Oracle Java Licensing and Audit FAQ Guide

Table of Contents

Oracle Java Licensing and Audit FAQ Guide

Oracle’s Java (Oracle JDK) licensing has evolved significantly in recent years, leading to many questions for IT decision-makers. This 60-question FAQ is organized into sections for clarity and provides concise, advisory answers with key points and examples.

The focus is only on Oracle’s Java (Oracle JDK), not OpenJDK or other third-party Java distributions.

Java Licensing FAQs

1. What is Oracle Java (Oracle JDK), and how is it different from open-source Java?

Oracle Java, often referred to as Oracle JDK, is Oracle’s official build of the Java platform. It is based on the open-source OpenJDK project but comes with Oracle’s branding, testing, and commercial licensing terms.

In contrast, open-source Java (OpenJDK or other builds like AdoptOpenJDK, Amazon Corretto, etc.) is available under open-source licenses without Oracle’s commercial restrictions.

Key differences include:

Licensing: Oracle JDK is subject to Oracle’s proprietary license agreements and potentially requires a paid subscription for certain uses, whereas OpenJDK is free under the GPL open-source license.
Support & Updates: Oracle offers long-term support, security patches, and updates for Oracle JDK (usually to subscribers). Open-source builds rely on community or vendor support for updates.
Features: Functionally, Oracle JDK and OpenJDK are the same (Oracle contributed most features to OpenJDK). However, Oracle JDK may undergo additional QA and include tools (like Mission Control) with Oracle support.
Example: An enterprise using Oracle JDK 11 in production must adhere to Oracle’s license (and likely needs a subscription), whereas using OpenJDK 11 in production has no Oracle licensing cost (but would require the company to manage updates independently).

2. How did Oracle’s licensing for Java change, starting with Java 8?

Oracle dramatically changed Java licensing with Java 8 (around 2019). Before 2019, Oracle Java was free for general use under the “Binary Code License (BCL).”

After January 2019, Oracle stopped providing free public updates for commercial Java 8 use.

Key changes introduced:

End of Free Updates (2019): Public updates for Java SE 8 after January 2019 were no longer free for business/commercial use. Businesses needed a paid Java SE Subscription to get updates and security patches for Java 8.
Subscription Model: Oracle introduced a Java SE Subscription for companies to pay for continued Java 8 (and later) updates and support. Java effectively went from being free for all uses to requiring payment for commercial use beyond certain versions or updates.
Impact on Users: Companies that had freely used Java 8 now had to either remain on old (unpatched) versions or purchase a subscription to stay up-to-date. This marked the transition of Oracle Java from a free runtime to a licensable product for enterprises.

3. What is the Oracle Binary Code License (BCL) for Java SE?

The Oracle Binary Code License (BCL) was the traditional license under which Oracle distributed Java SE up to Java 8 (for versions released before April 16, 2019).

Under the BCL:

Oracle Java was free to use on “General Purpose” computers (desktops and servers) without charge. This allowed the commercial use of Java runtime in general computing environments at no cost.
Certain use cases were restricted – for example, embedding Java in devices or software for resale (embedded or OEM uses) required a separate agreement. The BCL primarily covered typical internal use of Java.
The BCL is no longer used for new Java releases after 2019. It’s a legacy license; those older Java versions you downloaded under BCL can still be used under those original terms, but they no longer receive free updates.
In practice: If your organization runs Java 8 Update 202 (released before April 2019), which was obtained under the BCL, you can continue using it under that license. However, any later updates (post-April 2019) are not under BCL and require a different license (and likely a subscription).

4. What is the Oracle Technology Network (OTN) License for Java SE?

The OTN License (Oracle Technology Network License Agreement for Java SE) is the license Oracle introduced for Java 8 updates released after April 16, 2019, and for Java 11 (and certain later versions). This license is free for certain uses but restricts others.

Under the OTN License:

Free Permitted Uses: Personal use (e.g., at home for non-commercial purposes), development, testing, prototyping, and demonstration are free. In other words, developers can download Oracle JDK to write and test applications without paying, and individuals can use Java on their machines.
Restricted Uses (Commercial/Production): Any commercial use in production or use of the software as part of business operations requires a paid license (Java SE Subscription). The OTN license explicitly does not permit Oracle Java to run applications in production or for internal business needs without a subscription.
No Redistribution: The OTN license also prevents freely redistributing Oracle Java. Companies can’t include Oracle JDK/JRE in their products or images for customers unless those customers themselves are licensed or an OEM agreement is in place.
Summary: Consider the OTN license as “OK for development and personal tinkering, not for production without Oracle’s permission (subscription).”

5. What is Oracle’s No-Fee Terms and Conditions (NFTC) license for Java?

Oracle’s No-Fee Terms and Conditions (NFTC) license is a newer license introduced in September 2021 with Java 17. This license was a significant shift as it permitted free use of certain Oracle Java versions, even in production, for a limited time.

Key points:

Free Use of Latest Java (Initial Period): Oracle JDK 17 and later (including JDK 21) are provided under the NFTC license, allowing free use for all users, including commercial and production. Companies could deploy Oracle JDK 17 in production without paying Oracle during the NFTC period.
Time-Limited Updates: The NFTC license is not an indefinite free pass. Oracle provides free updates for those LTS versions only for a defined period. Java 17’s no-fee period lasted until September 2024 (about one year after the next LTS was released). After that, Oracle stopped providing free patches under NFTC.
Upgrade or Pay Model: The expectation is that once the free period ends, a user must either upgrade to a newer Java version (to stay on a free NFTC-supported version, e.g., move from 17 to 21) or purchase a subscription to continue receiving updates on the now older version. NFTC essentially encourages users to stay on the latest Java.
Coverage: NFTC applies to Oracle JDK 17, JDK 21, and future releases (including intermediate releases) while they are the currently supported version. It does not retroactively make older versions free. (Java 8 and 11 remained paid if used commercially).
Example: Oracle Java 17 was free from its release in 2021 through September 2024. After that, if your company wants to keep using Oracle JDK 17 and get critical security updates, you must start a Java SE subscription (or migrate to Java 21, which Oracle then offers under NFTC).

6. Why did Oracle introduce a Java SE Subscription model?

Oracle introduced the Java SE subscription model to provide commercial support and updates on offerings after moving away from the old free-update model.

