Oracle Java Audits FAQs
Oracle Java SE Subscription Model (Post-2023)
1. Q: What changed in Oracle’s Java SE licensing model in 2023?
A: Oracle introduced a new employee-based licensing model in January 2023, replacing its old device- and processor-based licenses
Instead of counting installations or CPUs, Oracle requires companies to license Java for all their employees under the Java SE Universal Subscription.
Read about Oracle Java Audit.
2. Q: What is the Oracle Java SE Universal Subscription?
A: It’s Oracle’s all-in-one Java subscription plan launched in 2023. The Universal Subscription is a paid service, billed monthly or annually, that covers Java SE usage across desktops, servers, and cloud environments.
It includes access to Oracle’s Java updates, security patches, and support. It replaced the older Java SE Subscription offerings with a single enterprise-wide license.
3. Q: How does the new per-employee licensing metric work?
A: The Java SE Universal Subscription is licensed per employee. Oracle defines “employees” broadly – you must count every full-time, part-time, temporary employee, and relevant contractor in your organization.
You pay a subscription fee for each of these people, which allows your company to use Oracle Java on various devices. In short, licensing is tied to total headcount, not the number of installations.
4. Q: Do we have to license every employee, even if only a few use Java?
A: Yes. Under Oracle’s rules, if your company uses Oracle Java in production, you must license all employees, not just the developers or servers running Java.
Even if only 10 out of 1,000 employees use a Java application, Oracle’s model requires licenses for 1,000. One subscription covers the whole company’s potential Java usage, but you pay for everyone regardless of actual usage.
5. Q: Why did Oracle move to an employee-based subscription?
A: Officially, Oracle did it to simplify licensing and ensure coverage of all environments with one metric. It removes the need to track installations or CPUs. Unofficially, it also tends to increase Oracle’s revenue. By tying Java licensing to company size, Oracle captures more value – many customers are now paying more than they would under the old model
It simplifies compliance (just count heads) but is often costlier for enterprises.
6. Q: What happened to the old Java SE per-user or per-processor licenses?
A: They’ve been phased out. Oracle no longer sells Java SE licenses based on Named User Plus (per user or device) or per-processor metrics as of 2023.
Those legacy licenses are now considered “legacy” or expired products. Existing customers could renew those plans temporarily if Oracle allows it, but the Universal Subscription is the go-forward offering. Oracle’s goal is to migrate everyone off the old licensing model.
7. Q: Does the Universal Subscription cover both servers and desktops?
A: Yes. The Universal Subscription isn’t limited to a specific type of system – it’s universal across desktop PCs, servers, virtual machines, and cloud instances.
In the past, Oracle had separate SKUs for “Java SE Desktop” and “Java SE Server”; now, a single employee-based subscription covers Java on any platform within your enterprise.
8. Q: How much does the Java SE Universal Subscription cost?
A: Oracle’s public pricing starts at $15 per employee per month (for smaller organizations).
There are tiered volume discounts: for example, around $12 per employee per month once you have over 1,000 employees, $8.25 at 10,000 employees, down to about $5.25 at 40,000+ employees.
Realistically, a company of 2,500 employees might pay roughly $12 * 2,500 * 12 = $360,000 annually. Prices can be negotiated, but those are the ballpark list prices.
9. Q: Are there volume discounts for large companies?
A: Yes. Oracle uses tiered pricing – the more employees you license, the lower the per-head rate. For instance, the rate drops from $15 to $12 to $10.50 per employee per month as you move into higher employee brackets.
Large enterprises with tens of thousands of employees can negotiate deeper discounts, with published tiers as low as $5.25 per employee. So, a 20,000-employee company pays a significantly lower per-unit price than a 500-employee company (though their total bill is much larger).
10. Q: Is the Universal Subscription mandatory for all new Java licenses?
A: Essentially, yes. If you want Oracle’s Java SE for commercial use now, the Universal Subscription is the default (and only) offering Oracle will sell you. Oracle has discontinued new sales of the old Java SE licenses, so any new license purchase must be under the per-employee model
(The only exception is if you’re an existing customer with a prior agreement – Oracle might let you renew once on the old metrics sometimes, but new customers or expansions must go with the Universal Subscription.)
Java Audit Triggers
11. Q: What can trigger an Oracle Java audit?
A: Oracle typically initiates a Java audit when it suspects a company is using Oracle Java without proper licensing. Common triggers include: evidence of your organization downloading Oracle Java updates (which Oracle tracks), a previous Java license or expired subscription, or Oracle’s sales team observing that you use Java widely but have no current subscription.
In short, any hint that you’re running Oracle’s Java SE in production without a paid license can put you on Oracle’s audit radar.
12. Q: Can downloading Java from Oracle’s website lead to an audit?
A: Yes – this is one of the most frequent triggers. Oracle closely monitors those who download Java from their websites or support portal. These downloads require an Oracle login so that Oracle can view the email, domain, and company associated with the account.
If someone from your company downloads an Oracle Java installer or patch that isn’t freely available, Oracle records it, including the date, IP address, and what was downloaded.
Later, Oracle may contact your company, implying that the download proves you’re using Java and need a subscription. Many audits begin simply because an engineer downloaded an update for Oracle JDK.
13. Q: Does Oracle track companies’ Java downloads or patch updates?
A: Absolutely. Oracle keeps detailed logs of Java download activity. They log the Oracle Account used (often an email address), the company name or domain, the file downloaded, and the time stamp.
These logs can be retained for years. So, if your staff downloaded Java 8 updates after public updates ended, or pulled Java 11 or 17 binaries from Oracle, Oracle knows.
This is how they identify organizations to audit – for example, if in 2022 someone with an email address downloaded a Java SE 8 security patch, Oracle may flag Your Company for follow-up.
14. Q: Will accepting Oracle’s OTN license prompt an audit?
A: It can. The Oracle Technology Network (OTN) license is what you click “Accept” on when downloading newer Oracle Java versions (released after 2019). It allows free use only for development and testing, not for production.
If Oracle sees your team repeatedly downloading Java under the OTN license, it’s a red flag. They suspect those copies might be used in production, which would be against the license terms.
In audits, Oracle has pointed out instances where someone accepted the OTN license (which explicitly prohibits commercial use) as evidence that the company knew the software was not free. So, while accepting the OTN license itself isn’t illegal, it’s often an indicator that precedes an audit inquiry.
15. Q: If our old Java license or subscription expired, will Oracle audit us?
A: Very likely. Oracle actively monitors former Java customers. If you had an Oracle Java SE subscription or license that ended (and didn’t renew it in the new model), Oracle assumes you might still be using Java unlicensed. It’s common for Oracle to reach out shortly after a Java contract expires.
This usually starts as a “friendly” compliance check – Oracle asks if you’re still using Java and reminds you that your coverage ended. In many cases, these situations progress into audits if the company continues to use Oracle Java without a new subscription.
16. Q: Does Oracle target companies that never purchased a Java subscription?
A: Yes, if they suspect the company is using Java. Oracle’s compliance team looks for organizations running Java in their operations that have never paid Oracle for it.
For example, if you’re in a software-driven industry or have job postings for Java developers, but Oracle’s records show zero Java purchases, that’s a potential target. Oracle has increased efforts to find such cases – a large enterprise with no Java subscription on record is a glaring sign in Oracle’s view.
