The German software giant avoided criminal charges, but will pay $8 million to settle the case brought by the Department of Justice.
Between 2010 to 2017, SAP provided more than 20,000 software updates, including security fixes, to users in Iran and allowed other customers to access U.S.-based cloud services. Senior executives at SAP were aware of the downloads, per the agency.
The violations were a result of acquisitions SAP made that "lacked adequate export control and sanctions compliance processes," according to the DoJ. Since the breaches were discovered in 2017, SAP has spent $27 million on new compliance safeguards.