Monday, 9:00 AM. The CIO opens an email: “Oracle License Review Request - Your Company”. Heart starts beating faster. Oracle LMS wants to conduct a “routine license review”. A routine that has cost companies worldwide billions of dollars in unplanned licensing fees over the past 5 years. Some audits ended with claims exceeding $10 million. And now it’s your turn.
Read also: Cloud License Optimization 2026: How to Recover 30% of Your
Oracle has a reputation as the most aggressive software vendor when it comes to licensing audits. Their licensing model is notoriously complex - processor, named user plus, applications, databases, options, packages - every element can be a source of non-compliance. And non-compliance in the Oracle world can mean multi-million dollar retroactive penalties plus forced license purchases at full list prices without negotiated discounts.
Why does Oracle audit so aggressively and who do they target?
“Organizations waste an average of 33% of their software spend on unused or underutilized licenses.”
— Flexera, State of IT Asset Management Report 2024 | Source
Business model based on audits. Analysts estimate that 20-30% of Oracle’s on-premise licensing revenue comes from audits and resulting reconciliation purchases. This isn’t a side effect - it’s a core revenue stream. Oracle has dedicated audit teams (License Management Services) whose job is to generate audit revenue.
Customers migrating to cloud are targets. Oracle sees customers moving workloads to AWS, Azure, GCP. Before they leave completely, Oracle wants to maximize revenue. An audit is a tool to “check if everything is truly compliant” - and it almost never is.
Companies after mergers and acquisitions. M&A is licensing chaos. Two companies with different Oracle environments, different documentation, different purchase histories. Oracle knows there are gaps there.
Organizations with large environments not updated for years. If a company bought licenses 10 years ago and since then the environment grew organically - chances of non-compliance are high.
Companies planning renewal or renegotiation. “Want to negotiate a new agreement? First let’s check if you’re compliant with the current one.” Audit as leverage in negotiations.
Regulated industries (finance, healthcare, utilities). They have budgets, they have risk aversion, and Oracle knows they’ll pay to close the matter.
What are the most common Oracle licensing pitfalls?
Processor vs. cores licensing. Oracle counts licenses by “processors”, but the definition of processor depends on hardware type. Intel x86 has a core factor of 0.5 (2 cores = 1 Oracle processor). SPARC has 0.5 to 1. IBM Power from 0.75 to 1. A mistake in calculation means under-licensing.
Named User Plus minimums. Oracle Database Enterprise Edition requires a minimum of 25 Named User Plus per processor, even if you use the database with only 10 people. Many companies don’t know these minimums and buy “what they need” - which is non-compliant.
Database options and packages. Oracle Database has dozens of options: Partitioning, Advanced Security, Diagnostics Pack, Tuning Pack, Real Application Clusters. Each requires a separate license. Administrators often enable options “to test” and forget to disable them. The audit discovers this.
Virtualization without hard partitioning. Oracle requires licensing all processors in a virtualization cluster unless you use “approved” hard partitioning (Oracle VM, Solaris Zones). VMware, Hyper-V, KVM - you must license the entire cluster, even if Oracle runs on one VM. This is the most expensive mistake.
Disaster recovery and failover. DR environments that are “cold standby” and used only in disaster - Oracle wants full licenses for them if they’re powered on. “Powered on but inactive” still requires licenses in Oracle’s view.
Java after 2019. Oracle Java SE requires a commercial license from Java 11 for production use (after 2019 changes). Companies using Oracle JDK without a license are another source of claims.
Middleware: WebLogic, Fusion Middleware. Often installed as part of a larger deployment (e.g., with Oracle E-Business Suite) and then extended to other uses without additional licenses.
What does the Oracle audit process look like from the inside?
Phase 1: Notification Letter. A formal letter informing about a “license review”. Oracle cites the audit clause in the licensing agreement (almost every Oracle agreement contains one). You have limited time to respond.
Phase 2: Information Request. Oracle sends a detailed questionnaire: what products, what environments, what hardware, how many users. Plus a request to run Oracle audit scripts on your servers.
Phase 3: Data Collection. Oracle scripts collect data about installations, configuration, usage. Oracle wants raw data from your systems. This is where the danger begins - scripts can collect more than you need to disclose.
Phase 4: Analysis by Oracle LMS. Oracle analyzes data and prepares “findings” - a list of non-compliances. This report is one-sided - it assumes maximum usage and the broadest interpretation of licenses in Oracle’s favor.
Phase 5: Preliminary Report. Oracle presents preliminary claims. They’re often shockingly high - multiple times client expectations. This is a tactic - they start high to have room for “negotiation”.
Phase 6: Remediation Discussion. The company can challenge findings, present evidence, negotiate. Here the final amount is decided. Without preparation - you lose.