They might initiate contact to “discuss Java,” which can quickly become an audit if not handled carefully.
17. Q: Can a large Java user with no license expect an audit?
A: Yes – it’s a matter of time. A company heavily reliant on Java (e.g., running many Java-based apps) that hasn’t licensed Oracle Java is exactly the profile Oracle focuses on.
Oracle knows Java is widespread and is now actively enforcing compliance. They even publicly forecast that by 2026, over 20% of organizations using Java will face some form of Oracle license review or audit.
If you’re a big Java user with no subscription, you should assume an audit is coming and prepare accordingly, rather than hope to fly under the radar.
18. Q: Does having no other Oracle products make us more likely to be audited?
A: Potentially, yes. Oracle sometimes targets companies that only use Java (and aren’t big customers of Oracle’s databases or apps) on the theory that Oracle has “nothing to lose.” In other words, if you don’t have a broader relationship with Oracle, they won’t fear damaging a lucrative account by pressing you on Java compliance.
On the flip side, no company is truly safe—Oracle will also audit Java at its big accounts—but companies with a minimal Oracle footprint are often seen as low-hanging fruit for Java audits.
19. Q: Will Oracle audit a major Oracle customer over Java usage?
A: Yes, they will. Being a large Oracle database or applications customer does not exempt you from Java audits. The difference is that Oracle might handle it more strategically, for instance, aligning the Java compliance discussion with your next contract renewal on other products.
But Oracle has audited even its Fortune 500 clients for Java. The audit might be coordinated with your account team to smooth things over, but ultimately, if you’re running Oracle Java without a subscription, size or importance won’t protect you.
Oracle will still present the licensing gap and expect it to be addressed through a Java subscription purchase.
20. Q: How likely is it to face an Oracle Java audit in the next few years?
A: The likelihood is increasing. Oracle significantly ramped up its Java audit activity in 2024, doubling the size of its Java compliance team.
Industry analysts predict a wave of Java audits. According to Gartner, by 2026, Oracle will approach over 20% of organizations using Java for a review or audit.
If your organization uses Oracle Java and isn’t licensed, you should treat an audit as a “when,” not “if,” scenario. It’s prudent to prepare for that eventuality now.
Java License Types and Scope
21. Q: What are the different Oracle Java SE license types?
A: Oracle Java SE has been offered under a few license types over the years: – Binary Code License (BCL): This was the traditional free license for Java SE up to Java 8.
Under the BCL, Oracle allowed Java to be used on general-purpose computers, such as desktops and servers, without charge until the end of public updates.
Java was free for commercial use under the BCL terms, but only up to a certain version or release date. – Oracle Technology Network (OTN) License: Introduced in April 2019, this license applies to Oracle JDK 8 updates released after January 2019 and to Oracle JDK 11. It permits free use only for personal use, development, testing, and demonstration, not for running production systems.
Using Java under the OTN license in a business app requires a paid subscription. No-Fee Terms and Conditions (NFTC): Implemented with Java 17 (2021) and later versions, the NFTC license allows using Oracle JDK in production for free, but with a time limit. It’s essentially Oracle’s way of making the latest Java version free for one year after the release of the next version.
After that period, continued use or updates require a subscription. Java SE Subscription (Commercial License): This is Oracle’s paid licensing model. From 2019 to 2022, it was sold per user or processor, and now it is sold per employee (Universal Subscription).
This license grants you the rights to use Java in production and, in exchange for a fee, receive updates/support from Oracle.
22. Q: Is Java still free for any use?
A: Java, as a programming language, and OpenJDK (the open-source implementation) are free. Oracle’s JDK, however, is no longer free for most commercial uses. For Oracle’s distribution, it’s free for development and testing (under the OTN license), but not for production deployments.
Oracle offers the latest Java versions (e.g., JDK 17, JDK 21) under a no-fee license for a limited time, so you can use them in production without paying while they are within that window.
But once that window closes (or if you need older versions, like Java 8 or 11, with updates), you’ll need a subscription. In summary, outside of personal or dev use and the special LTS grace period, Oracle’s Java requires a paid license. (Alternatives like OpenJDK from other providers remain free and can be used to avoid fees.)
23. Q: What was the Java SE Binary Code License (BCL) used for Java 8?
A: The BCL was Oracle’s license for Java SE 8 and earlier. It allowed anyone to use and redistribute the Java runtime for free in general-purpose computing environments, subject to certain conditions.
Under the BCL, companies could use Java 8 without paying Oracle, as long as they used versions released before Oracle’s cutoff (January 2019). After that date, Oracle stopped providing free public updates for Java 8, ending the “free ride.”
So, Java 8 under BCL is free to use indefinitely for those specific old versions, but no security patches will be provided after 2019 unless you pay. Many enterprises stayed on Java 8 BCL builds (such as 8u202) to avoid fees, which means running outdated software.
24. Q: What is the Oracle Technology Network (OTN) license for Java?
A: The OTN license is the agreement you accept when downloading Oracle Java SE 11 or Java 8 updates released after April 16, 2019. It provides Java at no cost for certain uses: personal use, development, testing, prototyping, and demonstration purposes.
Critically, the OTN license does not allow production or commercial use. You’re in violation if you deploy Oracle JDK or JRE under this license in running business systems. In essence, OTN allows developers and hobbyists to use Oracle Java for non-production work, but anything beyond that requires a commercial Java SE subscription from Oracle.
25. Q: Can Oracle Java under the OTN license be used in production?
A: No. Using Oracle’s Java in production under the OTN license is not permitted. The OTN license explicitly forbids “production” or commercial use of Oracle Java SE without a subscription
It’s meant only for development, testing, and similar non-revenue-generating uses. So if you take an Oracle JDK obtained via the OTN license and run a customer-facing application or internal business process, you are non-compliant. In such a case, you’d need to purchase a Java SE subscription to legitimize that production use.
26. Q: What is Java’s “No-Fee Terms and Conditions” (NFTC) license?
A: The NFTC license is a newer model Oracle introduced starting with Java 17 (released in 2021). It allows you to use certain Oracle JDK versions in production for free for a limited time. Specifically, Oracle will let you use the current Long-Term Support (LTS) version of Java (e.g., Java 17, now Java 21) at no cost until one year after the next LTS version is released.
For example, Java 17 was free under NFTC from 2021 until one year after Java 21 (the next long-term support release) was released in 2023. After that period, you’d need a subscription to keep getting updates for Java 17.
The NFTC license was Oracle’s way of appeasing the community by making the latest JDK initially free to use. Still, it’s not a perpetual free license—it has an expiration date for updates.
27. Q: Which Java versions are covered by the free NFTC license?
A: Java 17 was the first version with the NFTC. Oracle JDK 17 was free from its release (September 2021) until September 2024, one year after Java 21’s release.
Java 21 (the next Long-Term Support (LTS) release, scheduled for 2023) is also under the NFTC license; it became the “current” free version when it was launched. Java 21 is free for a period that will likely last until a year after the next LTS release, Java 25, comes out.
