Mykhailo Federov told Politico at Davos that SAP, a German business-software giant, is “still continuing to work in Russia and to pay taxes to help finance the Russian army.” He also said Cloudflare, a U.S. security and Internet-infrastructure company, “continues to protect Russian websites.”

It is certainly the case that SAP and Cloudflare continue to operate in Russia to some degree, though their stances⁠—as articulated in their defenses⁠—indicate some of the challenges and nuance that companies currently face regarding the Russian question.

In the case of SAP, the company is already on its way out of the Russian market. Within a week of Vladimir Putin’s February 24 invasion of Ukraine, SAP halted sales in Russia and Belarus (a client state of Russia’s that Moscow used as a launchpad for parts of the invasion.) And in mid-April, it signaled an ongoing “orderly exit” from Russia.

“Cloud contracts of Russian customers will not be renewed after the current term expires. It is also planned to discontinue support and maintenance of on-premise products in Russia. This means that Russia no longer plays a role in SAP’s medium- and long-term planning,” the company said Tuesday in an emailed statement.

SAP also said it and its employees had donated over €4 million ($4.3 million) to Ukrainian causes, and stressed that its donation of business software to an NGO working with Ukrainian authorities had “enabled the Ministry of Health of Ukraine, among others, to purchase medical supplies quickly.”

“SAP has stood in solidarity with the Ukrainians since the start of Russia’s unjustified war,” the company said.

Cloudflare, meanwhile, insists it has never had a corporate entity, office or employees in Russia anyway. And as for the American company’s “minimal sales and commercial activity” in the country, CEO Matthew Prince said in a blog post last month: “We’ve taken steps to ensure that we’re not paying taxes or fees to the Russian government.”

Cloudflare pointed Fortune to that post on Tuesday, adding that it had also terminated any customers it had identified as tied to sanctions, including those applied to Russians who are complicit in the invasion.

However, the company does say it will keep serving average Russian citizens, and maintains that pulling its services completely would—in Prince’s words—”do more harm than good.”

Cloudflare, which runs vast networks of servers that improve the speed, quality and security of online content delivery and consumption, actually has some pretty strong backing in this regard.

Many digital rights campaigners have pointed out that interfering with Russians’ ability to access the Internet would make it harder for them to learn the truth about what is happening in Ukraine, to organize opposition, and to tell the outside world what is happening in Russia. The U.S. State Department has said much the same.

As Prince observed in that April blog post, a Cloudflare product called WARP / 1.1.1.1 suddenly became Russia’s most downloaded mobile app soon after the war began. The app has virtual private network (VPN) functionality that allows people to conduct online activities without being spied upon by Russia’s ever-present online surveillance apparatus.

“While levels have receded from their peak, a large number of Russians continue to use Cloudflare WARP in Russia at massively higher levels than pre-war,” Prince wrote, adding that Cloudflare’s servers inside Russia were also blocking many cyber-attacks emanating from within that country.