From System of Record to System of Action

Enterprise software is being rebuilt for AI agents. Salesforce calls it Headless 360. DocuSign calls its agreement layer the system of action. Workday's president of product and technology used the same phrase for ERP in September 2025: "transforming it from a passive system of record into a system of action that drives real outcomes." Three of the largest enterprise software companies in the world are converging on shared language for the same architectural shift: from passive systems of record to permissioned execution surfaces. The financials, the partnerships, and the pricing changes all line up behind it.

I have been watching this play out across earnings calls, protocol releases, and the integrations that did and did not get announced in the last six months. The pattern is bigger than any single vendor. It is reshaping what enterprise software is, what counts as a moat, and which categories will look unrecognizable in two years.

This essay is about what is actually changing, where the proof is, and how to read the signal across the rest of your stack.

What "headless" actually means

Headless is not a new idea in software. A headless browser is a browser without a UI, used by automated tests and crawlers to interact with websites programmatically. A headless CMS separates content storage from any specific presentation layer. Headless commerce decouples the storefront from the backend so the same product catalog can drive a website, a mobile app, a kiosk, or a voice assistant. The pattern is always the same: take software that was built around a human-facing UI and expose its capabilities through programmable surfaces instead.

What is new is that the largest enterprise software platforms are now applying this pattern to themselves. The cleanest articulation came at TrailblazerDX 2026, where Salesforce co-founder Parker Harris asked: "Why should you ever log into Salesforce again?" The answer Salesforce gave is that you should not have to. Every capability inside the platform is now exposed as one of three things: an API, an MCP tool, or a CLI command. The browser is optional. So is the human.

Salesforce was explicit about the trio: "Agents are too, and they don't go to a browser or click through UIs. They call APIs, invoke MCP tools, and run CLI commands directly." None of these three patterns is new on its own. APIs have existed forever. CLIs have existed forever. MCP is the most recent addition. What changes when an enterprise platform goes headless is that every capability is now reachable through these patterns, not just the subset the vendor decided to expose for integrations. The platform stops being a destination. It becomes a set of capabilities that humans and agents can call from wherever they already are.

A System of Record stores the truth about a domain. A System of Action executes against that truth on behalf of a human, through an AI agent, with the same audit trail and permissioning the human had. Going headless is the architectural prerequisite. Without it, you are still locked inside the vendor's UI.

Why this is possible now and not two years ago

Three things had to happen at the same time. None of them were obvious from the outside.

First, two complementary protocol standards. The Model Context Protocol, released by Anthropic in late 2024 and adopted by OpenAI, Google, and Microsoft within a year, gave every AI client a common way to discover and call tools on remote systems. Google's Agent2Agent (A2A) protocol, launched at Google Cloud Next in April 2025 and now donated to the Linux Foundation, gave agents a common way to talk to other agents. Before MCP and A2A, every integration was a custom contract between one vendor and one model. After them, a vendor ships one server and every major client speaks to it. Combined with the older APIs and CLIs that already existed, vendors now have multiple durable, standardized ways to be agent-reachable.

Second, models that can actually use tools. The frontier models that shipped in 2025 can chain tool calls reliably enough to run multi-step workflows. Not perfectly, but reliably enough that a single prompt can drive a six-step process across multiple systems. I wrote about why splitting AI work into measurable stages matters in Why Single-Prompt AI Analysis Is Fundamentally Broken.

Third, vertical training data at scale. Generic LLMs hallucinate domain-specific structure. Vertical-trained ones do not, or at least do it less. Every category that has a meaningful System of Action emerging is built on a corpus of proprietary training data the vendor controls.

The combination of these three is what makes a System of Action possible. Take any one away and you are back to copilots that summarize.

A System of Record stores the truth. A System of Action executes against it.

The proof, across multiple vendors

The interesting thing is not that one vendor moved. It is that the largest vendors moved within months of each other, with different terminology and the same architecture.