As of 2019, Oracle started treating Java as a product that generates revenue via subscriptions. Reasons and context:

Monetizing Java Install Base: Oracle acquired Java (via Sun Microsystems) in 2010 and for years honored the free public updates. In 2019, Oracle saw an opportunity to monetize the large Java user base by requiring subscriptions for continued updates. This shift turned Java from “free runtime” into a subscription-based revenue stream.
Sustainability of Support: Oracle positions the subscription as a way to fund ongoing development, security fixes, and support for enterprise customers. Companies paying for Java SE Subscriptions get patches, bug fixes, and support assistance from Oracle.
Simplification and Compliance: Oracle’s subscription model makes it easier to enforce compliance (via audits) and ensures companies are either on the latest free version or paying if they stick with older versions. It also simplifies licensing for customers who need a clear right to use Java in production with support.
Frequent Releases: Java has a rapid release cadence (new versions every six months, LTS every few years). Oracle likely moved to subscriptions to encourage enterprises to constantly upgrade or pay for support, aligning with this faster cycle.
In short, the subscription was introduced as Oracle’s mechanism to charge for Java in enterprise environments after years of free use. It filled the gap when Oracle stopped free updates for Java 8 in 2019, providing a paid option for those who needed ongoing patches.

7. Is Java still free to use, or must we pay Oracle now?

Java (the platform) is still free and open-source at its core, but Oracle’s official JDK distribution is not free for long-term commercial use beyond certain conditions.

Here’s the breakdown:

Open-Source Java is Free: The OpenJDK project (and other vendors’ builds of OpenJDK) remain free to use, including in production. The Java language and specification are open – you don’t have to pay anyone to run Java if you use an open-source build.
Oracle’s Java is Conditionally Free: Oracle’s JDK can be used only for specific scenarios—for example, the latest LTS version during its NFTC period or for development/personal use under the OTN license. If you adhere to those conditions, you will pay Oracle nothing.
Paid for Long-Term/Older Use: If you want to use Oracle’s Java in production over the long term (especially older LTS versions like 8 or 11, or even 17 after the free window), you must pay for a subscription. Oracle Java is not “free forever” for businesses—it’s free for the latest version for now, but that free ride ends when payment is required.
Personal vs. Commercial: Java is still free for individual users running Java apps at home (Oracle’s OTN license permits that personal use). The need to pay arises in commercial contexts—i.e., companies running Java as part of their operations.
The bottom line is that Java as a technology is free (and you can always opt for free alternatives). However, if you choose to use Oracle’s Java binaries in your business beyond Oracle’s free usage terms, you should expect to budget for Java licensing.

8. Do I need a license to use Oracle Java in a business or commercial setting?

Suppose your organization uses Oracle’s Java (Oracle JDK) for business operations (servers, applications, etc.). In that case, you will likely need a license or subscription unless you strictly meet one of the free-use criteria.

In general:

Production Use = License Required: Using Oracle JDK to run applications in production or for any revenue-generating or internal business purposes requires a Java SE subscription (except when using a version under the NFTC free period). For example, running a web application on Oracle JDK 11 in your data center would require a license (since Java 11 isn’t free for production).
Older Versions (Java 8/11): Yes, you need a license. Oracle Java SE 8 and 11 (and anything earlier) require a subscription for commercial use today. Oracle stopped free use of those in 2019, so any business that uses them now is supposed to be licensed.
Latest Versions (Java 17/21): You do not need to pay for Oracle Java in production during its no-fee period. So you don’t need a paid license if you only use Java 17 (before Sept 2024 patches) or Java 21 (current LTS, free until at least 2026). However, once that period ends, continuing to use them without upgrading would require a license.
Development/Test Use: If you’re only using Oracle Java in non-production (dev/test), you technically do not need a paid license (the OTN license covers that), but be very careful that those environments don’t also serve any production purpose.
Rule of Thumb: If your use of Oracle Java is anything other than the most current free version or pure non-prod, assume a license must be compliant. Many companies choose to err on licensing or use alternatives to avoid doubt.

9. Which uses of Oracle Java are free versus require a paid license?

Oracle’s licenses carve out certain free-use cases for Oracle Java, while other uses mandate a subscription.

Here’s a summary:

✅ Free under OTN license:
- Personal use: Running Java for games or personal applications on your computer.
- Development and testing: Internal use by developers to write and test applications. (E.g., a QA server running Oracle JDK to test an app is allowed without a fee.)
- Demonstrations or prototypes: Showing a prototype to a client or an internal demo using Oracle Java is allowed.
- Oracle-approved product use: Using Java solely to run another Oracle product you licensed (Oracle calls this “Oracle Approved Product Use” – Java is included for that purpose). For example, if you run Oracle WebLogic Server (which includes Java) strictly for that product’s use, you don’t need a separate Java license.
- Oracle Cloud use: Running Java on Oracle Cloud Infrastructure services you subscribe to is covered under “Oracle Cloud Infrastructure Use” – effectively included as part of Oracle Cloud.
🚫 Requires a Paid License (Java SE Subscription):
- Production use for internal business: Any Oracle JDK running business applications in production (web services, backend jobs, desktop apps for employees) outside the free NFTC versions.
- Older Java versions in use: Oracle Java 8, 11, etc., in production, require a subscription (since their free update terms expired).
- Commercial redistribution: Embedding Oracle Java in a product you distribute or a service you sell to customers requires a commercial agreement. Standard Oracle licenses (BCL/OTN) don’t allow third-party distribution.
- Continued use of LTS after the NFTC period: If you stay on an Oracle JDK LTS after Oracle’s free support window closes (e.g., continue using JDK 17 with updates in late 2024+), you need a subscription unless you upgrade promptly.

Always double-check the exact license terms for the Java version you’re using. Oracle’s Java licensing FAQ and documentation clearly outline allowed vs. disallowed uses.

When in doubt, assume a commercial subscription is required for any business-critical deployment of Oracle Java.

10. What are the different Oracle Java license types I should know about?

Oracle has used three main licensing schemes for Java SE over time:

Oracle Binary Code License (BCL): The legacy license for Java SE used for versions and updates released before April 2019. BCL allowed free use of Java for general purposes on PCs and servers. No new Java versions use BCL now, but if you have older Java under BCL, that license still governs those copies.
Oracle Technology Network License (OTN) for Java SE: Introduced with Java SE 11 and applied to Java 8 updates after 2019. This license is free only for certain uses (personal, development, etc.) and excludes production use without a subscription. Java 8 Update 211+ and Java 11 (and later, up until NFTC was introduced) fall under OTN for general availability downloads.
Oracle No-Fee Terms and Conditions (NFTC): This license, launched with Java 17 (2021), allows free use of Oracle JDK in production but only for the current Java version and a limited support period. It covers Java 17, Java 21, and beyond (while they are the latest). After the free period, continued use requires moving to the next version or obtaining a subscription.

