Between 2010 to 2017, SAP provided more than 20,000 software updates, including security fixes, to users in Iran and allowed other customers to access U.S.-based cloud services. Senior executives at SAP were aware of the downloads, per the agency.
The violations were a result of acquisitions SAP made that "lacked adequate export control and sanctions compliance processes," according to the DoJ. Since the breaches were discovered in 2017, SAP has spent $27 million on new compliance safeguards.
Joe Williams is a senior reporter at Protocol covering enterprise software, including industry giants like Salesforce, Microsoft, IBM and Oracle. He previously covered emerging technology for Business Insider. Joe can be reached at JWilliams@Protocol.com. To share information confidentially, he can also be contacted on a non-work device via Signal (+1-309-265-6120) or JPW53189@protonmail.com.