In practical terms, Oracle’s strategy is that the latest LTS JDK is free to use for a few years, but once it’s no longer the latest, you need to pay for further updates. Note that older versions, such as Java 8 and 11, are not covered by NFTC; they require a subscription for any updates made after 2019.
28. Q: Does Oracle Java SE subscription include all older and newer Java versions?
A: Yes. An Oracle Java SE subscription (legacy or Universal) isn’t tied to a specific Java version – it covers all versions that Oracle supports. If you’re paying for a subscription, you can use Java 8, 11, 17, 21, and other versions, and download all relevant updates for those versions.
The subscription gives you the blanket right to run any Java SE version (past or present) in production, with Oracle support. One reason some companies subscribe is to get patches for older Java versions, such as 8 or 11, that they can’t upgrade immediately.
29. Q: What are Oracle Java SE Advanced or Java SE Suite licenses?
A: Those were Oracle’s old premium Java offerings. Java SE Advanced (and Suite) licenses unlocked extra commercial features in Java, such as Java Flight Recorder, Mission Control, and Advanced Management Console.
They were typically licensed per processor or Named User, at higher prices than the standard Java SE. For example, Java SE Advanced could be licensed per CPU for use on servers with mission-critical applications that require monitoring features.
The Java SE Suite included even more, such as JRockit tools. These products required a separate contract and were often used in environments that needed the management or monitoring of multiple Java instances.
However, Oracle has since rolled those features into the general Java subscription. The Advanced/Suite licenses are now effectively deprecated, as the Universal Subscription covers those features.
30. Q: Are the advanced Java features now included in the subscription?
A: Yes. Oracle now includes the former “Java SE Advanced” commercial features as part of the standard Java SE Subscription. Features like Java Flight Recorder, Java Mission Control, and the Advanced Management Console (which used to require Advanced or Suite licenses) are available with a Java SE Universal Subscription.
There’s no separate fee for those extras anymore. Oracle did this to simplify the offerings – one subscription covers all Java SE features. (Of course, you have to be subscribed in the first place to use them legally.)
Common Audit Findings
31. Q: What are the common issues uncovered in Oracle Java audits?
A: The most common finding is simply unlicensed installations of Oracle Java. Many enterprises have discovered that Oracle JDK or JRE is installed on far more servers and PCs than they realized, and none of them are licensed under the new rules.
Often, Java was treated as “free” after Oracle’s 2019 changes, so companies continued to use it in production without a subscription.
Auditors frequently find clear violations in Java 8 installations that continued to receive updates past January 2019 or Java 11 installations with no license.
Another common issue is underestimating the scope: for example, a company might have licensed Java on a few servers, but the audit also finds it on employee workstations.
Additionally, if any “commercial features” were enabled on Java 8 (such as Flight Recorder without a license), that would also be flagged. In short, audits typically reveal that an organization’s Java usage (across all environments) exceeds its paid licenses (often zero), resulting in a compliance gap.
32. Q: Do auditors usually find unlicensed Java installed on user PCs?
A: Yes – this is a frequent surprise. Desktop installs of Java are often overlooked. For example, an internal app or third-party software might have required installing the Oracle JRE on hundreds of employee PCs. Those installations count as Java usage that requires licensing.
In many audits, Oracle finds that, aside from the obvious server deployments, numerous desktop machines (such as developers’ laptops and analyst PCs running Java apps) have Oracle Java. Each instance was technically unlicensed if the company didn’t have a Java SE subscription.
This dramatically increases the compliance shortfall. It’s very common for part of the audit findings to be “X number of PCs with Oracle Java installed without entitlement,” which often catches companies off guard.
33. Q: Does an installed Oracle JRE count as “in use” even if not actively running?
A: From Oracle’s perspective, yes. If Oracle Java is installed on a system in your environment, they consider it “deployed” and thus requires a license. It doesn’t matter if a user hasn’t launched a Java app in months – the fact that the runtime is present means it’s available for use.
Under the old licensing system, having Java installed on a device meant that the user or device needed to be licensed. Under the new model, the presence of Oracle Java in the enterprise means that the entire employee count should be licensed.
So, an idle installation still puts you out of compliance. The safest stance is to assume that if Oracle Java is installed on any company machine (unless solely for a permitted dev/test scenario), it counts as usage.
34. Q: Can using Oracle Java just for development still cause compliance issues?
A: It can if you’re not careful. Oracle allows the development and testing use of Java for free under the OTN Developer license. However, the risk is that any development deployments could bleed into production or business use.
Oracle often scrutinizes whether “dev” instances were truly isolated during audits. If a developer uses Oracle JDK to build an internal tool and the business then uses that tool, Oracle will call that unlicensed production use.
Many companies also found that they downloaded Oracle Java for development and testing, but then copied the same binaries to production machines – a clear violation. While pure non-production use is fine license-wise, you must ensure that none of those instances serve end-users or run live applications.
If there is any overlap, Oracle will flag it. In practice, many “development only” usages have a way of creeping into production workloads, which leads to compliance issues.
35. Q: What are “commercial features” in Java, and how do they affect licensing?
A: “Commercial features” refer to certain advanced capabilities in Oracle Java (primarily in Java SE 8) that were not freely usable under the default license. For example, Java Flight Recorder, Java Mission Control, and the Usage Tracker were considered commercial features.
In Java 8, these features were present in the JDK, but you needed a legal Oracle Java SE Advanced license to use them. If, during an audit, Oracle finds that these features were enabled or used (flags and logs indicate usage), they would count that as unlicensed usage.
Nowadays, Oracle has made these features part of the standard subscription, and OpenJDK has made Flight Recorder free in later versions, so this issue mainly affects older Java installations. But in an audit of Java 8 environments, Oracle might ask if the JVM option. -XX:+UnlockCommercialFeatures Was ever used – a sign that someone turned on a feature that required a license.
If so, that’s an additional compliance problem (essentially using a higher edition of Java than you paid for). This distinction has disappeared with Java 17 and the new model because the subscription includes everything.
36. Q: What happens if we use Oracle Java updates released after it became a paid service?
A: Oracle will consider that unlicensed use and will likely demand back pay. Concretely, suppose you kept using Java 8 in production after January 2019 and applied Oracle’s updates (which were no longer free).
In that case, Oracle will say you should have been paying for a subscription during that entire period. In an audit, they will backdate your usage to the first unlicensed update you installed.
For example, if you applied Java 8 update 211 (released after public updates ended) in mid-2019 and never bought a license, Oracle might claim you’ve been using Java unlicensed since April 2019.
The outcome is that they will calculate fees for that period (see the next question on back payments). In short, using Oracle’s patches or new JDK versions after the free cutoff triggers retroactive audit fees.
37. Q: Will Oracle demand back payments for past unlicensed Java use?
A: Yes, this is now standard in Oracle Java audits. Oracle will require you to pay for the period you used Java without a license, effectively making you buy “missed” subscriptions for past years.
This is often a hefty surprise bill. Oracle typically doesn’t call it a penalty; they frame it as the cost of not paying the subscription fees you would have paid had you been compliant.
In practice, if you’ve been using Java for 2 years unlicensed, they’ll ask you to retroactively pay 2 years’ worth of subscription for your whole employee count.
They usually bundle that cost into the settlement (e.g., you pay $X for past usage, plus sign a new subscription for the future). Companies must be prepared to know that an audit isn’t just about “buying a license for the future”—Oracle almost always asks for back payments.
