This summary reflects remediation updates from the findings noted by the third-party auditor in the SAP Ariba and SAP Business Network SOC 2 Audit Report, covering the performance period of April 1st, 2024 through March 31st, 2025.

The information in this document is confidential and proprietary to SAP and may not be disclosed without the permission of SAP.

Except for your obligation to protect confidential information, this document is not subject to your license agreement or any other service or subscription agreement with SAP.  SAP has no obligation to pursue any course of business or actions outlined in this document or any related document or develop or release any functionality mentioned therein.

Nothing contained in this communication shall be deemed to create a requirement that any controls remain in effect at any point in the future. This communication shall not and should not be interpreted to imply that SAP was required (except to the extent expressly required under the terms of the applicable agreement) to have any of such controls in effect during any specific period identified herein. Further, this communication shall not be deemed to modify or append any of SAP's requirements and/or obligations under any applicable agreement.

Furthermore, this document, or any related document, and SAP's strategy and possible future developments, products and or platforms directions and functionality are all subject to change and may be changed by SAP at any time for any reason without notice. The information in this document is not a commitment, promise or legal obligation to deliver any material, code, or functionality. This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. This document is for informational purposes and may not be incorporated into a contract. SAP assumes no responsibility for errors or omissions in this document, except if such damages were caused by SAP's intentional or gross negligence.

Any reference to remediation is SAP’s internal assessment that will be submitted to its auditor for review, testing, and validation. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied upon in making purchasing decisions.