Additionally, in the commercial realm:

Java SE Subscription Agreement: This isn’t a “license type” for a download, but rather a commercial contract you enter with Oracle to get support and the rights to use Java in production. It works alongside the above – e.g., if you have a Java SE Subscription, you can use Java 8 under an extended support license via Oracle’s support site (My Oracle Support) beyond what the public OTN download allows.

Understanding these is important for compliance. For instance, you might download Java 11 under the OTN license (which lets you test it), but to run it in production, you’d need the Java SE Subscription (a commercial entitlement).

Oracle’s “free” NFTC license for new releases is an exception to entice users to the latest version, but it expires regarding updates.

Version-Specific Java Licensing (Java 8, 11, 17, 21)

11. Is Oracle Java 8 free for commercial use?

Oracle JDK 8 is no longer free for commercial use beyond certain older update levels. Java 8 was the last version under the free BCL for many years, but Oracle ended free public updates in January 2019.

Here’s the situation:

Older Java 8 Updates: If you are running Java SE 8 Update 202 (the last public update in Jan 2019) or earlier, those were obtained under the BCL and can be used under that license without additional cost. However, they are outdated and not getting security fixes.
Java 8 Updates after 8u202: Oracle Java 8 Update 211 and above were released under the OTN license (not for free commercial use). A Java SE Subscription is required to use those (or to get any security updates for Java 8 after 2019). Oracle provides those newer updates only to paying customers (via My Oracle Support).
Running Java 8 in Production Today: If your company is still running Oracle Java 8 in production and you have no subscription, you are likely out of compliance if you have installed patches beyond 8u202. Even if you stayed on 8u202, you wouldn’t have needed to pay, but you would have had severe security risks (since many critical patches have been issued since).
Free for Personal/Education Use: Oracle allowed Java 8 to remain free for personal (consumer) use on desktops and for educational use until December 2020. However, it’s been paid only for commercial/business use since 2019.

In summary, Java 8 is no longer free for businesses. Companies must purchase a Java SE subscription to legally use updated Oracle Java 8 versions in production with security patches.

12. What changed after 2019 for Java 8 public updates?

Oracle Java 8 reached its “End of Public Updates” for commercial users in January 2019. The changes were:

No Free Updates for Business: After that date, Oracle stopped offering new Java 8 updates for free to commercial users. Updates were still made (for security issues, etc.) but delivered to paying customers through Oracle’s support channels.
License Change: The download page for Java 8 updates after April 2019 is governed by the OTN license, which, unlike the old BCL, does not allow unrestricted commercial use. Essentially, Oracle changed the terms so that running those newer builds in production without a subscription violates the license.
Extended Free Use for Personal: Oracle continued to provide Java 8 updates free for individual home users (for a while) and certain environments (Oracle Cloud, etc.), but businesses lost the free entitlement. Oracle’s FAQ explicitly notes that uses which were free under prior licenses “may no longer be available” under the new license.
Subscription Introduction: Simultaneous with ending free public updates, Oracle rolled out the Java SE Subscription service. Companies that needed to stay on Java 8 (for application compatibility) were expected to buy subscriptions to get updates and remain supported.

Practical effect: Before 2019, you could just download the latest Java 8 JRE/JDK and install it in your company. After 2019, doing so (beyond 8u202) without a support contract is a compliance risk. Many organizations froze their Java 8 at the last free release or migrated to OpenJDK builds of 8 to avoid fees.

13. Does Oracle Java 11 require a paid license?

Yes. Oracle JDK 11 requires a paid license (subscription) for commercial or production use. Unlike Java 8, which had a long period of free use before 2019, Oracle Java 11 was never free for production from its release in 2018.

Details:

No Free Long-Term Support: Oracle initially treated Java 11 as a commercial product. Oracle JDK 11 downloads are under the OTN License—free for dev/test/personal but not for running in production. There was no overlapping “BCL” period when 11 was free for businesses.
Subscription Needed: Organizations need a Java SE subscription to use Oracle JDK 11 in production. If a company runs an application on Oracle Java 11 (as opposed to an OpenJDK 11) without a subscription, that violates Oracle’s terms.
Updates and Patches: Oracle continues to release Java 11 updates (as it’s an LTS) but only through My Oracle Support for subscribers. Publicly, Oracle provides OpenJDK 11 updates (open source) but not Oracle JDK 11 updates for free.
Alternative for Free Use: The only way to use Java 11 for free in production is to use an OpenJDK-based distribution (like AdoptOpenJDK, Amazon Corretto, etc.), which is not Oracle-licensed. Oracle’s distribution of 11 always carried the restriction for commercial use.

In short, if you download Oracle JDK 11 and deploy it in your business environment, you’re expected to pay for it (unless it’s strictly for development purposes). Oracle Java 11 is a paid product for enterprises, not free like Java 8 used to be.

14. Can Oracle Java 11 be used for free in any scenario?

Oracle Java 11 can be used for free only in limited, non-production scenarios as allowed by the OTN license – for example:

Development and Testing: Developers can write and test code on Oracle JDK 11 without a fee. A QA server running tests on Java 11 is allowed (as long as it does not serve end-users).
Personal Use: An individual can run Java 11 applications on their machine (say a game or a personal project) without paying Oracle.
Academic or Teaching: Although Oracle doesn’t have special education terms, using Java 11 in a classroom or for learning (not for the institution’s production systems) would fall under development/personal use, which is allowed.
Demonstration: You can demonstrate a software product to a client on Java 11 or prototype something internally without a subscription.

All these uses are essentially non-revenue-generating, non-production contexts. Moving Oracle Java 11 into a server or an application part of your business operations is no longer free. At that point, Oracle expects you to have a Java SE subscription.

It’s worth noting that Oracle did not provide a free LTS period for Java 11 like they later did for 17. Companies had to choose between paying Oracle or using OpenJDK 11 from day one if they wanted Java 11 in production. Many opted for OpenJDK builds to avoid license fees for Java 11.

15. Is Oracle Java 17 free for commercial use?

Yes—Oracle Java JDK 17 was initially free for commercial use under Oracle’s “No-Fee Terms and Conditions” (NFTC) license. Released in September 2021, it could be used in production without paying fees, which shifted Oracle’s strategy.