38. Q: How far back can Oracle claim fees for unlicensed Java usage?
A: It depends on the evidence they have, but Oracle typically looks back 2–4 years. They have download logs and support records going back up to seven years, so theoretically, they could assert claims for that long.
In practice, we often see Oracle quote a retroactive period of a few years (e.g., “since 2020” or “for the past 3 years”). If you first used unlicensed Java 4 years ago, and they can prove it, they might charge all 4 years.
If it’s longer ago than that, they sometimes stick to a reasonable period, also considering statutes of limitations in some jurisdictions. But at a minimum, expect a claim for several years of past use if you’ve been unlicensed for a while.
39. Q: Can Oracle require licensing for every instance of Java they discover?
A: Under the new model, if Oracle discovers any unlicensed Java usage in your organization, their remedy is essentially that you must license the entire company. In the past, they would require a license for each server or device running Java, so every instance needed a license.
Now it’s a bit different: technically, once you have even one instance in production, Oracle’s position is that you need an enterprise-wide subscription. So, in effect, yes – each discovered instance is a compliance failure, and the “solution” is to buy coverage for all instances, which essentially means licensing all employees.
You can’t, for example, negotiate to license just 10 servers; Oracle will push the full subscription. So, every use counts, and Oracle’s response is now all-or-nothing.
40. Q: Are virtual machines or containers running Java treated differently in audits?
A: No. Oracle doesn’t treat VMs or containers, especially beyond how they count under a license. Under the current per-employee scheme, it doesn’t matter if Java runs on a physical server, a virtual machine, a Docker container, or a cloud instance – all are covered once you license all employees.
Under the old model, virtualization could complicate counting (you had to count the processors on which Java was running, sometimes meaning the entire host if soft partitioning wasn’t allowed).
But under the new model, you don’t have to worry about that because Oracle isn’t counting machines at all. From an audit perspective, they will still want to know all the places Java is installed (including VMs and containers) just to scope your usage. But there’s no separate license metric for virtualized environments now – it’s all the same in Oracle’s eyes.
Defense Strategies
41. Q: How can we prepare internally before Oracle audits our Java usage?
A: The best step is to inventory your Java usage now. Do a sweep of all servers, PCs, and applications to identify where Oracle Java is installed or used. This includes checking for Java on employee laptops, application servers, and build servers anywhere. Document versions and whether it’s Oracle’s distribution or another.
Once you know your footprint, uninstall Java from places it isn’t needed and consider replacing Oracle JDK with OpenJDK on systems where possible. Policies should also be implemented to prevent random downloads (lock down who can install software). Essentially, you will not be surprised if Oracle contacts you. Being proactive—knowing your usage better than Oracle—puts you in a strong position.
If you find you are using Oracle Java widely and decide to get compliant by either licensing or migrating before an audit, you’ll save a lot of pain later.
42. Q: What should we do if we receive an Oracle Java audit notice?
A: Don’t ignore it. First, immediately involve the right stakeholders – typically your IT asset manager, legal counsel, procurement, and relevant IT managers. Review the notice carefully to see the scope (is it specifically for Java or all Oracle products?) Professionally acknowledge receipt of Oracle and let them know you will cooperate (assuming you’re contractually obligated).
It’s often wise to engage a third-party advisory firm or lawyer specializing in Oracle audits at this stage. Internally, start gathering data (but have not sent anything to Oracle yet) to understand your exposure.
You want a game plan before you deliver any information. Also, negotiate the timeline if needed—get a reasonable schedule for delivering data. In summary: respond, assemble your team, plan your approach, and be courteous with Oracle while protecting your company’s interests.
43. Q: Should we run Oracle’s scripts or tools during a Java audit?
A: Be cautious. Oracle may provide a discovery script and ask you to run it on your systems to collect data on Java usage. Before running anything, review what the script does (have your IT or security team, or an independent expert, review it). You can decline using their tool and supply the data using your methods instead.
Many companies use their internal inventory tools to produce Oracle’s desired information rather than run unknown scripts. If you run Oracle’s script, consider running it in a test environment first.
The key is that you must provide accurate data, but you don’t necessarily have to use Oracle’s provided method if you can get the information otherwise. Always keep control of the process – don’t let Oracle directly access your systems; you gather and provide the data.
44. Q: How much information should we share with Oracle’s auditors?
A: Only as much is required to demonstrate compliance (or the extent of non-compliance). In an audit, you have to answer Oracle’s questions truthfully, but you do not need to volunteer extra information beyond the scope of the audit. If they ask for installed Java versions, you don’t also hand over software inventories of unrelated products. Over-disclosure can open new fronts in an audit.
So keep it strictly relevant to Java. Also, aggregate data where possible – for example, instead of listing each of 500 servers and their Java versions (which invites nitpicking), you might provide a summary like “We have Oracle Java 8 Update 271 installed on 500 machines.” Always review any data carefully before sending it to Oracle. In short: be honest and forthcoming, but only about the items they requested, nothing more.
45. Q: Can we negotiate the scope or terms of a Java audit?
A: To some extent, yes. At a minimum, you can clarify and agree on the scope in writing – e.g., that the audit focuses on Java SE usage. If Oracle’s requests seem too broad or intrusive, you can push back and ask to limit them to what’s needed for Java compliance. You can often negotiate the timing (for instance, “we need 4 weeks instead of 2 to gather this data”).
While you can’t avoid an audit if you’re contractually bound, you can negotiate confidentiality terms (ensure any data you provide is under NDA and only used for compliance purposes). If it’s a “soft audit” (informal review), you have even more leeway to set the ground rules or delay until you’re ready.
So, always remember that an audit is a manageable process; you don’t have to passively accept every term without question. It’s acceptable to discuss how the audit will proceed with Oracle’s audit team.
46. Q: Is getting external help, such as consultants or lawyers, advisable for a Java audit?
A: Generally, yes. Oracle licensing and audits are specialized areas – having someone on your side who’s been through it can be invaluable. A licensing consultant experienced with Oracle Java can help you interpret Oracle’s requests, prepare the data most favorably, and anticipate Oracle’s tactics.
They can often negotiate with Oracle’s auditors on your behalf to reduce findings. Legal counsel is important too, especially if things get contentious or if a lot of money is at stake – a lawyer can help protect sensitive communications and ensure you don’t inadvertently admit liability.
The cost of external experts is usually far less than what non-compliance with an audit could cost. So, if your Java usage is significant and involves outside help, it’s a prudent defensive strategy.
47. Q: Should we consider switching to OpenJDK if an audit is announced?
A: Moving to OpenJDK (or another non-Oracle Java) is a good long-term strategy to reduce future risk, but it won’t erase past usage in an ongoing audit. If you’re being audited for past Oracle Java use, Oracle will still count that historical usage, regardless of whether you have since switched everything to OpenJDK.
That said, indicating to Oracle that you are migrating off Oracle Java might help in negotiations (they know you won’t be a repeat offender).
The best approach is a parallel path, which addresses the audit with Oracle and accelerates plans to deploy OpenJDK to stop the bleeding. Do not try to secretly replace Oracle Java after an audit notice in hopes Oracle won’t find out – they likely already have records of what you did up to that point.