Vendor	Term used	Announced	Mechanism
Salesforce	Headless 360	15 April 2026	API + MCP + CLI
DocuSign	Agreement System of Action	24 February 2026	MCP server (beta) + Anthropic Cowork
Workday	Agent System of Record / "system of action"	February 2026 (GA)	Agent Gateway + MCP + Google A2A
SAP	(AI consumption pricing announced)	March 2026	Pricing model change as architectural signal
ServiceNow	Now Assist + MCP Server	Throughout 2025-2026	MCP + A2A across Anthropic and Google

Salesforce. Announced Headless 360 on 15 April 2026. Sixty new MCP tools, thirty preconfigured coding skills, the entire Salesforce platform exposed as APIs, MCP servers, and CLI commands. Joe Inzerillo, Salesforce's president of enterprise and AI technology, told VentureBeat the decision was made "two and a half years ago": "Rebuild Salesforce for agents." The Futurum Group's Dion Hinchcliffe described what Salesforce is doing as "moving from a system of record to being the system of execution". Diginomica framed it more sharply: Salesforce is "re-optimizing its platform for agents, not people."

DocuSign. Announced the Anthropic Cowork partnership on 24 February 2026. The integration "transforms how teams work with agreements, moving from passive summarization to active execution." On the Q4 FY26 earnings call three weeks later, CEO Allan Thygesen described what the company has become: "Docusign's AI-native IAM platform has established clear market leadership as the agreement system of action for companies of all sizes." The financials follow the language. IAM ARR went from 2.3% of total ARR at the end of FY25 to 10.8% (over $350 million) at the end of FY26, on a path to roughly 18% (over $600 million) by end of FY27 (SEC 8-K, 18 March 2026).

Workday. Workday president of product and technology Gerrit Kazmaier framed the shift directly in September 2025: "we're redefining ERP for the AI era – transforming it from a passive system of record into a system of action that drives real outcomes." Workday's Agent System of Record (ASOR) became generally available in February 2026. The Agent Gateway accepts external agents over MCP and Google's A2A protocol; external agents can either delegate to Workday's own agents to inherit the compliance rails or call the APIs directly, now metered per-call. Same architectural pattern. Different vertical.

SAP. CEO Christian Klein announced in a March 2026 Bloomberg interview that SAP will shift to AI consumption pricing. ERP Today framed the move bluntly: per-user pricing is "structurally incompatible with agent-driven ERP." The pricing model change is the financial proof of the architectural change.

ServiceNow. ITSM tickets are inherently action-oriented. ServiceNow's Now Assist, Agent Control Tower, and MCP Server Console integrate with both the Anthropic and Google ecosystems. At Google Cloud Next 2026, ServiceNow took home four Partner of the Year awards and announced joint solutions across telco, retail, and IT operations using "ServiceNow agents and Gemini agents handing off through MCP and A2A."

Five major vendors. Same architectural move. Different verticals. Different terminology. Within one financial quarter.

The financial proof: pricing is changing too

Architecture changes are easy to announce. Pricing changes are the proof that something has actually shifted, because companies do not change their billing models unless they have to.

The traditional SaaS pricing model assumes humans are the unit of consumption. Per-seat pricing was, as one analysis put it, "not a pricing philosophy. It was a proxy. Human headcount was a reasonable stand-in for value delivered." That proxy breaks when an agent is doing the work. One agent can replace the activity of many seats. Per-seat pricing in an agentic world is asking customers to pay for capacity they no longer need.

The vendors are responding. Thygesen on the Motley Fool interview, October 2025: "Historically, the way DocuSign has been priced is we sell our electronic signature product in batches of envelopes... that obviously doesn't work anymore, given that we're now doing this much broader range of workflows that's not necessarily related to agreement volume."

Salesforce Agentforce charges $2 per conversation under its Conversations model, or $0.10 per standard action under Flex Credits (recommended for most new deployments in 2026). Microsoft Copilot Studio uses the same structure: $200 per 25,000 credits pay-as-you-go. Intercom's Fin charges $0.99 per resolved customer support conversation. Zero outcomes, zero charge. SAP CEO Christian Klein announced in March 2026 that the company will shift to AI consumption pricing. Workday's external API calls under Agent Gateway are now metered per-call.

