SoD, custom-code remediation, application patching validation, functional support) as part of the business case, not as a post-signature discovery. Model BTP consumption and digital access before signature, when they are negotiating levers rather than invoices. Ask for SLA terms and service-request commitments in writing against your availability requirements. And treat exit terms — data egress, end-of-term options — as a day-one question; it is the one with the least public documentation and therefore the most contract-specific risk.

RISE with SAP is neither the outsourcing deal its single contract implies nor the trap its critics describe. It is a technical-operations bundle with a negotiable boundary — and the buyers who do well are the ones who price what stays on their side of it before they sign.

Sources

# URL Publisher
1 https://news.sap.com/uk/2022/08/what-is-rise-with-sap/ SAP (official, 2022)
2 https://news.sap.com/2024/07/ai-available-rise-with-sap-commercial-packages/ SAP (official, 2024)
3 https://news.sap.com/2025/04/sap-cloud-erp-private-package-accelerate-transformation/ SAP (official, 2025)
4 https://onapsis.com/blog/rise-with-sap-and-the-shared-responsibility-model/ Onapsis (Tier-B, security research)
5 https://www.theregister.com/2025/05/08/gartner_research_rise_with_sap/ The Register, citing Gartner analyst (Tier-B)
6 https://www.cio.com/article/480408/making-sense-of-sap-rise-4-key-considerations.html CIO.com / Chip Hanna (Tier-B)
7 https://www.riministreet.com/blog/10-things-cios-should-know-about-rise-with-sap/ Rimini Street (Tier-B, vendor-adjacent)
8 https://redresscompliance.com/sap-rise-negotiations-a-guide-for-cio-and-procurement.html Redress Compliance (Tier-B, licensing advisory)
9 https://www.sap.com/products/erp/rise.html + RISE Service Description Guide PDF SAP (official)

← Back to the Knowledge Center

Talk to us about your SAP estate.

Thirty minutes, one process, an honest read. No deck, no obligation.