By all means, start replacing Oracle JDK with OpenJDK, but be transparent in the audit about your usage until migration.
48. Q: Can we quickly uninstall Oracle Java to reduce exposure before an audit?
A: Removing any Oracle Java you’re not using is wise if you haven’t received an audit notice. That reduces your liability if an audit happens later.
However, uninstalling software won’t undo its presence if an audit is already in motion (you’ve been officially notified). Oracle often asks for installation dates in audits to determine how long Java has been present.
Removing it after the fact could be seen as destruction of evidence (not a good look). Instead, suppose you realize you’re out of compliance during the audit.
In that case, you can start uninstalling or replacing Oracle Java, but document the process and be ready to show Oracle that those instances are now gone, along with the removed dates. In summary, clean up before an audit whenever possible. After the audit starts, don’t hide it – fix it, but expect Oracle to still count past usage.
49. Q: How do we dispute Oracle’s findings if we think they are wrong?
A: You’ll need to engage Oracle with evidence and reasoning. If Oracle’s audit report says “you owe for 5,000 employees” and you believe they overcounted, you might present your HR records to show a lower employee count (and explain any discrepancy in definition).
Or if they think a certain Java installation was in production for 2 years, and you can prove it was only used in a lab, provide logs or documentation. The key is to have data or proof to back your claim; simply saying “we disagree” won’t get far. Write your response, addressing each contested point with clarification or evidence to support your argument.
Often, audits involve negotiation – Oracle might initially claim a worst-case scenario. You can sometimes reduce the scope by disputing facts (and perhaps hiring a licensing expert to help with the argument).
Ultimately, if you reach an impasse, it becomes a commercial negotiation: you might seek a compromise settlement. Don’t sign off on findings you believe are incorrect – push back firmly but professionally, and involve legal help if needed.
50. Q: What’s the best way to handle a “soft audit” inquiry about Java licensing?
A: Treat a soft audit (an informal email or call from Oracle about Java licensing) seriously but strategically. Usually, this starts with Oracle saying something like, “We’d like to discuss your Java usage” or mentioning they noticed downloads. You are not yet in a formal audit in this phase, so you have more flexibility.
Do not ignore the inquiry, which can escalate to a formal audit. Respond by acknowledging the request and perhaps scheduling a discussion at a later date (to buy time). Use that time to assess your internal Java usage. When you talk to Oracle, keep the conversation high-level; you might state that you are evaluating your Java deployments.
You can also ask them what prompted the inquiry – sometimes they’ll reveal the download records they have. The main goal is to avoid handing over a detailed deployment report immediately without understanding your position.
If you find you are non-compliant, you might choose to proactively fix it (either by licensing or migrating) and then inform Oracle. In summary: engage, but be cautious and prepare your plan first. A soft audit is a chance to clean up quietly before it becomes a formal, more punitive process.
Audit Process and Timelines
51. Q: How does a formal Oracle Java audit proceed step by step?
A: A formal audit follows a structured process: 1. Audit Notification: Oracle sends an official audit letter (often via email to an executive or legal contact). This cites your contract’s audit clause (if applicable) and states that Oracle is initiating an audit of your Java SE usage. 2. Kickoff and Scope Definition: Oracle’s audit team (LMS/GLAS) typically schedules a kickoff call. They will outline what products are in scope (Java SE in this case) and what information they need.
They may ask you to nominate a point of contact for the audit. 3. Data Collection: You gather the requested data. Java audits typically involve compiling a list of all Oracle Java installations (JDK/JRE) in your environment, including their versions and, if applicable, installation dates. Oracle might provide questionnaires or scripts to assist.
This phase can involve asking and answering iterative questions. 4. Analysis: Oracle analyzes your provided data. They identify any installations or usage not covered by a license. Under the new model, if you provided (say) a list of 200 servers running Java and you have no subscription, the analysis is straightforward: all that usage is unlicensed. 5. Findings Report: Oracle delivers an audit report or compliance summary.
It will state the findings – e.g., “XYZ Company has Java SE installed on X devices used by Y employees without a valid license.” The report will quantify what Oracle believes you owe (often expressed as needing to purchase a certain N-employee subscription, plus back support fees). 6. Resolution Discussion: Oracle and your company meet to discuss the findings.
This is where you can dispute details or provide additional info. Ultimately, Oracle will propose a resolution, usually: you purchase a Java SE Universal Subscription for your employee count and pay for the past unlicensed period.
They may present a formal quote. 7. Settlement/Closure: You negotiate the commercial terms, sign any new contracts, and make the payment. Oracle then considers the audit closed and will often issue a letter confirming that you are now in compliance (as of that settlement).
52. Q: What’s the difference between soft and formal audits for Java?
A: A soft audit (a license review or discussion) is an informal compliance check. Oracle might email or have a salesperson call you saying, “We’d like to review your Java usage” without invoking contractual audit rights.
Though it’s motivated by compliance, it feels more like a friendly inquiry. There are no external auditors; Oracle’s sales or LMS representative often handles it through conversations. In contrast, a formal audit is a contractual audit triggered per the audit clause in your Oracle agreements.
Formal audits typically require written notice and are handled by Oracle’s License Management Services, possibly with the involvement of a third-party auditor. They have a defined process (as described above), deadlines, and a formal report.
Soft audits can escalate into formal audits if you don’t cooperate or if Oracle finds serious compliance gaps in the informal phase. One way to think of it: soft audit = Oracle asking nicely for info; formal audit = Oracle demanding info under legal rights.
53. Q: Who conducts Oracle Java audits, and how are they initiated?
A: Oracle’s own License Management Services (LMS) or GLAS (Global Licensing and Advisory Services) team typically conducts the audit. It is initiated by Oracle, usually by sending an audit notification to your organization’s registered contact (often the person who signed contracts or a legal contact on file).
Oracle may also use third-party audit firms as agents, but for Java (which many customers never formally licensed), Oracle’s internal team often leads the effort. The audit is initiated either under the audit clause of an Oracle agreement you have (if Java was part of a contract) or simply as a notice of suspected unlicensed use (if you have no contract, Oracle initiates it as an assertion of its rights due to copyright or licensing).
In summary, expect an Oracle compliance manager or auditor to be assigned and to contact you to coordinate; it’s not random IT people showing up—it’s a formal communication-driven process.
54. Q: What data or evidence does Oracle typically request in a Java audit?
A: They will ask for a complete inventory of Oracle Java deployments. Typical data requests include: – List of installations: Every server, virtual machine (VM), or personal computer (PC) with Oracle Java installed.
This usually means the hostname, location, and Java version (e.g., JDK 1.8.0_281) for each. – Usage details: What applications or purposes those Java installations serve (to distinguish dev/test vs prod, etc.). Sometimes, they’ll ask if certain tools, like Java Flight Recorder, were used. – Installation date or duration: Oracle might inquire when Java was first installed on those machines, aiming to determine how long it has been in use (for billing purposes). – Employee count and environment: They can request the total number of employees (since the new license is per-employee, they will want to calculate this against your usage).
They may also ask if you have any Java SE subscriptions already (proof of any entitlements). – Third-party usage: If you claim some Java installations are under a third-party application’s license, you might need proof of that vendor agreement.