Key points:

NFTC Free Period: NFTC covered Oracle Java 17, which allowed anyone (individual or company) to use it for any purpose (including production) without cost until the end of its designated free support period. For JDK 17, this free update period lasted until September 2024.
During Free Period: Between 2021 and 2024, companies could deploy Oracle JDK 17 on servers and client devices and receive all the updates Oracle released for JDK 17, all for free. This was Oracle “making Java free again” (temporarily) to encourage upgrades.
Conditions: The NFTC license had some conditions (for example, it’s only for the Oracle JDK itself; it doesn’t allow you to, say, fork and modify it – but most users wouldn’t do that anyway). Importantly, if you were already under a paid support contract for older Java, using NFTC JDK 17 might have complexities (Oracle’s FAQ notes NFTC is meant for those without existing support contracts). But from a usage standpoint, it was free.
After Free Period: It’s crucial to note that after the free period ended (post-Sept 2024), continuing to use Oracle JDK 17 with newer updates would require a subscription. Oracle stopped giving out free JDK 17 updates after that time. So, as of 2025, it’s no longer free to get an up-to-date Oracle JDK 17.
Conclusion: Oracle Java 17 was free for a while, which helped many organizations skip license fees by jumping to 17. But this free status isn’t permanent – it’s a window during which Oracle forgoes charges. As of now (2025), the free window for 17 has closed, so further use should be reevaluated (either upgrade to Java 21 or get a subscription).

16. How long can we use Oracle Java 17 for free under Oracle’s terms?

Oracle allowed all users to use Java 17 for free until September 2024.

Specifically:

Free Updates Until Sept 2024: Oracle provided security updates and patches for JDK 17 at no charge from its release (Sept 2021) through Sept 2024. That three-year window was the NFTC free support period for Java 17.
End of Free Period: After Sept 2024, Oracle JDK 17 updates are no longer published for free. Oracle’s Java SE Licensing FAQ confirms that releases of Java 17 after that date are only available to customers (with support contracts) or under the OTN license for limited use. In other words, post-17.0.12 versions require a subscription if you need them.
Using Existing 17 Version: If you already have the last free release of JDK 17 (say 17.0.8 or whatever was out by Sept 2024), you can continue to use that binary indefinitely under the NFTC terms. The license doesn’t retroactively vanish. However, you won’t get any more updates without paying.
Recommendation: Oracle suggests that users move to the next LTS (Java 21, in this case) by the time the free period ends, which will then be under NFTC. This “leapfrog” approach is Oracle’s suggested path to remaining free, but it involves upgrading Java in your environment at least every few years.

So, practically, Java 17 was free for about 3 years. Beyond that, free usage is still allowed on your older build, but running an outdated Java in production is risky. To get new fixes on Java 17 after 2024, one must either purchase a subscription or upgrade to a newer Java version.

17. What happens when Oracle’s free period for Java 17 ends?

When the no-fee period for Java 17 ended (Sept 2024), organizations using Oracle JDK 17 faced a decision:

Stop Getting Updates: Oracle stopped releasing public updates for JDK 17. If you do nothing, your Java 17 installations will not receive further security patches. You can technically keep running the last free version, but vulnerabilities won’t be fixed. This is a security/compliance risk over time.
Purchase a Subscription: You must transition to a paid Java SE Subscription to continue receiving Oracle’s Java 17 updates and support beyond the free period. By paying, you regain access to new patches (Oracle has continued making Java 17 updates for its customers since 2024, but they are behind a support login).
Upgrade to a Newer Java Version: Oracle released Java 21 (the next LTS) in 2023 under NFTC. Oracle’s strategy is to encourage users to upgrade to Java 21, which remains free. Upgrading your applications to JDK 21 (or later) allows you to stay on a free-supported version and avoid a subscription.
Hybrid Approach: Some companies might keep running Java 17 for stability but mitigate risk by isolating those systems while planning an upgrade. However, if an audit occurs, Oracle would consider those Java 17 uses after the free period as unlicensed (unless you bought support).

In summary, after the free period ends, using Oracle JDK 17 in production without a license becomes like using Java 11 or 8 – not allowed under Oracle’s terms. You either pay Oracle for continued support or migrate away (to a newer version or a non-Oracle JDK). It’s a ticking clock that Oracle sets to push users to make a decision.

18. Is Oracle Java 21 available for free use?

Yes. The No-Fee Terms and Conditions license also provides Oracle JDK 21 (released September 2023, an LTS version). It is free for all users, including those in production, during its initial support period.

Key points for Java 21:

Free Use at Launch: Oracle permits free commercial use from the release of Java 21 in 2023. Companies can deploy JDK 21 without needing a subscription or paying fees, just like JDK 17 was allowed.
Updates Included (Initially): Oracle will provide updates and security patches for JDK 21 for free for a certain time. Per Oracle’s roadmap, JDK 21’s NFTC free updates are expected through at least September 2026 (since Oracle typically gives until one year after the next LTS, which might be JDK 25 in 2025).
Same Conditions as 17: The NFTC license conditions (can’t redistribute, no guarantees, etc.) apply, but those don’t affect normal use. Any Java 21 update Oracle releases up to the cutoff can be used freely.
Transition after Free Period: It’s anticipated that after a set date (likely a year or so after Java 25 comes out), Oracle will require a subscription for further JDK 21 updates. But that’s a few years out; now, Java 21 is “the latest free Java” from Oracle.

In practice: If you’re starting a new project in 2024/2025, using Oracle JDK 21 is a safe choice license-wise – you won’t incur Oracle licensing costs during its free term.

Just watch Oracle’s announcements around when that free support ends so you can plan an upgrade or subscription.

19. Will Oracle Java 21 eventually require a subscription?

Yes, most likely. Based on Oracle’s current policy, Java 21’s free period is not indefinite.

We can expect that:

Free Period Ends: Oracle will announce an end to free updates for Java 21, likely around one year after the next LTS (Java 25) is released. If Java 25 comes in September 2025, Oracle might continue free JDK 21 updates until September 2026. After that, there will be no more free patches.
Subscription Needed Post-Free: Once that cutoff is reached, any further use of Oracle JDK 21 requiring new patches would require a Java SE Subscription (or whatever support model exists). In other words, like Java 17 now, Java 21 will transition into a paid support phase.
OTN for Older 21 Releases: Oracle could make older Java 21 downloads available under an OTN-type license for dev/test only and reserve new customer builds. (This is what they did for Java 17 after its NFTC period ended – new releases went to support customers, while OTN allows continued dev use of older builds.) So, production use effectively becomes a paid privilege.
Encouraging Upgrade: Oracle’s plan is presumably to have users move to Java 25 (LTS) once it’s out and free, and then Java 21’s subscription requirement would push that behavior.

So, while you don’t need a subscription for Java 21 today, you should anticipate budgeting for one or planning an upgrade strategy a few years later. Oracle has set the pattern: each LTS is free for a while, then paid or moved on.

