The pricing paradox of agentic SaaS: What to do about tollgating?

Why this moment is different

This is not entirely new behavior. Data portability and access rights have long been buried in contract fine print. What is new is enforcement: Tollgating is moving from contractual theory to commercial reality. Enterprises that built their AI and analytics strategies on open data access assumptions are now discovering unexpected costs mid-program. This represents a category of financial risk that most tech budgets and AI business cases simply did not model and uncertainty on how to proceed confidently in a fast-changing market.

On the one hand, companies are being hit with unexpected costs, changing service agreements and threats for non-compliance. On the other side, SaaS companies are undergoing their own agentic transformation and are under significant market pressure to quickly monetize AI capabilities. While pricing models and rules around data access will likely evolve as the market decides what it will tolerate, enterprises should consider making tech strategy decisions now that triangulate cost, architecture resiliency, and their partner ecosystem.

Many C-suite leaders across industries are acutely aware of this dynamic and are rethinking their tech strategies, architecture, data management, and sourcing models for both short- and long-term success. The challenges AI introduces may require a redesign of enterprise structures and contracts to prepare for an agentic future.

What enterprise architecture paradigms are emerging for agentic SaaS?

Deloitte’s Global Executive Technology Leadership Survey 2026 finds two dominant methods for bringing system of record data into agentic architectures: (1) embedding agent solutions within the system of record (SOR) and (2) using agent orchestration APIs above the SOR via a Model Context Protocol (MCP) layer. The data reflects two system archetypes emerging: one open and composable, and another platform-first where platform ownership offers significant competitive advantage and tollgating has the potential to be most disruptive.

Many providers are trying to reassure customers that they can join the agentic era without tearing out incumbent systems. In this archetype, protocol openness and interoperability have become fundamental; SaaS vendors are trying to turn this interoperability into a governed, high-value production system without surrendering control. ​Yet, as many enterprises are already experiencing, that same openness can become expensive and hard to predict.

As providers create centralized control planes using headless API architectures, features like control towers, gateways, registries, and approval workflows help standardize how agents access systems. Some organizations view this as an advantage, with systems of record providing critical context for agents. An aerospace and defense executive noted that changing ERP user interactions will take time but believes enterprise AI's future lies in embedded models within core platforms, stating they'll buy directly from platform vendors instead of frontier model providers.¹

These architecture decisions should become intentional choices enterprises make at every single layer of the technology stack and re-evaluate frequently based on shifting business and market contexts. Today, the issue is data access costs, but tomorrow it may be something else.

How can organizations maintain data ownership rights as data access costs and architectural approaches shift?

Deloitte’s TMT Predictions anticipated new cost models for agentic SaaS solutions, which enterprises should consider as these solutions evolve. SaaS providers already offer new pricing options, and enterprises should understand how those models could reshape solution design and ownership decisions. When asked about changes to pricing structures, one chief financial officer of a CRM provider stated, “There is going to be some form of fixed and variable pricing structure. In our world, that looks like seat-based and consumption … but the gap that still exists is with the customers and their willingness or ability to pay.”²

Against this backdrop, a common theme emerges across enterprise platforms (such as CRM, ERP, HCM, and ITSM). Enterprise software prevails as the system of record, while agentic orchestration built on semantic data, context, and tool foundations is being explored as a way to unlock the true value of AI. Core platforms remain critical, but AI is unbundling the stack into contestable layers. That puts a premium on the assets enterprises can control: data quality, context, and regulatory requirements are the moats to defend. However, there’s no uniform approach that works for every organization.

