Locations

Resources

Careers

Contact

Contact us

Java licensing

How Oracle Java Licensing Works

Java Licensing Explained 2025

How Oracle Java Licensing Works (2025 Guide)

Oracle Java licensing has become a critical concern for enterprises.

Once upon a time, Java was essentially free for commercial use, but today Oracle Java licensing involves paid subscriptions, new metrics, and complex rules that can catch companies off guard. Costs are rising, and compliance requirements are stricter than ever.

This 2025 guide explains how Oracle Java licensing works under the current models, what needs a license (and what doesn’t), the compliance risks to watch out for, and strategies to avoid audits or overspending.

By the end, you’ll understand why Java’s licensing changed, how to navigate Oracle’s rules, and how to protect your organization from Java licensing risk.

The Evolution of Oracle Java Licensing

Java’s journey from “write once, run anywhere” to “pay as you go” has evolved significantly:

  • Early Era – Free Public Java: For many years, Oracle (and its predecessor, Sun Microsystems) provided Java Standard Edition (Java SE) under a free license for general use. Businesses could download Oracle’s Java and use it in production without fees. Up until Java 8 (before 2019), Oracle’s Binary Code License (BCL) allowed free commercial use of the Oracle JDK in most scenarios. Licensing only applied to a few optional advanced features, so Java felt “free” for all.
  • 2019 – Introduction of Paid Subscriptions: Everything changed in 2019. Oracle ceased providing free public updates for Java 8 and later versions in commercial settings. They replaced the old free license with a more restrictive Oracle Technology Network (OTN) license for Java SE. Under the OTN terms, Java remained free only for certain uses (personal, development, testing), not for running business applications in production. If a company wanted to receive security updates or use Oracle JDK 8 or 11 in production after 2019, it had to purchase an Oracle Java SE Subscription. This marked the first time companies needed to budget for Java just to stay up-to-date and secure.
  • 2021 – The No-Fee Terms (NFTC) Experiment: In response to growing backlash (and competition from free OpenJDK alternatives), Oracle introduced No-Fee Terms and Conditions with the release of Java 17 (an LTS version) in late 2021. NFTC allowed organizations to use the latest Oracle JDK version in production, for free – but with a catch. The free use was time-limited: you could use Java 17 (Oracle JDK) with updates at no cost until one year after the next Long-Term Support release. In practice, that meant Java 17 was free with updates until around late 2024 (since Java 21, the next LTS, came out in 2023). After that grace period, if you wanted to keep using Java 17 with new patches, you’d need to pay for a subscription (or upgrade to Java 21 to stay on the free train). Oracle’s aim was to encourage constant upgrades to the latest Java version, giving a temporary free window for each LTS release.
  • 2023 – Employee-Based Licensing and Universal Subscription: January 2023 brought the most dramatic licensing change. Oracle retired its old Java SE Subscription model (which was based on per-user or per-processor licensing) and launched the Java SE Universal Subscription, an employee-based licensing model. Under this scheme, organizations must license Java for their total number of employees. This count includes all full-time employees, part-timers, temporary staff, and even contractors/consultants working for the company. In other words, if any part of your business uses Oracle’s Java, you now need to buy enough licenses to cover every single employee in the organization – regardless of how many actually use Java. Oracle pitched this as a “simpler” model (one company-wide metric, no need to count devices or specific installations), effectively an unlimited enterprise license keyed to headcount. However, many companies experienced cost shock at this change. For organizations that previously only paid for Java on a subset of servers or users, being told to pay for all employees felt like a massive price hike. (For example, a company with 5,000 employees that only had Java on a few hundred servers suddenly would need to pay for 5,000 licenses under the new model.) Oracle’s official stance is that this simplifies compliance, but it undoubtedly shifts most customers to a higher level of spending. Existing Oracle Java subscribers were initially allowed to renew on the old model for a short time, but Oracle made it clear that those legacy agreements would be phased out. By 2025, virtually all new Java licenses must be acquired through the employee-based subscription.

In summary, Oracle Java licensing has evolved from a free public update model to a paid subscription model in 2019 and is now transitioning to an employee-based enterprise subscription model.

Oracle’s motivation is partly revenue-driven and partly control-oriented – ensuring customers either continue to upgrade or pay up. Understanding this evolution is crucial to comprehending why costs are rising and the rules that apply today.

Oracle Java Licensing Models Explained

Oracle now has a few different licensing models in play (though not all are available to new customers). Let’s break down the main Java licensing models and how they work:

Legacy Perpetual Java Licenses (Java SE Advanced/Suite)

Before subscriptions, Oracle sold Java SE licenses much like any other software: as perpetual licenses with optional support.

Products like Java SE Advanced or Java SE Suite could be bought outright (one-time cost per user or processor), and you’d pay annual support for updates.

These licenses included rights to use certain commercial features (such as Java Flight Recorder and Mission Control) and to receive patches for older Java versions.

  • If your company purchased Java SE licenses years ago and kept up with support, you may still have a valid perpetual license to run specific versions of Java internally. For example, a company might have bought Java SE Advanced licenses to cover Java 8 usage. Those licenses are yours to use indefinitely (for the covered versions) even if Oracle is no longer selling them. However, if you need to upgrade to newer Java versions or want ongoing updates, Oracle will likely encourage you to adopt the subscription model. Perpetual Java SE licenses are now considered “legacy” – Oracle stopped selling them to new customers once the subscription model was introduced.
  • Important: A perpetual license doesn’t mean free updates forever. It just gives you the right to run the software. To receive continued patches/support, you needed an active support contract. If you let support lapse, you can still use the software version you have, but you won’t get any security fixes. Many organizations with old Java SE licenses found themselves stuck on Java 8 without updates, unless they paid for the new subscription.