20. What about Java versions like 9, 10, 12, and 16—are they free or supported?

Java 9, 10, 12, 13, 14, 15, and 16 were non-LTS (short-term) releases.

Here’s what to know about them:

Short Support Cycle: Oracle supported these versions until the next release (roughly a 6-month window). Oracle did not offer long-term support for them. For example, Java 9 and 10 came and went in 2017-2018, and Java 12–16 came between 2019 and 2021 between LTS versions.
Licensing: Oracle JDK 9 and 10 were released under the BCL (and then their life ended before the big license change). Java 12–16 were under the OTN license (since they followed Java 11’s model). Oracle did not create NFTC for those because NFTC was introduced only at Java 17. However, notably, from Java 17 onward, even the non-LTS (18, 19, 20) are also under NFTC. So:
- Java 12–16: A subscription is required for production if you used Oracle JDK since they fell in the 2019–2021 OTN era (though most people didn’t use these in production; they likely skipped to LTS or used OpenJDK).
- Java 18, 19, 20: These were non-LTS after NFTC was introduced, so Oracle JDK 18/19/20 was free under NFTC, too. But they are obsolete now (there were no updates once their six-month life ended).
Current Status: None of these intermediate versions are receiving updates from Oracle. Suppose you are running Java 13 or 15 in production. In that case, you’re on your own – Oracle would tell you to upgrade to an LTS or subscribe to a support contract (though officially, Oracle’s support contracts only cover LTS versions).
Use in Production: Generally, enterprises avoid deploying non-LTS versions in production because they become unsupported so fast. If anyone did, they likely treated them like a “trial” and then moved on. There’s no free support for them beyond their short life, and they’re not covered by long-term Oracle support (unless you have a custom support contract).

Recommendation: Stick to LTS versions for production (Java 8, 11, 17, 21, etc.) because they have clear support roadmaps. Given their ephemeral support and varying license terms, non-LTS versions should be used only for experimenting with new features, not for stable production systems.

21. Which Java version should our organization use to minimize licensing issues?

To minimize Oracle licensing costs and compliance headaches:

Use the Latest LTS under NFTC: Adopting the latest Oracle Java LTS version (currently Java 21) allows you to run Oracle’s JDK for free during its no-fee period. This gives you a few years of free usage and security updates. Plan to upgrade to each new LTS as it comes out (every 2-3 years) to stay within a free support window. This strategy avoids subscription costs but requires regular maintenance of Java upgrades.
If Stuck on Older Version, Consider Subscription or Alternatives: If your applications require Java 8 or 11 and can’t easily upgrade, you have two main choices – purchase a Java SE subscription to stay compliant and get updates, or migrate to an open-source Java build (like Temurin/Adoptium, Amazon Corretto, etc.) for those versions to avoid Oracle fees. The latter avoids Oracle licensing, but you’d handle updates yourself (the community provides builds).
Avoid Using Oracle JDK if Not Necessary: Many organizations choose to standardize on OpenJDK builds across all Java versions, eliminating Oracle licensing concerns. If licensing risk is a big issue, this might be simpler: you use Oracle JDK only if you need Oracle’s support.
Stay Informed on License Changes: Oracle’s policies can change (as seen with the introduction of NFTC). Make sure to follow Oracle’s Java SE Support Roadmap. For example, know when the free period ends for your version and have a plan (either upgrade or budget for a subscription).

Example scenario: A company currently using Java 11 could upgrade to Java 17 or 21 to qualify for NFTC free usage, thus sidestepping immediate costs. If that’s too difficult, they might switch to an OpenJDK 11 distribution to remain secure without Oracle.

The key is to either be on a “free” Oracle version or not on Oracle’s distribution to avoid being caught in an unlicensed audit.

Java SE Subscription & Pricing Models

22. What is the Oracle Java SE Subscription?

The Oracle Java SE Subscription is a paid offering from Oracle that provides licensing and support for Java SE.

When you have a Java SE Subscription, you are entitled to:

Use Oracle Java in Production: The subscription grants you the right to use Oracle JDK on desktops, servers, or the cloud for commercial purposes (essentially covering the license requirement).
Access to Updates & Patches: Subscribers access the latest Java SE updates, including security patches, for all supported versions (Java 8, 11, 17, etc.) via Oracle’s support portal. This means you can keep your Java installations up-to-date beyond the public free periods.
Support Services: You can file support tickets with Oracle for Java issues. As part of the subscription, Oracle provides 24/7 support, helps diagnose problems, and more.
Tools: In the past, certain management tools (like the Advanced Management Console for managing Java usage in an enterprise) and commercial features (flight recorder, etc.) required a subscription. Those features are included under the subscription terms if you need them.

Java SE Subscription is Oracle’s “pay-as-you-go” plan to legally run Java in a business. Instead of a one-time license, it’s a recurring monthly fee per usage metric (which we’ll discuss below).

This model started around 2018 for Java 8 and 11 users and has since evolved into the current “Java SE Universal Subscription.” It ensures your organization is compliant and supported.

23. How was Oracle Java licensed before the Java SE Subscription (legacy model)?

Before the introduction of the subscription model, Oracle Java (for commercial support) was sold much like Oracle’s other software, using traditional license metrics:

Per-Processor Licensing: Oracle offered licensing per CPU/processor for Java running on servers. For example, Java SE Advanced used to be priced per processor. Under the old pricing, a common figure was ~$25 per monthly processor for Java SE on servers.
Named User Plus (NUP) Licensing: Oracle had a “Named User Plus” metric for desktop or individual usage – essentially per named user or per device. In earlier pricing, Java SE Desktop was $2.50 per monthly user. NUP meant every user who could use Java on a device must be counted.
Java SE Advanced/Advanced Desktop: Oracle also had more premium offerings (Java SE Advanced, Java SE Suite) that included mission-critical features (like Flight Recorder and JRockit features back then). These were licensed similarly by NUP or CPU but at higher prices.
Perpetual Licenses + Support: Initially, Oracle sold perpetual licenses for Java SE (with a one-time fee and annual support). However, they moved away from that to the subscription-only modelafter some time.

Legacy licensing was a bit complex. You had to count how many processors your Java was running on or how many users/machines had Java and buy the appropriate licenses.

As of January 2019, Oracle shifted to the simpler subscription model, and in 2023, they shifted again to an employee-based model, retiring the old metrics.

24. What is the Java SE Universal Subscription introduced in 2023?

The Java SE Universal Subscription is the updated Oracle Java subscription plan launched in January 2023. It replaced the previous Java SE Subscription offerings.