Vendor	Pricing model	Unit
Salesforce Agentforce	Conversation / Flex Credits	$2 per conversation, or $0.10 per standard action
Microsoft Copilot Studio	Pay-as-you-go credits	$200 per 25,000 credits
Intercom Fin	Outcome-based	$0.99 per resolved conversation
Workday Agent Gateway	Metered API calls	per-call
SAP	Consumption-based (announced March 2026)	AI workflows shifting from per-user

Bessemer Venture Partners' AI pricing playbook summarized the direction: "AI-native companies are abandoning seat-based SaaS pricing in favor of usage-, output-, and outcome-based models that directly align revenue with measurable results." Deloitte's 2026 prediction was that "subscriptions and seat-based licensing could give way to hybrid approaches that blend usage- and outcome-based pricing."

The pricing shift matters because it changes what enterprises are actually buying. The procurement conversation moves from "how many seats do we need" to "how much execution do we need to pay for." That is a different finance discussion. It also exposes vendors that cannot show concrete agent-driven outcomes, because under outcome-based pricing the vendor only gets paid when the agent actually performs.

What works today, what does not

The architecture shifts faster than the implementation. This is where the practitioner notes matter.

The DocuSign MCP server, in beta since October 2025, exposes three API surfaces. The Navigator API (the agreement repository) is read-only over MCP. The eSignature API supports envelope creation, status tracking, and template-based send. The Maestro API supports workflow trigger. Read-only Navigator is the limiting factor for fully autonomous workflows. An agent can read agreement context and act on it, but it cannot enrich Navigator with new structured records.

Rate limits are real. The default is 3,000 API calls per hour per account, with a 500-call burst limit per 30 seconds, and a polling rule that limits unique resource requests to one per 15 minutes. For individual users this is fine. For enterprise multi-agent workflows at scale, you will hit these limits. The path forward is to move from polling to event-driven webhooks. Most organizations have not done this yet.

Production access requires DocuSign approval. Developer accounts can build today, production deployments at scale need a conversation. Salesforce Headless 360 has usage limits in its developer edition set at 110 requests per month and 1.5 million tokens. Info-Tech Research Group's advisory fellow Scott Bickley pointed out that Salesforce's announcement was silent on SLAs for operations such as MCP tool calls, which matter materially for real-time agent workflows.

Even with the gaps, agentic workflows are running in production. Fiserv demonstrated a customer address-change workflow at DocuSign Discover 2025 that orchestrates identity verification, record retrieval, form generation, compliance routing, eSignature, and core-system update from a single conversational prompt. What used to be a multi-day cycle collapsed into minutes.

There is also a genuine gap nobody is closing yet. None of the major MCP servers I have seen support agent identity beyond inheriting the authenticated user's role. Multi-agent workflows where one agent delegates to another with its own scoped authority are not yet a first-class abstraction. Datawiza identified six related governance problems that intensify when the agent population shifts from dozens of developers to thousands of employees: identity, authorization, data scope, anomaly control, attribution, and credential management. The vendor that solves agentic permissioning at scale will define the next architecture layer.

The honest counter-evidence

Three things bear naming, even though they do not change the structural argument.

Most enterprise AI projects still fail. S&P Global Market Intelligence's "Voice of the Enterprise: AI and Machine Learning, Use Cases 2025" found that 42% of companies abandon the majority of their AI initiatives before they reach production, up from 17% the year prior. The average organization scrapped 46% of its AI proof-of-concepts before deployment. MIT's State of AI in Business 2025 reported that only 5% of enterprise GenAI pilots achieve measurable P&L impact. Going headless does not fix execution.

In the contract category specifically, Sirion was ranked highest in all four use cases of the Gartner Critical Capabilities for Contract Lifecycle Management for three consecutive years through 2025. For deep clause classification on a benchmark playbook, Sirion's specialized models still outperform DocuSign's general-purpose Iris. Ironclad's public positioning is direct: "DocuSign started at the end of the process, signing, and worked backwards to include contract creation and management." Distribution and training-data scale matter, but they do not eliminate gaps in clause-classification depth or pre-signature usability. The vendors that win the next two years will be the ones who close their specific gap fastest.

Diginomica's Stuart Lauchlan made the observation that headless is harder than it looks. "Most enterprises are not even thinking of re-configuring themselves in this way. Their capabilities remain embedded in applications, distributed across teams, and often only partially defined. They rely on people to bridge the gaps... The problem, once seen in this context, is less one of data and more one of operating debt." Going headless surfaces every capability that was implicit in someone's job. The technology is fast. The organizational reality is not.

The DACH constraint nobody is pricing in

If you are building or buying in DACH, the regulatory stack adds work the US use case does not have.