Oracle Java SE Subscription (2019–2022 Legacy Model)

From 2019 until early 2023, Oracle’s main offering was the Java SE Subscription.

This was a paid subscription model that charged based on specific usage metrics:

  • Named User Plus (NUP): Similar to other Oracle software licensing, this metric counted the number of named users or devices running Oracle Java. You needed a license for each person or each desktop that had Oracle Java installed. (Oracle often required a minimum of 25 NUP licenses per server as a rule, borrowed from their database licensing policies.) For example, if 100 employees’ PCs had Oracle Java or 100 developers used it, you’d need 100 NUP licenses (subject to minimums).
  • Processor (Per-Core on Servers): This metric applies to Java installations on servers (e.g., back-end systems or application servers running Java applications). You had to license each processor (CPU) on those servers, using Oracle’s standard core factor calculations. For instance, if a server had 8 CPU cores, you might need 4 processor licenses (after applying Oracle’s core factor, which depends on CPU type). This covered any number of users on that server.

Pricing (Legacy Subscription): Oracle’s list price for the Java SE Subscription was roughly $30 per named user per year, or a few thousand dollars per processor per year.

In practice, a Java SE Subscription for an average company typically costs $2.50 per user per month, or approximately $25 per server per month (varying by CPU). These subscriptions bundled the license and support: as long as you paid, you could use Oracle Java in production and get all the updates. If you stop paying, you will lose the right to use new updates.

The big advantage of this legacy model was flexibility – you only paid for the specific users or systems that needed Oracle Java. Companies with limited Java usage could keep costs relatively low under this scheme.

Java SE Universal Subscription (Employee-Based Model, 2023–Present)

In 2023, Oracle replaced the above metrics with a single, enterprise-wide metric: per-employee licensing.

The Java SE Universal Subscription requires a company to count all its employees (and equivalent workers) and buy a subscription for that total number.

  • Who counts as an “Employee”? Oracle’s definition is broad. It includes all full-time and part-time employees, as well as temporary workers, contractors, consultants, and anyone working for the company or its subsidiaries in any capacity. In essence, if they use a computer and work for your organization, they count. Oracle uses the employee headcount at the time you purchase the subscription (typically a snapshot of your HR count when you sign the order).
  • What does it cover? The Universal Subscription gives you the rights to use Oracle Java on unlimited devices and servers across your organization, for any internal use, as long as you maintain an active subscription for the full employee count. You no longer have to track exactly which machines have Java – you’re covered to deploy it anywhere (inside the company) once you’ve licensed all employees. It’s like a site-wide license keyed to people instead of machines.
  • Impact on costs: This model greatly simplifies compliance management (eliminating the need to track every installation or CPU), but it can also dramatically increase costs. If only a fraction of your staff uses or benefits from Java, too bad – Oracle still charges for everyone. A small firm with 200 employees will pay for 200 even if only five developers use Java. A large enterprise with 20,000 employees is responsible for all 20,000 employees, even if Java is only critical to one business unit. The result is that many companies will see two to five times higher Java licensing costs under the new plan compared to the old model. Oracle justifies this by saying it covers you everywhere and improves security (because you can update Java on all systems freely). Still, for budget holders, it feels like a hefty “Java tax” on your entire workforce.
  • Legacy renewals: Oracle initially allowed existing subscribers on the NUP/processor model to renew their contracts, but with certain conditions attached. Renewals required proving your usage still matched the old counts, and Oracle often only granted one last renewal. By late 2023, sales representatives were refusing to quote renewals for old models and instead pushing customers to switch to the employee-based deal. The writing on the wall: in the future, all customers will eventually be moved to the employee metric. Only those with limited-time legacy deals or grandfathered contracts are exempt – and those are expiring soon.

In summary, today’s Oracle Java licensing model of choice is the employee-based subscription. It’s effectively an all-you-can-eat license but charged per headcount. Understanding these models is crucial for planning: if you’re stuck on the new model, you’ll want to manage that cost, and if you’re still on an old agreement, you’ll need a strategy for when Oracle forces you to change.

What Requires an Oracle Java License (and What Doesn’t)

A common question is “When do I need to pay Oracle for Java?” The answer depends on which Java you use and how you use it.

Here’s a breakdown of scenarios:

  • Using Oracle’s Java in Production (Internal Business Use): If you deploy Oracle’s Java SE (the Oracle JDK or JRE) in a production environment for business operations, you almost certainly need a license. This includes running Java on servers that support your business applications, or on employee desktops for internal tools, beyond the scope of “personal use” or evaluation. For example, running a customer-facing web application on Oracle Java 8 or Java 11 now requires a subscription (since public free updates for those ended). Similarly, if you continue using Oracle JDK 17 in production after its no-fee period has expired, you need to pay for updates/support, or you’ll be out of compliance.
  • Development, Testing, and Non-Production Use: Oracle permits free use of Oracle Java in development and test environments. Under both the OTN and NFTC licenses, developers and testers can download and use Oracle JDK for free for writing code, testing, or proof-of-concept work. This means if your team is just using Java in an IDE, on build servers, or in QA environments, you do not need to pay Oracle for that usage. The caveat is that this only covers non-production work; if those systems start handling live business transactions or users, the line between production and non-production work blurs. Additionally, if you need to apply critical security patches to your development or test Java installations (beyond those publicly available), only paying customers receive the very latest patches. But generally, developing and testing with Oracle JDK is free of charge.
  • Personal and Educational Use: Java remains free for personal, non-commercial use. If an individual at home is using Java to play games, learn programming, or run a personal project, Oracle doesn’t require a license. Students, hobbyists, or anyone running Java on their PC for non-business purposes can use Oracle JDK without paying. This “personal use” exemption is explicitly allowed in Oracle’s licenses. In short, Oracle isn’t going after individual casual users – the focus is on business and commercial use.
  • Latest LTS Version During its No-Fee Period: Thanks to the NFTC license, the most current Long-Term Support (LTS) release of Oracle Java can be used in production for free until its grace period ends. For instance, in 2025, Java 21 is an LTS release under NFTC. A company could choose to run Java 21 in production without a paid subscription throughout its no-fee support window (which lasts until one year after Java 25 comes out). However, this is a temporary free ride. When that period is over, continuing to run Java 21 would require paying Oracle or upgrading to Java 25. Yes, there is a way to use Oracle’s own JDK for free in production, but it requires frequent upgrades to stay on the always-current LTS. Many organizations struggle to sustain this for enterprise apps, which is precisely why Oracle expects them to eventually pay for a subscription to receive extended support.
  • Using OpenJDK or Third-Party Java Distributions: Not all Java comes from Oracle. The OpenJDK project produces free, open-source Java implementations. There are many free Java distributions (Eclipse Temurin, AdoptOpenJDK/Adoptium, Amazon Corretto, Azul Zulu, IBM Semeru, etc.) that are Java SE compliant. If you use one of these in production, you owe Oracle nothing. OpenJDK is still free to use under the GPL license. Oracle itself provides OpenJDK builds for each release, which are free to use (although they are only updated for six months after the release). The key is that using a non-Oracle distribution (or any Java under an open-source license) means Oracle’s commercial terms do not bind you. Many companies have adopted this route to avoid Oracle fees. Note: You are responsible for managing updates/patches yourself or through a support contract with another vendor; however, the licensing cost to Oracle is zero.
  • Oracle Products That Include Java: An Important Exception – Oracle allows certain of its software products to include a Java SE runtime without requiring separate licensing. This is often referred to as “Oracle Approved Product Use.” If you are using Java solely to run another Oracle product that you have licensed, you might not need a standalone Java license. For example, Oracle WebLogic Server, Oracle Database, Oracle E-Business Suite, and many other Oracle applications bundle Java or rely on it. Oracle’s policy is that if Java is only being used as part of the licensed operation of those products, then the Java usage is covered under that product’s license. They publish lists (Schedule A and B) of products that convey Java SE rights. Important: This exception is narrow – it only covers using Java within the context of those specific Oracle applications. It doesn’t mean you can use that Java installation for other non-Oracle apps, and it doesn’t cover general use of Java in your environment. But if, say, WebLogic or Oracle Forms installs Java, you typically don’t need a separate Java SE subscription for that instance as long as it’s exclusively used for the Oracle app.
  • Embedded or Redistributed Java: If your company distributes software or devices that include Java, the rules tighten. You cannot take Oracle’s Java runtime and embed it into a product you ship to customers (or hardware you sell) without a special license. Oracle has separate “Java Embedded” licensing for this scenario, often involving royalty agreements. For example, suppose you were manufacturing a smart appliance or an ATM that runs Java internally. In that case, you’d need to negotiate an embedded Java license with Oracle (or use an open-source Java with more permissive terms). Simply bundling the Oracle JRE with your commercial software installer for convenience would violate Oracle’s license, unless you have a valid agreement in place. In summary: internal use is one thing, but any distribution of Oracle Java outside your organization (even for free) requires permission from Oracle.
  • Cloud Environments: Running Oracle Java on a cloud VM (Amazon AWS, Azure, Google, etc.) does not exempt you from licensing. The cloud provider doesn’t cover Oracle licenses unless it’s Oracle’s cloud. So if you deploy Oracle JDK on an AWS EC2 instance for your application, that is treated the same as an on-premises server – you need a license. One notable exception is Oracle Cloud Infrastructure (OCI), which grants customers usage rights for Java. Oracle allows you to use Java on OCI services without an additional Java subscription, presumably as a perk for choosing their cloud. However, on AWS, Azure, and other platforms, Java is “BYOL” (Bring Your License).

To summarize, Oracle Java licensing requirements in 2025 boil down to this: Using Oracle’s JDK for business or commercial purposes generally requires a paid license unless you stick to the latest version’s free period or only use it in dev/test/personal contexts.

There are also carve-outs if Java is used within Oracle’s products or if you opt for open-source Java alternatives. Knowing these boundaries can help you avoid accidentally running afoul of Oracle’s rules.

Compliance Risks in Oracle Java Licensing

Oracle’s Java policies have introduced new compliance risks that many IT teams and procurement departments aren’t fully aware of. Here are the common pitfalls and risk areas to watch:

  • All-Employee Licensing Gotchas: Under the new employee-based model, a significant risk is miscounting or misunderstanding the definition of an “employee”. Oracle expects you to license every human worker associated with your company. A compliance issue can arise if, for example, you only count full-time staff but exclude contractors, interns, or overseas employees – Oracle will consider this under-licensing. Conversely, some companies mistakenly think they can just license the subset of employees who use Java. In Oracle’s eyes, that’s not allowed with the Universal Subscription; if you’re using Oracle Java at all (outside exempt scenarios), you need to cover everyone. During audits, Oracle will scrutinize your company’s headcount, and any discrepancy (e.g., HR records vs. what you licensed) can trigger a non-compliance finding.
  • Untracked Java Installations: Java has been around a long time, and Oracle JDK might be lurking in your environment in places you don’t realize. A major compliance risk is incomplete visibility – for example, an administrator years ago installed Oracle Java 8 on a server, and it remains there, receiving occasional use. Still, no subscription has been purchased for it. Or a developer downloaded Oracle JDK 11 for a tool on a test box that later became a production system. If these installations go unnoticed, your organization may be out of compliance without realizing it. Oracle’s auditors often find Java in unexpected places during a review. Not having a proper inventory of where Oracle Java is used is risky.
  • “Free” Environments Bleeding into Production: While the use of Oracle Java for development and testing is free, a common mistake is blurring the line between test and production environments. For instance, a company might set up a “testing” server with Oracle JDK and not license it, but over time that server starts handling some live data or user traffic (essentially becoming production). Or a developer’s machine with Oracle JDK (allowed for development) might also host a small internal app for a team to use (which is a business use). In an audit, Oracle may classify those scenarios as unlicensed production deployment. It’s important to strictly segregate non-production use and ensure test/dev instances aren’t repurposed in ways that violate the license terms.
  • Indirect Java Usage: Java is often bundled inside third-party applications. An “indirect” usage risk is when you run software that includes Oracle’s Java without realizing it. For example, an enterprise application you use may have shipped with an Oracle JRE in its installation package, or a vendor may have required you to download Oracle JDK as part of their product setup. You might assume the vendor took care of licensing, but that’s not always the case. Oracle can hold you responsible if the Oracle JDK is running in your environment without a license, even if it was included with another software package. Always verify if any third-party app uses Oracle Java, and if so, whether the third party’s agreement covers that usage or if you need your license. (Many software vendors have switched to bundling OpenJDK to avoid this issue, but not all.)
  • Staying on Outdated Java Versions: Some organizations attempt to avoid Oracle subscriptions by staying on older Java versions without updates. This is a double risk: first, it’s a security risk (running Java with known vulnerabilities). Second, if they do need a critical update and download a post-2019 Oracle patch without a subscription, they instantly violate licensing. We’ve also seen cases where a team unknowingly downloaded an Oracle Java update for an older version from Oracle’s site (not realizing it wasn’t free). Later, Oracle’s records flag that download, and the company receives an audit notice. In short, relying on “staying on Java 8 forever” or using Oracle’s updates without a contract is a dangerous approach.
  • Mixing Oracle and OpenJDK without Clear Policies: Many companies are now hybrid, using open-source Java for most applications and Oracle Java for a few specific cases. This can lead to confusion in compliance. If administrators aren’t careful, an Oracle JDK could accidentally be deployed where an OpenJDK was intended. Or someone might apply an Oracle-supplied patch to an OpenJDK installation (which could arguably bring license implications). The compliance risk is not so much the mix itself, but the lack of clear policies. Organizations should document and communicate: “We do not use Oracle Java except for X systems,” and ensure no one strays from that plan without approval. Otherwise, Oracle could find one instance in your sea of OpenJDK and use that to claim you owe licenses enterprise-wide.
  • Employee Count Changes and M&A: Because the new licensing is tied to headcount, company changes can create compliance issues. If your workforce grows significantly but you haven’t informed Oracle or adjusted your subscription, you might be deemed non-compliant (you licensed fewer employees than you have now). Mergers and acquisitions are a big one – if you acquire a company and suddenly add their employees (who are now using Java under your agreement), Oracle will expect you to true-up the license count. It’s wise to factor Java licensing into due diligence and post-merger integration, so you don’t get hit with a surprise bill.

Overall, Oracle Java compliance risks often boil down to a lack of visibility and assumptions. Companies often assume that “Java is just free,” overlook outdated installations, or fail to fully read the fine print regarding employee metrics. Oracle’s auditors are actively looking for these gaps.

To stay safe, treat Java like any other licensable software: track it diligently, educate your teams on what’s allowed, and don’t assume you’re too small or obscure to be noticed (Oracle is actively monitoring downloads and usage).

Oracle Java Licensing Costs

One of the biggest concerns for organizations is the cost of Oracle Java licensing under the new model and how it compares to previous arrangements.

Here’s a breakdown of the cost factors:

  • Java SE Universal Subscription Pricing (2025): Oracle’s Java subscription is sold in tiers based on the number of employees. At list prices, it starts at $15 per employee per month for smaller organizations, and the rate per employee decreases at higher volumes. For example, at 1,000 employees, the price might drop to around $12 per employee/month; at 3,000 employees, about $10.50 each; at 10,000 employees, $8.25; and for very large enterprises (40,000+ employees), around $5–6 per employee/month. In other words, a company with 500 staff would pay roughly $90,000 per year (500 × $ 180 × 12). A company of 10,000 employees would pay approximately $990,000 per year at the list price. The lowest published tier (around 50,000 employees) works out to roughly $5.25 per head/month. Oracle may offer additional discounts for even larger companies, but these are negotiated individually. Note: These are recurring annual costs – as a subscription, you pay every year to continue using Oracle Java and receive updates.
  • Example – Sticker Shock in Action: To illustrate the impact, consider a firm with 28,000 employees. Under the new model, at roughly $6.75 per employee/month (the tier they’d fall into), that’s about $2.3 million per year in Java licensing. Many companies of that size were paying far less under the old model (perhaps they only licensed 5,000 Java users, or a certain number of servers). This is why the new pricing has caused alarm – it can dramatically increase spend if your Java usage was previously limited. Industry analysts and Oracle licensing experts have noted that companies may end up paying two to five times more for Java with the employee metric than they did previously.
  • Legacy Subscription vs. New Subscription Costs: Under the legacy per-user/processor model, costs were proportional to usage. If you only needed 100 user licenses and a handful of server licenses, you might have been spending maybe $50k/year or less on Java. Now, even a mid-sized company with 5,000 employees has to spend at least $5 * 5,000 * 12 = $ 300,000 per year (assuming a lower-tier rate). The result is that many organizations feel they are overspending – paying Oracle for a license entitlement far bigger than their actual Java footprint. If a company licenses all employees but only, say, 10% actively use Java, the other 90% of those licenses are effectively shelfware (unused licenses). This inefficiency is a big point of contention.
  • Hidden Costs of Not Licensing: On the flip side, some might think, “Okay, we just won’t pay Oracle and keep using Java.” It’s essential to weigh the risks and costs. Suppose you remain on an old Java version without updates or use Oracle JDK without a subscription. In that case, you risk security breaches (which have their costs) or an audit finding you unlicensed (leading to back payments or legal costs). Another cost factor is operational: you can avoid Oracle fees by using OpenJDK, but you may need to invest in migrating systems and testing new Java versions frequently (to stay on the free Long-Term Support, or LTS), or possibly purchase support from a third-party for those alternatives. These costs are usually far lower than Oracle’s price tag, but they exist and should be budgeted (e.g., paying a support vendor like Red Hat or Azul for Java fixes).
  • Budgeting for Java: The key point is that Oracle Java now requires a budget line in a way it didn’t before 2019. Enterprises should forecast their Java subscription costs just like they do for databases or any major software. And because the model is subscription-based, expect Oracle to raise prices over time or at renewals (Oracle might lock prices during a term, but at renewal, nothing stops an increase). It’s wise to negotiate multi-year commitments or caps on price increases, if possible, to manage long-term costs.
  • Overspend and Optimization: Many companies are actively seeking to optimize Java licensing costs, as they believe Oracle’s blanket approach leads to overspending. Some strategies include reducing the employee count scope (if possible), using fewer Oracle Java instances, or switching parts of the organization to OpenJDK so they can potentially buy a smaller subscription just for a critical subset (though Oracle’s standard terms don’t allow splitting up the count – some companies create a separate subsidiary for Java-heavy operations to license only that entity’s employees, as a workaround). The bottom line is that Java has become a significant IT expense for many firms, and managing this cost is now a priority.