Its key characteristics:

Employee-Based Metric: Instead of counting devices or processors, the Universal Subscription uses an “Employee” count metric. You pay a fee for each employee in your organization (with a broad definition of employee). This fee covers your entire company’s right to use Oracle Java on any number of devices.
Unified Desktop/Server: The subscription is “universal,” meaning one subscription type covers both server and desktop Java use. In the past, there were separate “Java SE Desktop” and “Java SE (Server)” subscriptions; now it’s one model for all environments. This simplifies licensing – no need to differentiate between a server JVM and a developer’s PC, for instance.
Replaced Older Licenses: As of Jan 23, 2023, Oracle stopped selling the old per-user or per-processor Java subscriptions to new customers. Existing customers of the old model can renew under certain conditions, but the Universal Subscription is the go-forward offering.
Comprehensive Support: The Universal Subscription includes support for all Java SE versions that Oracle still supports (8, 11, 17, etc.) and any Java SE “commercial features” that used to be separate. One subscription to rule them all—hence “Universal.”

The introduction of this model has significant cost implications for some (especially large organizations, since it’s per employee). It was Oracle’s way of further simplifying (and, for many, increasing) Java licensing fees by tying them to company size rather than specific usage.

25. How does the new Universal Subscription differ from the old Java SE?

The new Java SE Universal Subscription differs from the legacy subscriptions in a few key ways:

Metric (Employee vs. Device/User): The biggest change is shifting to an employee-based metric. The old model required counting each server (processor) or user device. The new model says, “How many employees do you have?” and charges based on that number. Even if only 100 out of 1000 employees use Java, you still pay for 1000 under the new scheme. It greatly simplifies counting but can raise costs for wide organizations.
Unified Rights: Previously, you might have had one license type for servers and another for developer desktops. The Universal Subscription covers all uses uniformly. No matter where Java is deployed (on a PC, VM, cloud instance, etc.), you’re covered if you’ve licensed all employees. This eliminates worrying about tracking installations – installation is legal as long as everyone is counted.
All Features Included: The Universal Subscription includes what used to be separate “Java SE Advanced” features (like Flight Recorder and Mission Control). Oracle folded everything into one subscription, so there’s no separate tier for advanced monitoring or management—it’s all part of the package.
Cost Structure: The pricing per employee has tiers (volume discounts), whereas the old model had separate prices for desktop and server. For some companies, the cost could be higher; for others, it could be simpler. For example, a company with many occasional Java users might pay more now, whereas one with heavy server use but few employees might pay less under the new model.

In summary, the Universal Subscription is simpler but broader. You don’t count where Java is installed; you count everyone on your payroll. It’s a one-size-fits-all model versus the granular legacy approach.

26. How does Oracle’s employee-based Java licensing model work?

Oracle’s employee-based model means you must license all your employees, not just those directly using Java. Oracle’s definition of “Employee” is broad:

Who counts as an Employee: All full-time, part-time, temporary, and seasonal employees of your company and any contractors or outsourcers that work for you in any capacity that uses your systems. Essentially, if a person works for your company (directly or indirectly), they count.
Counting method: When signing the subscription, you take the total number of employees (and qualifying contractors). That becomes the number of licenses. If your company has 5000 staff, you need 5000 licenses, even if only 100 are working with Java. (Oracle generally does not require you to true up if headcount grows during the term, at least until renewal time, but the contract locks the number at the purchase date.)
All-Inclusive Usage: Once you’ve licensed all employees, you can deploy Oracle Java on any number of machines enterprise-wide. Whether it’s 10 servers or 10,000, it’s covered. No need for tracking per installation. This can be convenient if you have ubiquitous Java usage; you no longer have to worry about counting devices.
Contractual Obligation: Because you must certify your employee count, Oracle might audit your HR records if they suspect undercounting. “Employee” excludes third-party end-users (like your customers) but includes everyone working for your organization.
Renewal/Recount: At renewal, you might have to declare current employee counts again or reaffirm the count. Theoretically, if your headcount drops significantly, you might negotiate a lower count at renewal, but typically, the agreement is for a set number.

This model is straightforward (no complex usage tracking) but costly for large companies where many employees don’t directly use Java. Essentially, Oracle ties Java cost to company size, not actual Java usage.

27. How much does Oracle’s Java SE Subscription cost?

The Java SE Universal Subscription cost is based on the number of employees and is priced per employee per month. Oracle’s public price list (as of 2023) gives an idea:

Base Price: $15 per employee per month for smaller organizations (up to 999 employees). This is the highest tier price.
Volume Discounts: The price per employee goes down as the employee count increases. For example:
- 1,000–2,999 employees: ~$12 per employee/month.
- 3,000–9,999: ~$10.50 per employee/month.
- 10,000–19,999: ~$8.25 per employee/month.
- 20,000+ employees: as low as $5.25 per employee/month (per Oracle’s reference).
Annual Billing: Oracle typically sells this as an annual subscription (you might pay for a year or multiple years up front). So at the base price, one employee is $180/year. A company of 1000 employees might pay on the order of $180k/year at list price (before any negotiated discount).
Negotiation: Large enterprises often negotiate discounts off list. Also, if you have an ELA (enterprise license agreement) with Oracle, Java may be included or discounted as part of a bigger deal.

It’s important to note that these costs can be substantial. For example, a 10,000-employee company at $8.25/emp/month would pay roughly $990k per year for Java. This dramatic cost is why some businesses reconsider their Java usage or explore alternatives. Always check the latest Oracle price list PDF for exact tiers, as they can update pricing.

28. How do I calculate the number of licenses under the employee metric?

Calculating licenses under the employee-based model involves determining your total headcount:

Count All Employees: Include all your organization’s full-time, part-time, and temporary employees. If your company has subsidiaries or affiliates, the contract will specify if they are included. Generally, if those entities use Oracle Java under the same agreement, their employees count too.
Include Contractors & Agents: Oracle’s definition also includes contractors, consultants, and outsourcers performing work that uses the software. So, if you have 50 contractors developing software or maintaining systems (even if they are not on your payroll), they should be added to the count.
Example Calculation: If you have 900 full-time staff, 100 part-time, and 50 contractors, your total “employees” for licensing might be 1,050. You’d then procure 1,050 Java SE Universal Subscription licenses. Oracle would likely charge the tier 1,050 falls into (in this case, possibly the $12/emp/month tier, since it’s just over 1000).
One License per Employee: In this model, you don’t differentiate by role or usage. An employee who never touches Java and works with it daily counts equally as 1.
No Double Counting: Each person counts once. If an employee uses Java on multiple devices, you still count the person, not the devices. Conversely, an employee who doesn’t use Java still counts as one – usage doesn’t matter for the count.

