SAP GRC 2026 Strategy and Updates 

GRC isn’t going anywhere — it’s Evolving 

SAP GRC is entering a new chapter — and not because it’s being replaced or phased out. On the contrary: with the announcement of SAP GRC 2026, the suite is evolving with a clear roadmap, extended support, and meaningful innovations. From enhanced user interfaces to AI-driven features and improved integration across components, the future of GRC is being built on a stronger, smarter foundation. 

We will keep the SAP GRC community updated in this post by summarizing the most important sources and details regarding SAP’s strategy, upgrade and migration paths, and features. 

SAP Sources

Blog: Understanding SAP’s Product Strategy for Governance, Risk, and Compliance (GRC) Solutions 

If you’re still seeing conflicting messages in the market — you’re not alone. To cut through the confusion, SAP shared an in-depth breakdown on the official SAP Community blog, setting the record straight. 

Webinar: “What’s New in SAP GRC 2026” on May 27th 4 pm CET 

On May 27th, 2025, Rohit Hotwani and Jatin Grover from SAP shared the GRC 2026 release update with customers and partners. It was a great opportunity to learn important details directly from SAP’s solution management and to ask questions. You can watch the full recording here:

Webcast series: On August 21st, 2025, Gero Maeder from SAP delivered another key update within this series, presenting new features in SAP GRC components, further strategic direction for GRC 2026 and highlighting implications for customers. More details (recording and slides) on this session, as well as other Security-related webcasts can be found here:

SAP GRC 2026 Deep Dive : SAP hosted the SAP GRC 2026 Deep Dive webcast series in October. The first session highlighted Process Control, showcasing enhanced automation, monitoring, and compliance. Subsequent sessions on Risk Management, Audit & Compliance, and Access Control featured insights from SAP experts.

Joint Webinar by SAP SE and Riscomp on September 16, 2025: Master Data Governance in SAP GRC – Best Practices and GRC v.2026 Considerations

SAP GRC 2025: Migration Path and New Features

We have summarized the key moments and roadmap highlights from the SAP GRC 2026 webinars so far, covering both the upgrade path and planned innovations across Process Control and Risk Management.

Migration & upgrade path:

• Customers already running SAP GRC on HANA will need to migrate to the GRC 2026 release. Technical details will be shared by SAP at a later stage.
• In case an SAP GRC instance has to be moved, master data will have to be migrated. Framework Update Apps help achieve this.
• Customers running SAP GRC not on HANA must first switch licensing and perform a HANA DB migration before upgrading to the GRC 2026 release.
• Fiori UI: WebDynpro technology will still be supported, and the same functionality as in previous releases can be used. However, WebDynpro applications will have to be launched from Fiori Launchpads. NWBC Launchpads will no longer be supported.

What to expect – planned innovations:

• CCM Updates: SAP IS (Integration Suite) can be leveraged.
  • Benefit: integration capability for SAP BTP and other applications, incl. non-SAP.
• Flexible Workflow Configuration: MSMP-based workflow configuration introduced for Process Control and Risk Management.
  • Benefit: Greater flexibility and consistency in workflow setup and maintenance.
• AI Support (Joule): Generative AI integrated into CCM and KRI for creating data sources, business rules, and scripts.
  • Benefit: Faster scenario design, automated recommendations, and tailored insights.
• Asset Entity: New asset entity for Risk Management and BCM/Cyber Intelligence, with API integration.
  • Benefit: Define and link assets with Risk Management objects, enabling integration into Business Continuity Management processes.
• Fiori Inbox: one unified inbox for all tasks (e.g. in case of using SAP workzone) can be used.
  • Benefit: better user experience, less fragmentation in daily work of SAP users.
• Self-Diagnostic Cockpit: No more switching between SWIA, SWI1, GRPC_AS_REORG, SCMG_CASE_ATTR, and Planner Monitor, all in one place – a self-diagnostic utility to solve the problem.
  • Benefit: All diagnostics are now centralized in one place – an integrated utility for identifying and resolving issues efficiently.
• Integration with the Regulatory Insights application on SAP BTP for Compliance and Oversight
  • Benefit: Enhanced regulatory alignment with the latest legal developments.
• NIST Content: Integration to support the NIST (National Institute of Standards and Technology) risk management framework.
  • Benefit: Provision respective risk taxonomy aligned with the NIST framework.
• GRC 2026 Components: In addition to components SAP Access Control, SAP Risk Management, and SAP Process Control, the new release of SAP GRC suite will also include SAP Audit Management, SAP Tax Compliance, SAP Business Integrity Screening, SAP UI Data Protection Masking, and SAP UI Data Protection Logging.

[ * ] – Read disclaimer from SAP Presentation