55. Q: Will Oracle ask us to run a discovery script to find Java installations?
A: It’s possible. Oracle has been known to provide a script or tool (for example, a Java “discovery” script) for you to execute in your environment to automatically collect data on Java installations.
Sometimes, they provide an Excel “Oracle Java Worksheet” where you fill in the details, and you can optionally run a script to populate it. However, it’s up to you to run it – Oracle doesn’t remotely run anything. If you have robust internal discovery tools (like SCCM, Flexera, etc.), you can use those to get the data.
Oracle’s script is basically for convenience (and to ensure nothing is omitted). If you choose not to run their script, you should provide equivalent evidence manually. Refusing to run the script is fine if you provide the required information in an alternative form. Make sure that whatever method you use is comprehensive; partial data will prolong the audit process.
56. Q: How long do we usually respond to Oracle’s audit requests?
A: The initial audit notice might ask for data within a certain days (30 days is common in contracts). In practice, the timeline is often negotiable. Typically, Oracle might give you a few weeks to gather information for the first round. If that’s not feasible, you can usually request an extension. It’s important to communicate proactively – if you need 6 weeks to compile everything, say so and get Oracle to agree.
Formal audit clauses sometimes specify that the customer must reasonably cooperate, so as long as you aren’t stonewalling, Oracle will usually accommodate a bit more time.
After you submit data, Oracle’s questions/analysis phase can also take a few weeks or more, during which you may have deadlines to answer follow-up queries (usually a week or two turnaround on each exchange). The key is to meet agreed deadlines or renegotiate them in advance. Ignoring a due date without comment is the worst thing to do; it raises suspicion and can escalate matters.
57. Q: How long can an Oracle Java audit take from start to finish?
A: It varies widely depending on the complexity. A smaller environment with prompt cooperation might be able to be completed in 2-3 months. A typical enterprise Java audit often takes around 3-6 months end-to-end.
The phases break down into a month or so to gather data, a few weeks for Oracle to analyze and respond, then another few weeks of back-and-forth on findings, and finally, time to negotiate and sign agreements for resolution.
If there are disputes or delays in data gathering, audits can stretch longer, 6-9 months or more, which is not unheard of for complex cases.
We’ve seen some drawn-out scenarios go on for a year or more, especially if the company tries to remediate during the audit (for example, removing some installations and asking Oracle to re-evaluate). However, in general, most audits are resolved within a half-year timeframe.
58. Q: What happens at the end of an Oracle Java audit?
A: Two main outcomes: you’re found compliant or (more commonly) non-compliant and must purchase licenses.
In the compliance case (rare for Java), Oracle would issue a report saying no issues were found, and that’s the end – no further action is needed. In the non-compliance case, Oracle will present the licenses you need to buy. Typically, they’ll require you to sign up for the Java SE Universal Subscription covering all your employees and pay for prior usage.
The audit effectively transitions into a sales process – Oracle gives you a quote, you negotiate if possible, and then you procure the required subscription. Once you sign the new contract and pay the invoice, Oracle will close the audit.
They might provide a letter stating that you comply with the purchase. It’s important to note that Oracle usually doesn’t “fine” you punitively; instead, you buy what’s needed to become compliant (including backdated support).
After the settlement, any future use of Java should be covered by the subscription you bought, so the issue will also be resolved going forward.
59. Q: What if we refuse to cooperate with an Oracle Java audit?
A: Refusal is risky. If you have an Oracle contract (say for a database or an old Java agreement) that includes an audit clause, refusing the audit is a breach of contract. Oracle could terminate your license agreements or take legal action for breach.
Even if you have no signed contract for Java (perhaps you just downloaded it), Oracle can pursue legal avenues – they might accuse your company of copyright infringement or unlawful use of their intellectual property. In practice, Oracle would likely escalate to their legal department and start sending strong letters, possibly involving attorneys. This can lead to court orders to compel an audit or a lawsuit demanding damages.
Also, refusal might prompt Oracle to inform your upper management of the potential liability (to put internal pressure on you). In short, outright non-cooperation usually makes things worse.
It’s better to cooperate reasonably or negotiate terms rather than flatly refuse. The only somewhat safe refusal is if Oracle has no legal basis (no contract and no evidence of use)—but in Java cases, they usually have download evidence, which gives them leverage.
60. Q: Can Oracle audit us without our agreement or contract?
A: Oracle can’t enforce a contractual audit if you never agreed to one (i.e., you have no contracts with Oracle). However, they can still attempt to audit in a more informal/legal way. Oracle typically initiates a “license review” (soft audit) without a contract and requests your cooperation.
They might present evidence like download logs and ask you to self-audit. If you choose not to cooperate at all, Oracle’s recourse would be to potentially sue for unlicensed use rather than a standard audit. They might claim you violated the terms of the OTN license or copyright law by using their software beyond the license grant.
So while they can’t send auditors by force or invoke contract clauses (with no contract), they can still put you in a legal bind. In practical terms, most companies will comply with the audit request (at least partially) even without a contract, because the alternative is a legal fight.
So, you can technically say “we don’t agree to this audit” if you have no contract, but Oracle may then escalate legally. It’s usually better to engage and resolve it out of court.
Risk Reduction
61. Q: How can we reduce our Java licensing risk proactively?
A: The number one way is to minimize using Oracle’s JDK/JRE. If possible, switch your applications to OpenJDK or another vendor’s Java build, which doesn’t require Oracle licensing. This immediately removes the compliance risk for those instances.
Keep a tight inventory of any Oracle Java you need: know exactly where it’s installed and why. Uninstall it from any system that doesn’t truly need it. Implement software restrictions so that employees can’t install Oracle Java independently. Also, stay informed on Oracle’s licensing policies—for example, use the Oracle free versions (NFTC) when appropriate and track when that free period ends.
Another good practice is to run internal compliance checks regularly: scan your network for “java.exe” or something similar and ensure you know about every installation. In short: use alternatives where you can, and where you can’t, control and document Oracle Java usage to avoid surprises.
62. Q: Is replacing Oracle JDK with OpenJDK a viable way to avoid fees?
A: Yes, in most cases it is. OpenJDK is the open-source equivalent of Oracle JDK – for Java 11 and later, it’s essentially the same code base on which Oracle’s distribution is built.
You are not using Oracle’s licensed product by using OpenJDK (or a distribution like Eclipse Temurin, Amazon Corretto, Azul Zulu, etc.), so Oracle’s commercial licensing requirements no longer apply. Many organizations have successfully switched their Java runtimes to OpenJDK to avoid paying Oracle.
The caveat: you need to manage updates yourself (Oracle won’t be providing them), but plenty of providers offer free updates for OpenJDK LTS versions. If your applications are tested to work on OpenJDK (usually not an issue, as it’s binary compatible), this route can drastically reduce or eliminate Java licensing costs. It’s a well-trodden path now for risk avoidance.
63. Q: Can we keep using older Java versions to avoid new licensing?
A: Technically, you could, but it’s not a great idea. For instance, you could stick to Java 8 Update 202 (the last public free update) indefinitely – that version was under the old free license, so using it doesn’t violate Oracle’s terms.
