The enterprise AI conversation in 2026 has moved decisively from generative AI — the co-pilot model, where humans prompt and AI responds — toward agentic AI: autonomous systems that take actions, make decisions, and interact with other software systems on behalf of users or organisations. The business case for agentic AI is compelling. The operational efficiency gains from AI agents that can orchestrate workflows, process transactions, and manage integrations without human intervention are real and significant.
What is not being discussed, with anything like equivalent energy, is the software licence risk that agentic AI creates. Specifically: when an AI agent interacts with enterprise software systems — SAP, Oracle, Salesforce, Microsoft, ServiceNow — those interactions may trigger licence requirements that the vendor considers billable, and that most organisations have not accounted for in their licence position.
The Indirect Access Problem, Amplified
The concept of indirect access — the idea that a system or user that accesses enterprise software data through an intermediate layer, rather than directly through the licensed interface, may still require a licence — is not new. SAP has litigated indirect access disputes, Oracle has included digital access provisions in its licensing terms, and Salesforce has built API access licensing into its commercial model for several years.
Agentic AI amplifies the indirect access problem in ways that are qualitatively new. A traditional indirect access scenario involves a specific integration between two defined systems, with a predictable and auditable data flow. An AI agent scenario involves a system that may interact with dozens of enterprise applications, in ways that vary based on the tasks it is executing, at a frequency and scale that may be orders of magnitude higher than traditional integration scenarios.
The result is that the indirect access exposure generated by a single AI agent deployment may be substantially larger than any traditional integration — and far harder to quantify, because the access patterns are dynamic rather than fixed.
How the Major Vendors Are Approaching This
SAP
SAP introduced its AI Foundation and Business AI capabilities as integrated components of the SAP Business Technology Platform. From a licensing perspective, AI capabilities that are accessed through the standard SAP user interfaces are generally covered by existing user licences. The risk emerges when AI agents access SAP data or trigger SAP transactions through APIs or custom integrations outside of the standard licensed pathways. SAP’s indirect access framework — which was significantly revised following high-profile disputes in earlier years — applies to these scenarios, and the commercial implications can be significant.
Oracle
Oracle’s approach to AI and licensing is characterised by a broad assertion of licence requirements for any access to Oracle data or capability, regardless of the access method. Oracle’s licensing policies on cloud and virtual environments have consistently been interpreted in the most expansive possible way, and there is no reason to expect a different approach to AI-driven access. Organisations deploying AI agents in environments that include Oracle databases or applications need to assess their indirect access exposure with the same rigour they would apply to any other integration.
Salesforce
Salesforce has introduced specific licensing provisions for AI and automation scenarios through its Agentforce platform. These provisions are, in some cases, designed to enable AI-driven access through a defined commercial model rather than to prohibit it. However, the commercial terms of Agentforce — including its consumption-based pricing and the relationship between Agentforce usage and existing Salesforce licence entitlements — are complex and require careful analysis before deployment.
Microsoft
Microsoft’s approach to AI licensing through Copilot and Azure OpenAI is primarily consumption-based, which provides reasonable cost predictability for direct AI tool usage. The risk for agentic scenarios lies in the interaction between AI agents and Microsoft 365 or Azure services where the access patterns may exceed what is covered by standard user licences, or where Power Platform automation interacts with third-party systems in ways that trigger additional licensing requirements.
Building a Pre-Deployment Assessment Framework
The appropriate response to this risk is not to avoid agentic AI deployment. The business case for these technologies is real, and organisations that do not engage with them will fall behind. The appropriate response is to build a commercial assessment into the AI deployment process — before the agent is deployed, not after the vendor sends an audit notice.
That assessment has three components. First, a mapping of every enterprise software system the proposed AI agent will interact with, including the nature of that interaction (read, write, transaction initiation, data extraction) and the commercial framework governing access to that system. Second, an evaluation of how the relevant vendor is likely to characterise that interaction — as covered by existing licences, or as requiring additional entitlement. Third, a commercial strategy for each system where additional entitlement may be required, whether through pre-negotiation of AI access terms, architectural choices that route interactions through licensed pathways, or renegotiation of existing agreements.
The EU AI Act provides a useful risk classification framework for AI agent deployments that also informs the commercial assessment: higher-risk AI applications are more likely to attract regulatory scrutiny, but they are also the applications where the scale and commercial implications of software access are greatest. The Act’s provisions on high-risk AI systems are relevant both for regulatory compliance and as a risk-weighting framework for the commercial assessment.
The broader enterprise context for this issue is captured in McKinsey’s State of AI research, which notes that most organisations are still in the early stages of scaling AI from pilots to enterprise-wide deployment. The organisations that do this most successfully will be those that have integrated the commercial and compliance dimensions of AI deployment into their adoption processes — not as an afterthought, but as a core component of how they scale.
Conclusion
Agentic AI is not a future risk. It is a present one, and it is accelerating. The organisations that treat the commercial assessment as an integral part of AI deployment — not a compliance afterthought — will realise the efficiency gains that agentic AI promises without the unexpected licence exposure that unmanaged deployment creates. The commercial frameworks governing enterprise software were not designed with AI agents in mind. Understanding that gap, and managing it proactively, is the work that separates AI leaders from AI liabilities.