Once you have the number, multiply by the per-employee rate to estimate the cost. To ensure compliance, it’s wise to get clarity from Oracle on how they define the count in your contract, especially for edge cases (consultants, seasonal workforce, etc.).

29. Can I still use the older Java SE licensing (per processor or user) instead of the new model?

For new purchases, Oracle no longer offers the old per-processor or per-user Java SE Subscription to new customers as of January 2023. The Universal Subscription (employee metric) is now the standard.

However:

Existing Contracts: If your organization already had a Java SE Subscription or Java SE Desktop Subscription before the change, Oracle has allowed renewals “to the extent permitted in the existing order”. If you paid for 100 NUP licenses and 10 processor licenses, you might renew that same quantity again, but only if your usage hasn’t grown. Oracle wants to move everyone to the new model so that they may be strict on not increasing legacy license counts.
Limited Time: Over time, Oracle may phase out even renewals of the old model. Eventually, everyone might have to transition to employee metrics upon contract expiration.
No Mixing for New Needs: If you suddenly need more Java licenses or never had any, you can’t buy the old-style licenses. You’d be quoted the employee-based subscription. Oracle basically “froze” the legacy model for those already on it.
ULAs or Enterprise Deals: Some companies had enterprise agreements that include Java (Java could be included in an Unlimited License Agreement, for example). Those are case-by-case, but generally, new broad agreements will likely use the new metric, too.

In summary, unless you’re grandfathered in under a prior deal, the choice of metric isn’t yours – Oracle moved Java to a subscription model based on employees. If you’re on an old metric and it’s advantageous, try to renew it as long as possible, but be prepared for Oracle to eventually push a transition.

30. Does the Java SE Subscription cover all Java versions (Java 8, 11, 17, etc.)?

Yes. A Java SE Subscription (including the new Universal Subscription) provides rights and support for all Oracle Java SE versions that Oracle supports:

Java SE 8: Subscribers can download the latest Java 8 updates (through at least 8u361 and beyond) from My Oracle Support and use them legally. Without a subscription, those updates aren’t available for commercial use.
Java SE 11: A subscription gives access to all Oracle JDK 11 updates. Oracle typically supports LTS versions for many years (Java 11 support runs until at least 2027 for premium support). Subscribers get those patches.
Java SE 17: Subscribers get updates even after the free NFTC period. However, customers with subscriptions will only receive new JDK 17 buildsafter September 2024.
Java SE 21 (and future): While 21 is freely available now, a subscription also covers it. If a company prefers to be on contract for compliance, it can pay and get the same bits (and it will continue to get 21 updates after the free window closes).
Older Java (6,7): Oracle no longer publicly supports Java 6 or 7, but extended support might be available for an extra fee. Java SE Subscription mainly covers currently supported releases. However, you can use a subscription to access the Java archive for old versions and use them under support if needed (with the understanding they’re outdated).

In essence, one subscription lets you deploy any mix of Java versions needed in your environment. It’s not version-specific.

Many firms have legacy apps on Java 8 and newer services on Java 17 – one Java SE Subscription covers both, including all the updates for those versions.

31. What happens if I don’t renew my Oracle Java subscription?

If you choose not to renew an Oracle Java SE Subscription at the end of its term:

Loss of Update Rights: You lose access to Oracle’s updates and patches on the support portal. You won’t legally have the right to download or apply any new Java fixes released after your subscription lapses.
License Termination: Critically, Oracle’s subscription terms indicate that your right to use the Oracle software ends when the subscription ends. Unlike a perpetual license, a subscription is more like renting—if you stop paying, you are supposed to stop using the software. Continuing to run Oracle JDK in production without an active subscription could put you out of compliance (unless that version is free/NFTC at that time).
No Support: Once you’re not a customer, you can no longer file support tickets or get help from Oracle for Java issues.
Practical Impact: Many companies are deciding not to renew their plans to uninstall or replace Oracle JDK installations with OpenJDK or another solution at the end of the term. For example, suppose your Java subscription ends in December, and you don’t want to renew. In that case, you should ensure that all Oracle JDK instances are removed or switched to an alternative (or moved to a free Oracle JDK version, if applicable) by January.
Renewal Grace: Oracle might have a grace period or allow backdated renewal if you change your mind shortly after expiry, but that’s not guaranteed. It’s better to plan.

In summary, non-renewal means you shouldn’t keep using Oracle Java in production (unless it’s one of those versions Oracle currently offers for free). If you keep using it, you won’t get fixes, and you could face compliance issues if Oracle audits you after your subscription expires.

32. Are there any special licensing terms for educational institutions or non-profits?

Oracle does not provide free or reduced-cost Java SE licenses for educational, non-profit, or research institutions. The licensing and subscription costs apply uniformly. Important points:

No Edu/Non-Profit Exemption: Unlike some software vendors, Oracle treats Java the same for all commercial entities, including universities and non-profits if they’re using Java in operations. A university running Oracle JDK on its servers for internal systems is expected to have a subscription like any company.
Personal/Educational Use vs. Institutional: There’s a distinction between a student or teacher using Java on their personal machine (which is personal use, free under OTN) and the institution deploying Java. If a professor installs Oracle JDK on a lab server that students use for coursework, is that personal or institutional? It leans towards institutional, so technically, it is not covered by the personal use allowance. Many educational institutions use OpenJDK or purchase a subscription if needed because Oracle doesn’t waive licensing.
Possible Oracle Programs: Oracle sometimes has outreach or grant programs, but nothing official in the Java licensing policy gives a discount. Negotiating with Oracle reps would typically be required; there’s no public price list category for “academic” at a lower price.
Non-profits: Similarly, non-profits are treated as businesses in terms of licensing. They must comply with the same rules. There’s no automatic discount for charities or NGOs in Oracle’s standard Java licensing.

So, if you’re an educational or non-profit organization, plan for Java licensing like any other organization. Oracle’s stance is that the Java SE Subscription is also required for those entities’ production use, without special exceptions.