However, you’ll get no future security patches or bug fixes. Java 8u202 was created in early 2019, so it’s missing years of security updates. In a production environment, that’s a significant risk (known vulnerabilities could be exploited).
Additionally, if you upgrade one of those to a later update (say, 8u271) at any point, you’ve entered the paid zone. Some companies initially thought they’d freeze on old versions to avoid paying, but they found the security risk unacceptable, or accidentally updated something.
So yes, you can avoid fees by never updating beyond the free versions, but you’re trading licensing risk for security risk. Most organizations decide that running unpatched, end-of-life Java is not worth it in the long run.
64. Q: Should we remove Oracle Java from machines that don’t need it?
A: Absolutely yes. This is a quick win for compliance. Many machines have Oracle Java installed “just in case” or because some old software bundled it, even though it’s not actively used. Each of those installations is a liability. Uninstalling Oracle Java from all unnecessary locations will reduce your exposure in an audit.
It also narrows the focus of what you need to license or replace. As a policy, if a user or server doesn’t have a specific, identified need for Oracle’s Java, it shouldn’t be installed. Removing it can be done via software management tools across the enterprise. Not only does this cut risk, it can also improve security (fewer instances of an often-targeted software out there).
65. Q: How do we control Java downloads and installations in our organization?
A: The goal is to prevent the unapproved installation of Oracle Java. To do this, you can: – Use admin rights controls: Ensure end users (and even developers) cannot install software independently without IT approval. This stops the casual download of Oracle JDK from the internet. – Block Oracle’s download sites:
At the firewall or proxy level, you could block access to Oracle’s Java download pages or monitor and flag them. – Provide approved JDK internally: If developers need Java, give them an approved OpenJDK package from an internal software repository.
They won’t need to grab Oracle’s version if you centrally manage the software. – Policy and training: Communicate a policy that the IT asset management team must approve Oracle Java installations. Educate employees on why (cost/compliance risk). – Inventory checks: Regularly scan for new “java.exe” or “Oracle JDK” system installations. If something shows up, investigate it.
66. Q: Would using third-party Java distributions (like AdoptOpenJDK, Azul, etc.) help compliance?
A: Yes. Using a third-party Java distribution not from Oracle means Oracle’s license terms don’t apply to that runtime. Distributions such as Eclipse Temurin (formerly AdoptOpenJDK), Azul Zulu, Amazon Corretto, IBM Semeru, Red Hat OpenJDK, etc., are all based on OpenJDK and can be used freely (some with optional support contracts).
If you replace Oracle JDK with one of these on your servers and PCs, then Oracle has no claim because you’re not running Oracle’s proprietary binaries.
Many organizations have done exactly this as a compliance strategy. One thing to ensure is that the third-party JDK is a drop-in replacement and is kept updated.
But since OpenJDK is the reference implementation, in most cases, you can swap out Oracle JDK for, say, Temurin, and everything continues to run fine. This move essentially sidesteps Oracle’s entire licensing program.
67. Q: Can a Java usage audit be avoided by limiting Java usage to free scenarios (like dev-only or older free versions)?
A: It might reduce your chances of an audit, but it’s not foolproof. If Oracle truly sees that you have zero production use of their Java (e.g., you only use OpenJDK in production, and Oracle JDK in dev, where it’s allowed), they might not pursue you.
However, from Oracle’s perspective, this can be hard to verify – they might still approach you if their records show downloads or usage.
You would then have to demonstrate that those were strictly non-production. Relying on older free versions (as mentioned, staying on Java 8u202) avoids licensing but introduces big security issues.
Oracle could still audit to ensure you didn’t sneak in any later updates. In practice, completely limiting Oracle Java to only dev/test and never letting it touch production is difficult. One slip-up and you’re exposed.
So while theoretically you could arrange your usage to be license-free (dev only, or only latest LTS under NFTC, etc.), you’d need strong governance to ensure it never crosses the line. Most companies find it safer to eliminate Oracle Java entirely or properly license it, rather than try to ride the razor’s edge of “only free scenarios” forever.
68. Q: Does Oracle offer any tools or guidance for self-auditing Java usage?
A: Oracle will not hand out an “audit yourself for free” kit, but they provide some general guidance. For instance, the Java Advanced Management Console (AMC) is a tool Oracle offers (to paid customers) to track and manage Java installations enterprise-wide, essentially for internal compliance and patch management. It’s included with the Java SE Subscription.
Additionally, Oracle’s documentation suggests using standard software asset management processes to monitor Java. In terms of free tools, since Java files are on disk, you can use any inventory tool (SCCM, BigFix, Flexera, etc.) to detect Oracle Java by looking for java.exe in the Oracle registry entries.
Oracle doesn’t have a public, free audit script (for obvious reasons), but its auditors use certain techniques you can emulate—e.g., scanning program files for “Java,” checking environment PATHs, etc.
In summary, Oracle’s “guidance” mostly tells you to be diligent. You must be proactive and use your asset management solutions to ensure you know your Java footprint.
69. Q: Are there any Oracle programs or promotions to transition to the new license model?
A: Oracle hasn’t offered “discount programs” or amnesty for Java. They have said that existing customers on old metrics can renew on those metrics under limited conditions, but that’s more a temporary concession than a promotion.
Generally, Oracle expects customers to move to the Universal Subscription and pay the standard rates. In negotiations, some companies have managed to bundle Java into a broader Oracle deal (like an Enterprise License Agreement) to get a better overall price, but that’s case-by-case.
Oracle extended support to education and non-profits by allowing free Java usage for those sectors until a certain date (for Java 8), but that has expired, too. So, there’s no public “50% off if you switch now” program or anything. If you’re a strategic customer, you might leverage your Oracle account team to get a concession on Java pricing, but that’s part of normal negotiation, not a formal promotion.
70. Q: How do we train or inform our development teams to avoid unlicensed Java use?
A: The key is awareness. Many developers and IT staff still think “Java is free” because it was for a long time. You need to update that mindset. Conduct a short training or send a clear memo explaining Oracle’s current Java licensing: using Oracle’s JDK in production now costs money and can lead to audits. Emphasize that even downloading an Oracle Java update can have consequences (since Oracle tracks it).
Guide-approved alternatives—e.g., “Our company uses OpenJDK (Temurin/Corretto) for all Java needs. Do not download Oracle JDK without clearance.” Developers should understand that grabbing Oracle JDK for convenience could inadvertently trigger a compliance issue for the company.
Incorporate this into the new engineer onboarding as well. Essentially, treat Oracle Java like any other licensed software that requires approval. By making the rules and alternatives clear and explaining the “why” (nobody wants to be the person who caused a big audit), you can foster compliance within the teams.
Counting Java Usage (Servers vs Desktops)
71. Q: How did Oracle count Java use in the past, vs how do they count it now?
A: In the past (before 2019), Oracle’s Java licensing was tied to specific installations/users. You had to count the number of processor cores running Java (and license each processor)for servers.
For end-user desktops, you counted either each physical PC or each named user who could use Java (the “Named User Plus” metric).
An audit would inventory every machine and user. Now, under the 2023 model, Oracle doesn’t care about individual machines at all—they count employees. If Java is used anywhere in the organization, you are supposed to license the total employee count.