If enterprises want to own their AI orchestration layer (the platform that in essence controls AI communications, decisions, and governance), AI tollgating policy and pricing shifts bring real architectural implications. In many cases, the organization’s own data must move from the system of record through vendor-approved pipes and endpoints before it can be used by the organization’s AI models, which gives the vendor a gatekeeping role over access and can create additional cost. That makes data strategy and architecture an intentional choice for the organization, and we see four configurations emerging, each requiring different controls and governance models (figure 1):

1. Vendor-embedded AI: The vendor controls AI inference and pricing, and the system of record offers the enterprise the least architectural control. AI markups are embedded in vendor pricing and agent access (for example, token metering in contracts).
2. Cloud-hosted AI: AI runs on the cloud provider’s infrastructure, while the system of record serves as a data source only. Tollgating is applied through cloud consumption and hosted inference fees.
3. Enterprise-controlled orchestration: The enterprise retains orchestration control above the Model Context Protocol/API layer, but pays tollgate fees to the vendor. Tollgating is applied at the vendor API or model-access layer.
4. Composable re-platforming: Modular AI services replace system-of-record workflow layers, giving the enterprise the highest architectural independence. No additional vendor access or tollgating fees apply.

If an AI business case can be fully contained within that business layer (business capability workflows), then data portability fees to extract or API-enable that data may make sense. Enterprises that cede orchestration control are, in effect, accepting a perpetual markup on their own AI programs—a dynamic that is now visible in quarterly IT budgets and beginning to surface as a board-level governance question. This may make sense when there are clear success measures but may not when the enterprise is running more complicated processes. The real challenge ahead is assembling enough context across surfaces for an agent to deliver reliable outcomes with traceability and auditability.

How might vendor ecosystem management approaches need to change in the short, medium and long term?

In response to these shifts, we believe the most striking enterprise stopgap is a return to contractual fundamentals. Several major companies have discovered that existing ERP agreements negotiated before the AI era contain explicit protections (unrestricted data use and broad API access rights, for example), while others are focused on locking in near-term data protections during upcoming contract renewals.

On-premises contracts give enterprises full control of their data, therefore, intentionally remaining on prem and delaying a cloud transformation is one way that companies can protect their data access. For example, the chief information officer of a major agriculture chemicals company with six ERPs decided to remain on prem, knowing a cloud migration would impact data ownership and maintenance terms. This has given the company time to think through data architecture and cost implications across its vendor ecosystem ahead of negotiations.

However, for those without built-in data rights protections, near-term architectural decisions made today could result in increased API costs for data access. Contract renewals may force urgent, data ownership term negotiations at cyclical renewals. Along those lines, during a multi-year ERP implementation, one global resources company described its contract terms as “worth its weight in platinum.” The enterprise had the foresight to include data rights protections in its ERP agreement—protections its chief information officer believed the vendor would “pay money to eliminate,” given the value of the system-of-record data and its importance to the company’s agentic architecture.³

For many organizations, data rights negotiations may arise due to imminent renewal cycles. In such cases, leadership may opt to intentionally sequence and prioritize discussions where urgent protection of existing data rights is necessary while simultaneously advancing architectural independence at the orchestration layer. Likewise, contract reviews can be prompted by significant corporate changes, including private equity acquisitions or mergers. Under these circumstances, leaders are required to take measures to align and integrate the distinct contracts brought by each entity.

A reactive strategy may suffice temporarily, but long-term success requires forward-looking planning. Enterprises should assess risks across their partner ecosystem every 18 months, factoring in financial, architectural, and data concerns. Vendor management should shift from isolated sourcing to strategic planning. Instead of future-proofing against uncertainty, organizations should define acceptable risk at each decision—such as buy versus build, data rights, and partner selection—as AI and tech strategies evolve. This ongoing process ensures competitive advantage and strong foundational principles before new contract cycles.

Many enterprises lack a systematic vendor risk management strategy that spans technology planning, architectural decisions (buy vs. build), and ecosystem oversight guided by financial principles. Enterprise architecture, sourcing, and finance and IT strategy should collaborate on horizon planning rather than rely on isolated approaches common in IT sourcing and contracting (figure 2).

As AI economics shift, how can enterprises refactor total cost of ownership and adopt cost-aware architecture?