In short, Oracle Java licensing costs in 2025 can be substantial, especially under the new model. Sticker shock is common, but with careful planning (and alternatives, as discussed next), organizations can avoid unnecessary spending.

Remember that not paying Oracle doesn’t mean cost goes to zero – it means you may invest in other solutions, but those will typically cost far less than millions per year.

How Oracle Enforces Java Licensing

Oracle has a well-known aggressive approach to auditing its software customers (databases, middleware, etc.), and Java is no exception now. Here’s how Oracle enforces Java licensing and what to expect:

  • “Friendly” License Check-Ins: Oracle often initiates Java compliance checks subtly. You may receive an unsolicited email or call from an Oracle account manager or “Java license specialist” stating something like, “We’d like to discuss your Java usage and ensure you’re aware of the latest security updates.” This is often presented as a courtesy or informational call – not explicitly an audit. Don’t be fooled; it’s usually the first step of an audit process. They may ask which Java versions you use, how many installations you have, and whether you’ve purchased the Java SE subscription. They might even mention, “We noticed your company email domain downloaded Java from Oracle’s website recently,” as a hint that they have access to your data. Tip: Treat these inquiries carefully. You are under no obligation to volunteer detailed info just because they ask. Many experts recommend not running any Oracle-provided “Java usage” tools or scripts unless legally compelled, and not disclosing more information than necessary, because Oracle can and will use any information you provide to build an audit case.
  • Oracle Tracks Downloads: How does Oracle even suspect companies of using Java? One way is through Oracle’s download site. Since 2019, downloading the Oracle JDK/JRE has typically required logging in with an Oracle account. Oracle tracks those downloads, recording the account, company (if the email is corporate), IP address, Java version downloaded, and other details. They have years of data on which organizations have been downloading Oracle Java (especially versions that would require a subscription). If, say, someone at YourCompany downloaded Java 8 update 281 in 2021, Oracle knows that and knows that update wasn’t free for commercial use. They use this to identify targets. Even if you have never bought any Oracle product before, if your team has been pulling Java downloads, Oracle’s License Management Services (LMS) has you on its radar.
  • Escalation to Formal Audits: If initial inquiries suggest that you may be using Oracle Java without a license, Oracle can escalate the matter. This may involve their GLAS (Global Licensing and Advisory Services) or compliance team sending a more formal notice. Sometimes it’s still phrased as “let’s work together to review your deployments,” but it can quickly feel like an audit. Oracle can invoke audit clauses in any existing contracts you have with them (some customers are surprised to learn that even a contract for Oracle DB or another product can give Oracle audit rights across all Oracle software, potentially including Java usage). Even if you have no contracts, Oracle might assert copyright infringement if you’re using its software without permission. In these escalated communications, Oracle will often request a detailed list of all Java installations, versions, and usage in your environment. They may push you to run a Java discovery tool or script. This is the stage at which you should involve your legal counsel and possibly outside licensing experts – it’s essentially an audit and can lead to serious financial claims.
  • Shocking Compliance Bills: Oracle’s audit playbook often involves presenting a substantial bill to capture your attention. For Java, they often calculate a worst-case cost if you had to license your entire company retroactively. For example, they might say, “We discovered Oracle Java on 200 servers and 1000 PCs. Under our employee licensing program, you are required to license all 10,000 employees. That’s $X million per year, plus $Y million for back support since 2019 when you started using it without a license.” These numbers can be jaw-dropping, sometimes running into millions of dollars, even for mid-sized firms. Oracle does this to create a sense of urgency and fear, so that management will scramble to find budget and sign a deal quickly. Often, they’ll follow up the shock number with a “settlement” offer – e.g., if you agree to purchase a subscription now (for future use), they won’t charge you for past unlicensed use or they’ll waive penalties. This is presented as a generous concession, but it also locks you into future payments.
  • Pressure Tactics: Oracle’s sales and compliance teams are known to apply pressure from multiple angles. If an IT manager or SAM manager is slow to respond to a Java audit, Oracle will not hesitate to reach out to higher-ups. It’s not uncommon for Oracle representatives to contact your CIO, CFO, or even CEO, portraying the situation as a serious legal compliance issue that requires executive attention. They will impose deadlines (“resolve this in 30 days or we escalate further”) and hint at legal consequences. They may also threaten to terminate other Oracle agreements or support if you’re in breach (for example, leveraging an Oracle Database support contract: “We could suspend your support due to this license violation”). All of this is intended to put you at the negotiation table under duress.
  • Auditing Beyond Oracle JDK: Note that Oracle’s interest isn’t only if you directly installed Oracle JDK. They might also ask about other Java distributions in use. We’ve heard of cases where Oracle inquires whether companies are truly using only OpenJDK, perhaps looking for any Oracle components in the mix. While Oracle can’t charge you for OpenJDK, they want to ensure that no Oracle downloads are hiding in there. This is why being very clear internally about not using Oracle’s binaries is important if you claim to be an “Oracle-free Java shop.”
  • Legal Enforcement: If a company flat-out refuses to comply or negotiate, Oracle can (and in rare cases, has) pursue legal action for unlicensed use. Typically, it won’t get to court – the threat is enough. But companies should understand that Oracle Java, despite being “just a programming language runtime,” is covered by intellectual property rights. Using it beyond the license terms is, in Oracle’s view, similar to pirating software. This is why ignoring Oracle’s audit requests isn’t a wise strategy; it won’t simply go away and could escalate to a formal dispute.