Phase 7: Settlement. Settlement or escalation to lawyers. Most companies choose settlement - courts are expensive and risky. Settlement often includes purchase of additional licenses or migration to Oracle Cloud.
How to prepare BEFORE an audit - preventive actions?
Internal self-audit annually. Don’t wait for Oracle. Check your environment yourself: what Oracle products are installed, on what hardware, with what options. Compare with purchased licenses. Identify gaps before Oracle does.
Dedicated SAM tools. Oracle’s own tools (LMS Collection) are pro-Oracle. Use independent tools: Flexera, Snow Software, ServiceNow SAM. They give an objective picture without Oracle bias.
Purchase and entitlement documentation. Gather all licensing agreements, POs, purchase confirmations. Organizations lose documentation after mergers, IT changes. Without documents, you can’t prove you have licenses.
Environment mapping. Where is Oracle installed? On what hardware? In what configuration? Who has access? This map is the basis of every audit and every defense.
Virtualization policy. If you use VMware/Hyper-V with Oracle - either consolidate Oracle on dedicated hosts (and license only those hosts) or prepare to license everything. Architectural decision has licensing implications.
Administrator training. The DBA must know that enabling a database option requires a license. The dev team must know that installing Oracle on a dev server is subject to licensing. Awareness = prevention.
How to react when the notification letter arrives?
Don’t panic, but act quickly. You usually have 30-45 days to respond. This isn’t time for “we’ll see”. This is time for mobilization.
Engage a lawyer specializing in licensing. Oracle has lawyers - you should too. A standard corporate law firm may not know Oracle licensing nuances. Look for specialists (IAITAM, IBSMA certified).
Don’t run Oracle scripts without analysis. Oracle scripts collect data. You don’t have to run them immediately. You can negotiate scope, you can run your own tools first, you can require an NDA on collected data.
Conduct your own parallel audit. Before handing data to Oracle - understand your environment yourself. Independent data gives you a position to challenge Oracle’s findings.
Communication through single point of contact. Designate one person responsible for communication with Oracle LMS. Don’t let auditors call admins directly and ask questions. Control information flow.
Document everything. Every email, every conversation, every submitted piece of information. In case of dispute - documentation is critical.
How to challenge Oracle findings and negotiate?
Understand how Oracle calculates claims. Oracle often assumes maximum usage. Enabled option = fully utilized. VM capable of migrating across entire cluster = entire environment requires licenses. Challenge these assumptions.
Prove actual usage. If an option was enabled but not used - show logs. If a VM was never on a given host - show vmotion history. Oracle often withdraws claims in the face of hard evidence.
Challenge licensing interpretations. Oracle’s licensing documents are unclear by design. Your interpretation may be as valid as theirs. A lawyer will help find precedents and arguments.
Negotiate scope. You don’t have to remediate everything immediately. You can negotiate: “We’ll remove this environment within 90 days” instead of buying a retroactive license.
Use leverage. Are you planning other Oracle purchases? Support renewal? Maybe a new project? Oracle wants future business - use this as a bargaining chip.
Don’t agree to the first offer. Oracle’s first claim is always inflated. Counter-offer 30-50% lower and negotiate. Oracle expects negotiations.
What options does a company have if claims are absurd?
Refusal to sign settlement. You can say “no”. Oracle would have to go to court to enforce claims. Most companies don’t want to risk it, but it’s an option.
Engaging independent auditors. Firms like KPMG, Deloitte, specialized boutiques can conduct an independent audit and give you a report you can counter with against Oracle’s report.
Escalation to Oracle corporate. LMS is a revenue center - their KPI is how much money they collect. The Account Manager has different interests - maintain relationship, sell cloud. Sometimes escalation to sales leadership changes the dynamic.
Mediation. Some agreements provide for mediation before court. A neutral party can accelerate resolution.
“Cutting Oracle” strategy. If claims are absurd - maybe it’s a good time to plan an exit from Oracle. Migration to PostgreSQL, MySQL, MariaDB, AWS Aurora. Expensive but eliminates the problem going forward.
How does Oracle Cloud affect audit strategies?
ULA (Unlimited License Agreement) as trap and opportunity. Oracle often offers ULA - “unlimited” licenses for a specified period. Customers think it solves the compliance problem. But after ULA ends comes “certification” - you must count how much you use and that number becomes your entitlement forever. If you count wrong during certification - you have a problem.
Migration to Oracle Cloud as “solution”. Oracle offers: “Move to Oracle Cloud Infrastructure, and we’ll close the audit.” Sounds attractive, but: (1) OCI prices may be higher than alternatives, (2) lock-in is stronger, (3) future audits may concern cloud usage.