The EU AI Act entered into force in August 2024. Prohibited practices became enforceable in February 2025. Obligations for general-purpose AI hit in August 2025. High-risk system requirements hit in August 2026. Contract-related AI in HR, especially anything touching hiring or performance evaluation, falls into the high-risk category. Penalties go up to €35 million or 7% of global turnover for prohibited practices. Article 14 human-oversight requirements interact with GDPR Article 22's right not to be subject to solely automated decision-making. Cumulative penalties under both frameworks are possible. Human-in-the-loop is a regulatory requirement, not optional. (For a practitioner view of what running everything inside European jurisdiction actually requires, see Data Sovereignty as a Solo Founder.)

eIDAS 2.0 entered into force on 20 May 2024. By December 2026, every EU member state must provide an EU Digital Identity Wallet. Agent-initiated qualified electronic signatures are not yet a settled regulatory pattern.

But the more interesting DACH question is not regulation alone. It is where the headless platform actually runs.

In November 2024, Google announced Workspace by STACKIT. Google Workspace hosted inside the German and Austrian data centers of STACKIT, the cloud arm of Schwarz Group (Lidl and Kaufland's parent, Europe's largest retailer). Customer data stays in the EU. Backups stay in STACKIT facilities. Client-side encryption with bring-your-own-key means even Google itself cannot access the data. Schwarz Group announced plans to migrate 575,000 of its own employees to this setup. Rolf Schumann, Co-CEO of Schwarz Digits, framed the move bluntly: "Germany and the EU have until now lacked enterprise-grade cloud collaboration solutions that fully address the sovereignty requirements of regulated industries, including ensuring all data is secured and backed up on local soil with absolutely no opportunity for access by foreign nations or platform providers."

The pattern matters beyond Workspace. It is a template for how a headless platform from a US vendor can run inside a sovereign European cloud, with the platform vendor technically unable to read the data. The Cloud Act becomes irrelevant by architecture, not by promise.

DocuSign has had a structurally similar pattern with Deutsche Telekom since 2017. The two companies operate joint data centers in Germany and France for what DocuSign calls its Global Trust Network. Deutsche Telekom is simultaneously a reseller, an investor, and a data center provider. In February 2026, T-Systems rebranded the Open Telekom Cloud as T Cloud Public, repositioning Deutsche Telekom's hyperscaler-alternative public cloud with the same architectural promise STACKIT has used: protection from US extraterritorial reach by technical architecture, not just contract. The DocuSign Hybrid Cloud deployment option, available for customers who want signing infrastructure inside their own data center, is the same template: keep regulated customer data inside a sovereign perimeter while the agent layer runs on top.

The sovereign hosting question gets sharper for Systems of Action than for traditional SaaS. An action layer that orchestrates contract execution, employment workflows, or financial transactions on behalf of an AI agent touches more sensitive data, more often, in more contexts than a passive system of record. The DACH regulated industries that have been waiting for both cloud collaboration and AI now have working templates: install the headless platform inside a sovereign cloud with technical guarantees that override jurisdictional risk. The vendors that win DACH in the System of Action era will be the ones that can replicate this pattern at scale, or the ones that have already done it.

The Mittelstand reality is harder than any of this. Bitkom's September 2025 KI study found 36% of German companies with 20+ employees now actively use AI, almost double the 20% one year prior, while another 47% are planning or discussing it. The Mittelstand still lags larger enterprises, with adoption uneven across sectors. For the customer where 30% of companies still fax frequently (Bitkom Digital Office Index 2024), the System of Action argument is real but the path is multi-quarter, partner-led, and starts with read-only queries before any write actions. The vendors that win DACH will be the ones who build a regional partner ecosystem that can sit with a works council, navigate the GDPR posture, do the SAP integration in German, and host inside a sovereign cloud when the customer needs it.

The diagnostic to run on your own stack

Three questions, applied to every System of Record in your enterprise:

Does the system expose its capabilities through APIs, MCP tools, and CLI commands, with the full surface area available outside the UI? If yes, the platform is going headless and your agent can act across the stack. If only some capabilities are exposed, you are still partly inside the vendor's UX prison.