Oracle’s enforcement of Java licensing in recent years has become very assertive. They are proactively hunting for non-compliance, using data and audits as leverage to drive sales of the Java subscription. It’s a classic Oracle move (database admins will nod in recognition). The key takeaway: treat Oracle Java like any other Oracle software – with strict attention to license compliance – because Oracle is certainly treating it that way.

(For a deeper dive into handling audits, see our guide on preparing for an Oracle Java audit and compliance defense strategies.)

Strategies to Reduce Oracle Java Licensing Exposure

Given the high costs and aggressive enforcement, what can enterprises do to manage or minimize their Oracle Java licensing exposure?

Here are several strategies and best practices:

  • 1. Inventory All Java Usage: Start with a thorough audit of your own. Identify every instance of Java running in your organization – which versions, which vendor distributions, on which systems. You need a clear understanding of how much Oracle Java you’re using (versus OpenJDK or other alternatives). This inventory lets you know your true risk and needs. Many organizations are surprised to find old Oracle JREs on servers or developer machines that can be eliminated. Use configuration management tools or software asset management solutions to detect Java installations. This serves as the foundation for any subsequent action.
  • 2. Determine Your Requirements: Not every Java installation truly requires Oracle’s version. Analyze whether you need Oracle JDK in each use case. Are you using any Oracle-only Java features or tools? In many cases, the answer is no – your applications will run just fine on an open-source Java runtime. Identify the systems that might require Oracle (for example, a legacy application that was only certified on Oracle’s JDK, or the use of a commercial feature like Java Mission Control). Often, the vast majority of Java usage has no such dependency and can be fulfilled by alternatives.
  • 3. Switch to Open-Source Java (where possible): One of the most effective ways to eliminate Oracle licensing risk is to standardize on a free Java distribution. Options include Eclipse Temurin (Adoptium), Amazon Corretto, Azul Zulu, IBM Semeru, Red Hat OpenJDK, and others. These are all based on OpenJDK and are TCK-tested for Java SE compliance. Replacing Oracle JDK with one of these on your servers and desktops means you no longer need an Oracle license for those systems. Many organizations have successfully migrated their Java workloads to OpenJDK builds. It’s generally a drop-in replacement for Oracle JDK, particularly for Java 8 and later versions. Ensure that you choose a distribution that offers the support you need (for example, some offer paid support options or longer patch availability). By removing Oracle JDK from the environment, you significantly reduce audit risk and ongoing costs. This strategy should be at the top of the list if you’re concerned about the new employee-based fees.
  • 4. Use Oracle’s Free Java Strategy (Carefully): If you do prefer to stick with Oracle’s JDK for technical reasons, consider leveraging the no-fee LTS periods to your advantage. This means planning upgrades to the latest Java version on a regular cadence. For example, if you were on Java 11, you could upgrade to Java 17 when it was released (free until 2024), then plan to move to Java 21 by 2024 (free until 2025/2026), and so on. Essentially, you never pay, but you’re always one LTS ahead. This approach requires discipline: you need to test and ensure your applications are compatible with the new versions frequently. Some organizations with modern CI/CD pipelines and automated testing find this feasible. Others, especially with large legacy systems, struggle to upgrade Java every couple of years. Warning: If you attempt this strategy, monitor Oracle’s timelines closely to avoid accidentally running an out-of-free-support Oracle JDK in production. Missing the upgrade window by a few months could put you out of compliance.
  • 5. Negotiate with Oracle Proactively: If you determine that you do need Oracle Java (perhaps for a subset of critical systems or certain advanced features), it’s often better to engage Oracle on your terms rather than wait for an audit. Contact Oracle sales and discuss your Java licensing needs, but do so armed with knowledge: know how many servers or applications truly need Oracle JDK, and know your employee count (so they can’t inflate it). In some cases, you may negotiate a smaller scope deal – for example, Oracle has been known to offer licensing that covers a specific business unit or excludes certain groups, such as part-time workers. However, these are exceptions, typically reserved for large deals. Even if you can’t change the metric, you may be able to negotiate a price discount or a more favorable tier. Also, try to negotiate protections on renewals (no big price hikes, etc.). Proactive negotiation also gives you a chance to get things like an agreement on how future employee count changes will be handled. By approaching Oracle before an audit, you can negotiate without the pressure of an alleged compliance violation hanging over you. Just be cautious not to reveal more than necessary – you don’t want to inadvertently trigger an audit by saying the wrong thing. Stick to “we are evaluating our options and might be interested in a Java subscription, but need to understand the terms.”
  • 6. Consider Third-Party Java Support: If your organization values long-term support and security patches for Java but doesn’t want to pay Oracle, an alternative is third-party support vendors. Companies like Azul, IBM, and Red Hat (among others) provide builds of OpenJDK and offer enterprise support contracts for them. The cost of these contracts is typically significantly less than Oracle’s subscription, and you get access to timely patches for, say, Java 8 or Java 11 beyond Oracle’s public timelines. This way, you can run a stable older Java version with paid support, without dealing with Oracle. It’s a middle ground between going entirely free (and doing self-support or rapid upgrades) and paying Oracle’s premium. Ensure the vendor’s support meets your needs (patch quality, promptness, etc.). Many large enterprises have adopted this approach to maintain critical systems on a stable Java version with ongoing support, thereby eliminating the need for Oracle.