Tollgating is one pricing change in a sea of change to AI total cost of ownership. Deloitte’s AI tokenomics research speaks to the shifting economics across the stack. Every architectural decision (model selection, application design, and hosting strategy, for example) comes back to AI tokens. As AI adoption accelerates, tokens—not licenses or head counts—are becoming the true unit of cost.

Cost-aware architecture now requires considering data access fees, tokens, shifting approaches to intellectual property monetization, and more when calculating the real unit cost of agent tasks. Advanced reasoning models are more expensive, with vendors sometimes charging extra to see thinking as detailed outputs. Optimizing token throughput is crucial at the application layer for system efficiency. Infrastructure choices (SaaS, cloud, or in-house) affect per-token task costs and an organization’s ability to control expenses via AI finops. AI is driving new data monetization and intellectual property strategies by enterprises and vendors alike and in some cases together which now need to be factored to rebalance the equation for return on investment.

4 moves for managing agentic SaaS costs and capabilities

The growing variety of pricing models—whether token-based metering, shifting model pricing, data tollgating, or emerging models yet to take shape—will collectively affect both the enterprise bill and system design, including technology strategy, architecture, and workflows. The goal is not to resist AI investment, but to retain architectural and commercial control over where the value accrues. The most effective enterprise strategies cluster around four no-regret moves.

• Develop an enterprise orchestration strategy and engage your vendors as partners in doing it. Orchestration determines which data, agents, and workflows are used, making it a strategic control point for enterprises. Deciding who owns the orchestration layer—enterprise or vendor—is critical, especially since the Model Context Protocol layer above the system of record is where AI value grows and vendor lock-in risk increases. Whoever hosts this layer drives usage growth. Enterprises that manage their own orchestration keep their margins, while those relying on ERP vendors pay ongoing markups. This has become a key build-versus-buy choice in enterprise technology.
• Understand where your most important data sits. Your systems of record hold valuable data, but proving its worth requires quantifiable metrics. To determine if using this data is cost effective, understand your data's core location and the API structure supporting AI agents. Most enterprises lack a systematic way to link data costs to specific business processes, teams, or AI use cases. Moving forward depends on restructuring workflows around clean, authoritative data—starting with managing supplier, customer, or material master records. This strengthens AI governance and establishes a solid foundation for knowledge graphs and agent controls that shifts from pilot purgatory to product-grade applications.
• Treat enterprise planning cycles as the window for tollgating decisions, not just contract renewals. Contract renewals often occur too late for effective negotiation, with AI architecture already built, budgets set without considering data egress costs, and roadmaps committed. Audit contracts before negotiations or acquisitions to identify strategic terms, especially in legacy ERP agreements that may grant valuable data rights vendors don’t offer in new deals. Once these terms are lost during renewal or modernization, they can’t be easily recovered. Enterprises should consider contract terms when targeting acquisitions and can separate maintenance from modernization to preserve operational stability while gaining financial flexibility. Transitioning to third-party maintenance for multiple legacy ERPs can save millions yearly, freeing funds for critical AI investments.
• Build agent governance as a first-class capability and use it as a commercial tool. In multi-vendor, multi-agent environments, each agent handling enterprise data requires clear identity, access controls, audit trails, and deactivation options. While enterprises typically focus on security and compliance, robust governance infrastructure adds value by enabling flexible tollgating and built-in auditability, essential for Sarbanes-Oxley compliance and EU AI Act requirements from August 2026. Reliable systems need thorough execution logs and persistent context; agents managing ERP transactions must provide token-level traceability for authorization and decisions. Leaders should proactively bridge governance gaps, as custom agents updating SOR data span multiple systems and often lack full decision tracking unless specifically integrated. Neglecting auditability can lead to costly re-engineering and compliance risks.

AI is driving complexity across the technology ecosystem in ways that are still unfolding. Tollgating is one speed bump that brings cost, contracting, and architectural complexity, but it’s also just one of many pricing shifts across the ecosystem, forcing leaders to rethink cost decisions across contracts and architecture through a sharper cost-to-value lens. In that environment, AI value may come down to how those choices are made.