Does the system have proprietary training data that measurably improves AI output in its domain? Without this, the vendor has no durable moat. With it, the vendor's agents will outperform anyone else's on the same task. Track the data corpus, not the marketing.

Does the system support agentic permissioning beyond inheriting the user's role? Today the answer is almost always no, including at Salesforce, DocuSign, and Workday. The vendor that solves this first will define the next architecture layer. Track who is working on it.

Run those three questions across your stack. The vendors with all three answers ready are the ones building Systems of Action. The rest are repositioning.

What this means

For builders, the integration choice you make today matters more than the model choice. Pick a vendor whose headless surface is real and whose data moat is real. The model on top will get better. The plumbing underneath has to be already there. If you are building on a System of Record that has not started the headless transition, you are building on sand.

For buyers, the budget conversation shifts. You are not buying e-signature software, or CRM, or HRIS. You are buying a permissioned execution surface for agents. The procurement criteria change. SOC 2 is the baseline. The new questions are about agent identity, audit trails for AI-initiated actions, scope granularity, rate limits, EU data residency, and pricing model: per-seat, per-action, per-outcome, or hybrid. The vendors that cannot answer those questions concretely have not made the shift yet.

For partners, the Mittelstand gap is the opportunity. The transformation will not happen through US-based account executives running Zoom demos. It will happen through regional partners who know the works council, the GDPR posture, and the domestic ERP integration patterns. The DACH partner ecosystem will look like a smaller, more specialized version of what already exists for Salesforce: identity-verification specialists, regulated-industry implementation partners, vertical SaaS players who embed the action layer inside their own product.

Three takeaways for builders, buyers, and partners

A System of Record stores the truth. A System of Action executes against it. The shift is structural, not cosmetic. Going headless is the architectural prerequisite. If you cannot reach a vendor's capabilities through APIs, MCP tools, and CLI commands without opening their UI, your software is not an action layer yet.

Architecture changes are easy to announce. Pricing changes are the proof. Watch which vendors actually change their billing model. Per-seat pricing is structurally incompatible with agent-driven workflows. The vendors that move to consumption, outcome, or hybrid pricing in 2026 are the ones that have made the architectural shift in earnest. The rest are repositioning.

The execution risk is bigger than the structural argument. 42% of companies abandon most of their AI initiatives before reaching production. The nearly 30% higher ROI that DocuSign and Deloitte's 2026 joint study found for organizations using agentic agreement workflows is captured by the small fraction that finish their rollout. Plan for the rollout being the hard part.

Frequently Asked Questions

What is the difference between a System of Record and a System of Action?

A System of Record stores authoritative data about a domain. A System of Action executes work against that data through an AI agent, with the same audit trail and permissioning the human had. Different vendors describe this shift in different language in 2026: Salesforce's Headless 360, DocuSign's agreement system of action, Workday's reframing of ERP as "a system of action."

What does "headless" actually mean here?

A headless platform exposes its full capabilities outside its own user interface. The pattern comes from older ideas like headless browsers, headless CMS, and headless commerce. Salesforce Headless 360 makes every capability accessible as an API, an MCP tool, or a CLI command. The platform stops being a destination.

Why does pricing matter as much as architecture?

Per-seat pricing assumes human headcount drives software consumption. AI agents break that assumption. If the architecture is real, the pricing model has to change with it. SAP announcing a shift to AI consumption pricing in March 2026, Salesforce Agentforce charging per conversation or per action, Workday metering external API calls per-call: these are the financial proofs that the architectural shift is genuine.

How do I evaluate whether a vendor is really making the shift?

Three questions. Does the vendor expose its full capability surface through APIs, MCP tools, and CLI commands? Does the vendor have proprietary training data that measurably improves AI output in its domain? Does the vendor support agentic permissioning beyond inheriting the user's role? Most vendors claiming "AI-native" today fail at least one of these three, and almost everyone fails the third.

Is this safe to deploy in regulated industries in Europe?

The EU AI Act treats HR-related AI as high-risk, with full obligations enforceable from August 2026. eIDAS 2.0 requires every EU member state to provide a Digital Identity Wallet by December 2026. Human-in-the-loop is a regulatory requirement, not optional. Sovereign-cloud templates like Workspace by STACKIT and Deutsche Telekom's T Cloud Public show how to run a headless platform inside an EU-jurisdiction perimeter.