  • 7. Manage Legacy Java Contracts Wisely: If you still have a legacy Java SE subscription (NUP/processor-based) that’s active, start planning now for its end. Oracle may or may not allow another renewal on those terms. Don’t assume you can extend it at the last minute. Evaluate the options: Will you migrate those systems to OpenJDK by then (so you can let the subscription go)? Or will you be forced into the employee-based deal? If the latter, obtain quotes early to budget for it and consider negotiating a transition deal. Sometimes Oracle might offer a temporary discount or a phased approach if you’re a longstanding customer moving to the new model – but only if you bring it up and have a plan. The worst situation is letting the contract lapse without a replacement plan; Oracle could consider you unlicensed the day after expiration.
  • 8. Educate and Establish Policies: Make sure your IT staff and developers know about Oracle Java licensing rules. It’s essential to implement policies such as: Do not download Oracle JDK or JRE for any server or production use without prior approval. Encourage the use of open-source Java for everyday needs. If developers are accustomed to downloading the Oracle JDK from the website out of habit, that habit needs to be curbed. Provide internal repositories or links for approved OpenJDK builds. The more Oracle Java downloads you prevent, the lower your audit risk. Additionally, train teams on how to respond if Oracle reaches out with questions – typically, route those inquiries to a central person (such as a license manager or legal) rather than letting an engineer answer them casually.
  • 9. Prepare for the Worst (Audit Readiness): Given the high audit activity, have a plan in place before Oracle knocks. This includes knowing who in your organization will handle audit requests, having outside counsel or licensing experts identified, and having your Java usage data ready. Some companies conduct an internal “mock audit” or hire a consultant to simulate what Oracle would likely find and claim. This allows you to address any glaring issues (e.g., uninstalling Oracle JDK where not needed, or purchasing a small subscription for a specific set of systems if truly necessary) discreetly on your terms. If Oracle does start an audit, you’ll be glad you prepared: you can respond calmly and factually, rather than scrambling and potentially over-sharing data.
  • 10. Keep Java Security in Mind: While cost and compliance are the focus, don’t lose sight of why you had Oracle Java in the first place – probably for stability and security updates. If you drop Oracle support, ensure you have a process to keep Java updated, either by upgrading versions or applying third-party patches. Outdated Java can lead to vulnerabilities, which could result in emergencies that Oracle would gladly capitalize on (imagine needing to urgently patch a critical CVE in Java 8 – if you have no support, you’re in a tough spot). So include your security team in these strategy discussions. The goal is to save money and stay secure/compliant, not one or the other.

By implementing these strategies, enterprises can significantly reduce their exposure to Oracle Java licensing. Many organizations have successfully avoided multi-million dollar bills by migrating to alternatives or negotiating smartly with Oracle.

The key is to be proactive: take control of your Java usage and licensing stance now, rather than waiting for Oracle to dictate the terms. In the end, you want to use Java on your terms – either free or at a reasonable cost – and avoid surprises.

(For more detailed guidance on optimizing Java licensing and negotiating with Oracle, refer to our in-depth articles on Java cost optimization and Oracle negotiation strategies.)

FAQ — Oracle Java Licensing Questions (2025)

Finally, let’s address some frequently asked questions about Oracle Java licensing in 2025:

Q: Do all employees need to be licensed under Oracle Java?
A: If you choose Oracle’s Java SE Universal Subscription, yes. The current model requires licensing based on the total number of employees, not the number of Java users. So even if only 50 people in your company use Java, Oracle’s standard contract says you must license every employee (full-time, part-time, and contractors). There is no official “partial coverage” option for the subscription. The only exceptions would be if you are still on a legacy user-based agreement (no longer sold to new customers) or if you confine Oracle Java usage to a separate subsidiary and license just that entity’s employees. In general, assume that one Oracle Java use = licenses for the whole organization under Oracle’s rules.

Q: Is OpenJDK still free to use?
A: Yes – OpenJDK and various Java distributions built on OpenJDK are free to use, even in production. The OpenJDK project is licensed under the GPL license (with a classpath exception), which allows for commercial use without fees. Many companies and even Oracle’s competitors provide free Java binaries that you can use as an alternative to Oracle’s JDK. There is no Oracle support available for those, but you can either self-support or purchase support from third parties as needed. Therefore, OpenJDK is a safe and legal way to run Java without incurring Oracle’s fees. Just be mindful of update availability: Oracle only updates its OpenJDK builds for 6 months after release. Other providers (like Eclipse Temurin or Azul) may offer longer support on OpenJDK builds, some for free and some with a paid support model. But bottom line: you can run Java without paying Oracle by using non-Oracle sources.