So, historically, it was a device/CPU headcount; today, it’s an HR headcount. This greatly simplifies counting (one big number rather than hundreds of server counts), but it also means that even one instance of use triggers needing to count everyone.
72. Q: Under the new model, do we have to count contractors and part-time staff as employees?
A: Yes. Oracle’s definition of “employee” for Java licensing is very broad. It includes full-time employees, part-timers, temps, and contractors who work on your internal operations.
Essentially, anyone who uses your systems in any capacity counts toward the number. (It doesn’t include your external end-customers; if you have a Java software product, it’s your internal workforce.)
So, if you have 100 full-time employees and 20 contractors, you’d have to license 120 people. Oracle doesn’t let you exclude the part-time intern or the contractors coding on-site – they’re all in the headcount.
73. Q: Does the employee-based license allow unlimited Java installations once we cover all employees?
A: Yes. Once you have licensed your entire employee count, you can deploy Oracle Java anywhere in your organization without worrying about counting machines. Whether you install it on 50 servers or 5,000, it’s covered as long as all employees are licensed.
The Universal Subscription is essentially an enterprise-wide license – one fee covers unlimited installations company-wide.
This is a benefit of the model: you don’t have to track every new VM or container running Java. If an auditor asks, you just show that you’ve licensed 100% of employees. (Of course, if your employee count grows significantly, you’re expected to true-up at renewal, but during the term, you’re covered for unlimited use.)
Third-Party Application Concerns
74. Q: Do we need a Java license if our third-party software includes Oracle Java?
A: It depends on the vendor’s agreement with Oracle. Some third-party software vendors have OEM or distribution licenses from Oracle that allow them to package Oracle’s Java with their product for your use. In those cases, the vendor has pre-paid Oracle (or otherwise arranged licensing), and you, as the end-user, don’t need a separate Oracle Java license for that product.
However, not all vendors do this. If the third-party software simply requires Java and tells you to install Oracle JRE, you are responsible for licensing it.
A good practice is to review the license documentation or ask the vendor: “Does your product license Oracle Java for us, or do we need to provide a licensed Java runtime?”
If they do not cover it, assume you need your Java SE subscription. Always get it in writing if a vendor claims Oracle Java is included under their license, so you have evidence in an audit.
75. Q: How can we tell if our software vendor’s product covers the Java licensing?
A: Check the documentation or license terms that came with the software. If Oracle Java is included, the vendor’s materials might explicitly mention something like “includes a licensed Oracle JRE” or “Java Runtime provided under Oracle OEM agreement.” Some vendors might also have an FAQ on Java licensing for their product.
If the paperwork is unclear, contact the vendor’s support or account rep and ask the question directly. Make sure to ask for confirmation in writing. If the vendor does have an Oracle Java distribution license, they should be able to provide a statement to that effect.
On the other hand, if they say something like “please install Java 8 on the server” and make no mention of a license, that’s a sign it’s on you.
In summary, vendor documentation and direct communication are ways to know – never assume; always verify.
76. Q: If a vendor requires Oracle Java, can we use OpenJDK instead to avoid licensing issues?
A: In many cases, yes. Most Java applications are compatible with OpenJDK since it’s the same underlying technology. If a vendor’s product documentation says it requires “Oracle Java,” you can often substitute it with an OpenJDK distribution (like Temurin or Corretto) and it will work fine.
Some vendors now explicitly support OpenJDK due to Oracle licensing changes. We recommend first testing the vendor’s software with OpenJDK in a dev environment. If it runs without issues, you can deploy with OpenJDK and not worry about Oracle licenses.
However, there are rare cases where a vendor might only officially support Oracle’s JDK, maybe due to specific bundled components or certification reasons. Even then, it’s worth pressing them, as many have adapted.
Using OpenJDK is a smart way to avoid needing an Oracle license for third-party apps, and it’s generally successful. Ensure your OpenJDK version is equivalent to the Oracle JDK version the app expects (e.g., both are Java 11, etc.).
Renewals and Contract Traps
77. Q: Can we still renew our legacy Java SE licenses (per processor or named user) after 2023?
A: Oracle’s official stance is that legacy Java SE Subscription customers may renew under the old metrics if their usage hasn’t increased and if their existing contract allows it.
In practical terms, this means: if you had, say, 100 Named User Plus licenses for Java SE from before, Oracle might let you renew that same quantity for another term, but only if you’re not using more than those 100 licenses cover. However, Oracle is trying to move everyone to the per-employee model.
They have been increasingly reluctant to extend the old agreements. They might do a one-time renewal as a courtesy or during a transition period, but you should expect that eventually you’ll have to switch to the Universal Subscription.
It’s wise to negotiate that upfront – if you get a renewal on the old model now, ask what happens next year. Oracle could refuse any further renewals on the old terms down the line.
78. Q: When our contract ends, will Oracle push us to the new per-employee subscription?
A: Almost certainly, yes. When your current Java license/subscription term expires, Oracle’s default position is that you should migrate to the Universal Subscription. Oracle has made it clear that the old pricing model is retired.
Their Java sales teams from 2023 onward are measured on selling employee subscriptions, so they will push that. We’ve seen Oracle sometimes offer a slight incentive (like a discount) to move a customer onto the new model at renewal, but essentially, they’ll say it’s time to switch.
Even if Oracle’s FAQ says you can renew the old way, they also note that the FAQ isn’t binding —meaning that when the time comes, they might simply say, “To renew, you must accept the new model.” Be prepared for that scenario and budget accordingly.
79. Q: What happens if we don’t renew our Java SE subscription at the end of the term?
A: If you let your Java SE subscription expire without renewal, you lose the right to continue using Oracle Java for commercial purposes. The day after your subscription ends, you technically should uninstall or stop using Oracle Java in production (unless it’s a version that happens to be free).
Oracle’s support and access to updates have also been terminated. Many companies plan a transition to coincide with subscription end – for example, switching to OpenJDK or another vendor, so they don’t have to renew.
If you don’t renew, you run unlicensed, but keep using Oracle Java. Oracle may have a few weeks’ grace period (and you might be able to backdate a renewal if you quickly change your mind), but there’s no guarantee. Also, Oracle’s compliance team often knows when a subscription isn’t renewed. It can trigger an audit or at least an inquiry afterward.
In summary, not renewing means you must remove/replace Oracle Java immediately upon expiry to stay compliant.
80. Q: What contract “traps” should we know in Oracle’s Java licensing agreements?
A: One trap is the definition of “employees.” As mentioned, it includes contractors, etc. If you’re not aware and undercount, Oracle can audit and find you in breach (they might even audit your HR records to verify headcount)
Another thing: if your workforce grows, you typically have to true-up at renewal – watch out for contract language around providing updated employee counts. Also, ensure the contract defines whether affiliates are included; Oracle usually includes all affiliates under your control, so you can’t exclude a subsidiary’s employees, for example.
There’s also the issue of auto-renewal or price increases – check if the agreement auto-renews and at what rate. Oracle might reserve the right to increase fees or require a new quote at renewal, meaning you could face higher prices later.
Additionally, note the clause that special rules apply if you exceed 50,000 employees or a huge number of processors (an odd edge case from the price list). Lastly, be aware of the audit clause itself—by signing the subscription, you agree to let Oracle audit you for compliance.
