The control-plane battleground.
Every major vendor now ships a control plane and calls it theirs. They all do the same five jobs. The fight isn’t capability. It’s posture. Here’s the field on one map.
All four cover the same five jobs. Three stay open. SAP can close the gate on its own data. The difference is never capability. It’s posture, and where each one is anchored. That’s the map below.
The seven planes, by posture.
Two axes tell the whole story. Up–down is posture: open routes to anyone, gated routes others through its own governed pathway (a gate on data, not a wall on agents). Home-field advantage is a spectrum, not a binary. Left–right is what it’s anchored to: your own infrastructure, or a vendor’s system of record.
SAP — gated
Gated · mediatedNot a wall on agents. A gate on raw data. Third-party agents (Copilot, Agentforce, ServiceNow, Vertex, Bedrock) can natively invoke Joule agents via A2A, and the AI Agent Hub already has 680+ partner submissions. What SAP gated is direct raw-data API access: from Apr 2026, agentic data access must route through an endorsed pathway (Joule Agents, the Integration Suite MCP Gateway, Business Data Cloud, the A2A Gateway) that SAP defines, governs and meters.
The real case (Herzig, Sapphire): raw SAP tables without the semantic layer are dangerous for an agent to act on. Routing through Joule guarantees business context, SAP's deep authorization and segregation-of-duties model, and an audit trail a third-party plane hitting the raw API would bypass.
Forrester: “SAP is attempting to become the gatekeeper of enterprise AI — CIOs should push back.” Gartner calls it 'Indirect Access 2.0': Digital Access licensing meters AI interactions by document count, so the mediation also monetises and locks in. DSAG, the user group, formally objected.
The positive read: For an SAP-centric estate this can be a feature, not a trap: Joule + the AI Agent Hub + Business Data Cloud can be your central governed hub across SAP and non-SAP agents. A pure-SAP control plane is a legitimate, even attractive choice, as long as your rubric stays portable and outside it.
Read the map. Almost everyone clusters in the open band, piling up over the same five jobs. SAP sits lowest. It’s the one plane that routes third-party agents through its own governed, metered pathway rather than opening raw data access. It’s a gate, not a wall, and home-field advantage is a spectrum (ServiceNow and Salesforce privilege their own agents too, with softer friction). For a large estate, you’ll run more than one: a neutral hyperscaler substrate, a fabric over each system of record, an open identity layer across them. Not one winner.
The map above is one floor of the building: governing agents once they’re running. There’s a second floor above it, and the same phrase, “control plane”, hides it. Watch the word, not the slide.
Make the software & the agents
How software gets made: requirements → blueprints → work-orders → tests, handed to coding agents. Some call this a “control plane” too. Different floor.
The prize here: the codebase IP and hosting can stay with the vendor.
Govern the agents doing the work
The five jobs (registry, identity, routing, governance, kill-switch) run over agents in production. Open vs gated, anchored to your system of record.
The prize here: your data, routed through a vendor’s governed pathway.
Your knowledge
The allocation (what should be an agent’s call at all) plus the rubric (what “right” means in your business) plus your codified knowledge. No vendor on either floor can write it. It’s yours in either fight. Keep it portable, and it survives both.
Same word, two floors. 8090 calls its product a “control plane” too, but it governs build-time (how software is made), not the run-time layer that governs agents doing your work. Map it onto the floor below and you miscategorise it. Verified: under 8090 Enterprise, 8090 retains the codebase IP and hosting. That’s a live “make sure your knowledge isn’t the prize” case. (An alternative model where the client keeps full IP is unverified, so treat it as an open question.)
Pick the system of record that dominates your estate. The read changes with it. One thing holds across all five: keep your rubric, the rule for whether an agent’s answer is right in your business, portable and outside the vendor’s runtime.
You'll likely govern SAP-data agents through Joule, and you can. But SAP's gated posture shapes your options (its API terms can keep other vendors' agents off SAP data), so run a neutral plane (a hyperscaler) for your non-SAP agents rather than routing everything through SAP.
Don’t let codified knowledge that lives inside Joule become SAP lock-in. Keep your rubric portable and outside the runtime.
Every plane on this map decides whether an agent may act. Almost no one has done the harder, earlier work: deciding what should be an agent’s call at all, and what stays in your people’s hands.
That boundary is the asset. The control plane just enforces it.
You cannot govern a decision you haven’t yet decided belongs to an agent. So the allocation comes first, and the rule for whether an agent’s answer is right in your regulated domain comes with it. That’s the layer beneath the fight. It sits prior to every vendor on this map, and it’s yours.
Whoever wins the control-plane fight, make sure your knowledge isn’t the prize.
Grounded in our verified control-plane corpus (corpus-control-plane-2026-06-15.md, adversarially checked: zero fabricated entities). Sources: the nine majors, the five jobs, the open rails (MCP → Linux Foundation 9 Dec 2025 · A2A v1.0 Apache-2.0 Mar 2026) · Forrester three-plane architecture · Gartner: $550B by 2029 to providers that prove execution.