Q: How does Oracle calculate “employee count” for Java licensing?
A: Oracle’s employee metric counts pretty much everyone on your payroll (and more). It includes: all full-time employees, part-time employees, temporary or seasonal workers, and any contractors or consultants that are working for you (especially those who have access to your systems). Essentially, if an individual works for the organization in any capacity, Oracle wants them counted for the Java subscription. The count generally refers to the number of employees at the time the subscription order is signed. (If your count grows later, you’re expected to inform Oracle and possibly true-up at renewal; if it shrinks, you typically don’t get money back until maybe renewal adjustments.) Oracle may reference official records or ask for an HR attestation to verify the number. There’s no technical tracking of employees – it’s an honor system backed by audit rights. Note that this count is usually per company (legal entity) or group of entities under the agreement. You can’t selectively omit a department or a subsidiary if they’re part of the covered organization, unless Oracle explicitly agrees in writing. Always check Oracle’s formal definition in the contract to be sure who is included.

Q: Can we still use our old perpetual Java licenses or previous Java SE subscriptions?
A: If your organization previously purchased Java SE licenses (e.g., Java SE Advanced) or had a Java SE Subscription under the old model, you may continue to use those as long as you adhere to their terms. Perpetual licenses enable you to use the licensed software version indefinitely; however, you will only receive updates until your support contract expires. You might be running Java 8 or Java 11 under a perpetual license – that’s fine, although you won’t receive new patches unless you have support. Similarly, suppose you have an active legacy Java subscription (user- or processor-based) and Oracle has allowed you to renew it. In that case, you can continue using Java under that agreement until it expires. The caution is that Oracle is phasing these out. They might not let you renew again, forcing you to upgrade to the new model. Any usage beyond the scope of the old contract (e.g., using more processors than licensed, or a version not covered) would break compliance. So, yes, you can use what you have, but be aware of end-of-renewal and ensure you don’t upgrade or expand usage without checking your license rights. Also, if you plan to stick with old licenses, make sure to formally certify or verify with Oracle what you’re entitled to – sometimes companies assume they have rights that they don’t (due to license limitations or geographic restrictions, etc.). In the long run, Oracle’s goal is to get everyone on the subscription, so hanging on to perpetual licenses may only delay the inevitable unless you move off Oracle Java entirely.

Q: How can we prepare for a Java licensing audit by Oracle?
A: Preparing for a Java audit is similar to preparing for any software license audit, with a few Java-specific tips:

  • Know your Java footprint: Document all Oracle Java installations (including versions, hostnames, and usage roles) in your environment. If you’ve migrated some to OpenJDK, note the date and ensure that no Oracle bits remain. This way, if Oracle asks, you have your records to compare against whatever they find.
  • Remove what you don’t need: If you find Oracle JDK installed somewhere, it shouldn’t be (and you don’t plan to license it), uninstall it or replace it with OpenJDK before Oracle comes knocking. It’s better to tidy up proactively than to argue about it later.
  • Don’t download Oracle software casually: In some cases, Oracle’s audit evidence starts with “we saw 15 downloads from your company.” Limit who can download Oracle JDK from their site and keep track of it. Use alternative sources for Java if possible to avoid leaving an Oracle trail.
  • Have a response team: Determine who internally will interface with Oracle auditors. Usually, this involves your software asset manager, legal counsel, and perhaps a third-party licensing advisor. Front-line IT staff should be instructed to forward any Oracle inquiries to this team and refrain from answering on their own.
  • Be cautious but cooperative: In an audit, you want to comply with your contractual obligations without providing extra information. Provide data that is requested in the scope of the audit notice, but avoid oversharing. Never run Oracle’s scripts in your environment without understanding exactly what they collect and considering the implications – you might generate evidence against yourself unnecessarily.
  • Leverage experts: If you’re not experienced with Oracle audits, consider hiring a firm or consultant that specializes in this area. They can help you navigate questions, push back on unreasonable requests, and negotiate any settlement from a position of knowledge. Oracle’s audit team does this every day; you want someone on your side who does too.
  • Plan your negotiation: Often, the “audit” ends with Oracle trying to sell you a subscription. Prepare in advance what your counteroffer or strategy will be. If you have truly eliminated Oracle Java except for one or two systems, you may consider buying a small subscription (if allowed) or arguing for a concession. If you plan to migrate off, maybe you negotiate a short-term license just to cover the transition. Have these plans ready so you’re not making decisions under panic.

In short, preparation is about visibility, cleanup, and having a game plan. The more you treat Java licensing proactively, the less painful an audit will be – and you might even avoid one altogether by showing Oracle you’re already properly licensed or not using their Java at all

Learn more about Java licensing changes in detail.

Read about our Java Advisory Services.

Java Licensing & Audit Warning for CIOs Stop Oracle from Charging You

Would you like to discuss our Java Advisory Services with us?

Please enable JavaScript in your browser to complete this form.
Name

Author

  • Fredrik Filipsson

    Fredrik Filipsson brings 20 years of dedicated Oracle licensing expertise, spanning both the vendor and advisory sides. He spent nine years at Oracle, where he gained deep, hands-on knowledge of Oracle’s licensing models, compliance programs, and negotiation tactics. For the past 11 years, Filipsson has focused exclusively on Oracle license consulting, helping global enterprises navigate audits, optimize contracts, and reduce costs. His career has been built around understanding the complexities of Oracle licensing, from on-premise agreements to modern cloud subscriptions, making him a trusted advisor for organizations seeking to protect their interests and maximize value.

    View all posts