BYOL (Bring Your Own License) complications. Oracle allows moving some licenses to cloud. But BYOL rules are complex - not all licenses qualify, core factors are different, some deployment models require additional licenses.
Support renewal as leverage. Oracle Support costs 22% of license value annually. Companies want to renegotiate or move to third-party support (Rimini Street, Spinnaker). Oracle uses audits to “remind” that without Oracle support you won’t get patches and will be vulnerable.
How to document compliance on an ongoing basis?
License Position Document (LPD). Maintain a current document showing: (1) what entitlements you own, (2) how they’re deployed, (3) how the calculation matches. Update with every infrastructure change.
Change management with license impact assessment. Every infrastructure change (new server, new VM, migration) should have a license impact assessment. Administrators must know their decisions have licensing implications.
Regular reconciliation. Quarterly compare deployed vs. entitled. Catch drifts before they become problems. Tool-assisted reconciliation is more accurate than manual.
Contract and correspondence archiving. Oracle agreements, purchase confirmation emails, old contracts from mergers - everything in one place, backed up, retention policy. You can’t rely on Oracle to provide your entitlements - you must have your own documentation.
Periodic third-party assessment. Every 2-3 years, an external auditor (not Oracle) verifies your position. Objective assessment without conflict of interest.
What changes does 2026 bring to Oracle’s audit approach?
Push on Java licensing. Oracle is intensifying Java SE subscription enforcement. Companies using Oracle JDK in production without a license are being targeted. Solution: migrate to OpenJDK (Adoptium, Amazon Corretto, Azul Zulu).
MySQL Enterprise audit exposure. MySQL is “free” in the Community version. But many companies use features requiring MySQL Enterprise. Oracle has started auditing MySQL deployments.
Cloud monitoring and usage-based licensing. In cloud and subscription models, Oracle has better visibility than with on-premise. Automated compliance checks may replace traditional audits - but also give Oracle more data.
Artificial Intelligence features. Oracle is adding AI to its products (Database 23c, OCI AI Services). Every new feature = potential new license line = new audit field.
Post-pandemic hybrid workplace. Employees work from home, from cafes, from various locations. Named User Plus licensing becomes harder to track. Oracle may challenge whether your NUP counts are accurate.
Table: Oracle audit preparation checklist
| Area | Action | Status | Priority | Responsible |
|---|---|---|---|---|
| Documentation | Gather all licensing agreements | ☐ | Critical | Legal/Procurement |
| Documentation | Archive POs and purchase confirmations | ☐ | Critical | Finance |
| Documentation | Entitlement list from Oracle (request officially) | ☐ | High | Account Manager |
| Inventory | Scan all Oracle installations (DB, Middleware, Apps) | ☐ | Critical | DBA Team |
| Inventory | Hardware mapping (processors, cores, types) | ☐ | Critical | Infrastructure |
| Inventory | Identification of enabled options and packages | ☐ | Critical | DBA Team |
| Virtualization | VMware/Hyper-V cluster configuration documentation | ☐ | Critical | Virtualization Team |
| Virtualization | Analysis if Oracle is on dedicated hosts | ☐ | High | Architecture |
| Java | Oracle JDK installation inventory | ☐ | High | Dev/Ops |
| Java | OpenJDK migration plan | ☐ | Medium | Architecture |
| Reconciliation | Deployed vs. entitled comparison | ☐ | Critical | SAM Team |
| Reconciliation | Gap identification and remediation plan | ☐ | Critical | SAM/Legal |
| Legal | Engage lawyer specializing in licensing | ☐ | High | Legal |
| Process | Designate SPOC for Oracle communication | ☐ | High | CIO |
| Training | DBA and admin training on licensing implications | ☐ | Medium | SAM Team |
An Oracle audit isn’t a random event - it’s a planned element of Oracle’s business model. Companies that are prepared, that understand their environment and have documentation - come out of audits with minimal costs. Those who are surprised - pay a premium.
Key takeaways:
- Self-audit regularly - don’t wait for Oracle to tell you what you have
- Virtualization is the most expensive mistake - Oracle + VMware requires licensing the entire cluster
- Database options must be consciously managed - enabled = licensed
- Documentation is defense - without papers you can’t prove what you bought
- Oracle scripts are a one-sided tool - run with caution
- The first claim is a negotiating position - you can always go lower
- Java after 2019 requires a license - migrate to OpenJDK
The best strategy is proactive compliance, not reactive defense. The costs of maintaining licensing order are a fraction of the costs of an unexpected audit.
ARDURA Consulting offers comprehensive Software Asset Management services with expertise in Oracle environments. We conduct independent license position audits, prepare companies for vendor audits, and represent clients in negotiations. Contact us before the next email from Oracle LMS.