33. Can I use Oracle Java for free on Oracle Cloud or with my licensed Oracle products?

Oracle provides some allowances where Java can be used without additional license if it’s in the context of other Oracle services or products:

Oracle Cloud Infrastructure (OCI): If you run your workloads on Oracle’s cloud, Oracle permits using Oracle Java on those cloud services as part of the cloud service agreement. Specifically, the OTN license defines “Oracle Cloud Infrastructure Use” as allowed. If you spin up an Oracle Linux VM on OCI and use Oracle JDK, you don’t need a separate Java subscription – it’s included while you pay for the OCI service. (This does not apply to other clouds like AWS/Azure – only Oracle’s cloud).
Included with Oracle Products: Many Oracle enterprise products that require Java come with a Restricted Use Java SE license. Oracle has a list of ~100 products that “include a Java SE license” for use with that product. For example, Oracle WebLogic, Oracle Database tools, Oracle E-Business Suite, Oracle Forms, etc., typically allow you to use the bundled Java just to run that product.
- This means that if you have a licensed Oracle WebLogic Server, you can use the Oracle JDK on that WebLogic server without a separate Java SE subscription, but only for running WebLogic (and components of that stack). Using the same Java to run a different app on the side would not be covered.
- Oracle’s contracts or documentation (Restricted Use licenses) usually spell out that Java SE is included for the product’s purpose. It’s wise to confirm in your Oracle product license doc.
No Additional Cost in those scenarios: You shouldn’t have to pay twice. They allow Java runtime if you paid Oracle for a product or cloud service.

Example: You host an Oracle Database and Oracle Business Intelligence on a pre-m server. Oracle Database has a Java-based component, and your DB license likely covers the Java needed.

However, if you have a custom application using Oracle JDK on the same server, that usage is not covered by the DB license – you’d need a Java subscription for that part. Always differentiate between Java usage strictly for an Oracle product (covered) and general Java usage (not covered).

Java Installation & Usage Scenarios

34. Do we need a license to use Oracle JDK in development or test environments?

You do not need to purchase a license for development and test environments as long as the Oracle JDK is not used for production. Oracle’s OTN license explicitly permits development and testing use at no cost.

What this means:

Developers’ Machines: Developers can install Oracle JDK on their workstations or laptops to write and compile code without a subscription. This is “Development Use” and is free.
CI/CD and Test Servers: If you have continuous integration servers, test servers, or QA environments running Oracle JDK to execute tests or perform test deployments, they are also covered under development/testing use. No license fee is needed there.
Caution – No Production Traffic: Ensure these environments do not inadvertently serve production needs. For instance, if a “test” server starts handling live data or user traffic, it’s effectively production. That would violate the license if you don’t have a subscription. Keep dev/test systems segregated from production.
Data from Oracle during Dev: Oracle’s license allows dev/test, but note that you won’t get production support from Oracle for dev use. (Support is only for subscribers.) So if you hit a Java bug in dev, you can’t file a support ticket unless you have a subscription. But purely for usage, it’s fine.
No Need to Count Dev Machines: Under OTN free use, you don’t have to count or report how many dev/test installations you have. Just ensure those installations aren’t used outside of the permitted scope.

Example: Your company has 50 developers coding a Java application. They all use Oracle JDK 17 on their laptops. The app is deployed on an Oracle JDK 17 server for testing. None of this requires a Java SE Subscription (since Java 17 is anyway free, but even if it wasn’t, dev/test is allowed). When you go live in production, you’ll either make sure you’re on a free version or have a subscription.

35. Is a license required for Oracle Java on employee desktops or internal business applications?

Suppose employees are using Oracle’s Java on their desktops for internal business applications (not just personal use). That is considered commercial use and typically requires a license – unless it’s an Oracle product use case or the Java version is free.

Key points:

Internal Business Apps = Commercial Use: Suppose you have an internal CRM application with a Java client on each user’s PC or a Java-based ERP system. Those employees running Oracle JRE/JDK on their work computers use these apps to use Java for business operations. This is not “personal use”—it’s part of the company’s activities, so it requires a Java SE subscription (for Java versions like 8 or 11) or using a free version (like 17/21 within the free period).
Java 8 Desktop Example: In the past, Oracle had a “Java SE 8 Desktop” subscription for such scenarios. Under the new model, it doesn’t matter – an employee licenses you. But yes, those desktop uses count.
Thick Client Applications: Many older enterprise apps (or things like IBM WebSphere client, etc.) required an Oracle JRE on the desktop. If those JREs are Oracle’s and version >8u202, you must have them licensed.
Web Browser Plugins (old Java applets): Though largely obsolete, if any internal websites still use Java applets (Java in the browser), the Oracle JRE on users’ machines running those applets would similarly require licensing (post-2019, applet support was removed, but just as a concept).
Personal vs. Work Device: It’s about context—the same Oracle JDK on a personal home PC for a personal project is free, but it’s commercial use on a work PC being used for work tasks.

So yes, employee desktop use in an organization is not exempt. The company’s Java license must cover it. The new “per employee” subscription model directly captures this scenario by charging per employee regardless of desktop or server.

36. If we have a Java SE Subscription, can we install Oracle Java on an unlimited machines?

Generally, yes – if you’ve properly licensed your usage (now by employees), you can deploy Oracle Java on as many systems as needed within your organization:

Under Employee Metric: Once you’ve paid for all your employees, you are allowed unlimited installations enterprise-wide. Whether it’s 100 developer PCs, 500 servers, or 1,000 IoT devices, there is technically no numeric limit on installations. The limit is that it’s for use by your licensed employees.
Under Old Metrics: If you still are under an older license model (NUP or processor), you were limited by what you purchased (e.g., X users or Y processors). But under the current Universal Subscription, those distinctions are gone.
Geography/Subsidiaries: As long as the entities are covered by the license agreement (usually, the subscribing legal entity and its wholly-owned subsidiaries are allowed), you can use Java globally across those entities. If you have separate subsidiaries not in the agreement, they’d need their subscription or to be added.
Third-Party Use: The subscription doesn’t allow giving Java to third parties – it’s for your internal use. “Unlimited machines” means unlimited within your organization’s control. You can’t start distributing Oracle JDK externally just because you have a subscription (unless it’s specifically in service of your business and those third parties are essentially your employees/contractors).
Audit Simplicity: Because of this unlimited use allowance (within headcount), if Oracle audits you and you have an active subscription covering all employees, you’re generally fine, regardless of the deployment footprint. The compliance is in having the subscription, not counting each install.

This is why Oracle moved to an employee metric—it no longer cares how many copies you install. As long as every employee is accounted for in the subscription, you’re entitled to however many instances you require.

37. Can we include or embed Oracle Java in the software or devices we sell?

This is not the case with a standard Java SE subscription, which only covers internal use. Embedding Oracle Java in a product or device you distribute to third parties typically requires an additional OEM license from Oracle.

Details:

Standard License Restriction: The Oracle Java licenses (BCL, OTN, NFTC) forbid making the software available to third parties or distributing it as part of a solution. Even the Java subscription terms are about internal use; they don’t automatically grant rights to redistribute Java to your customers.
OEM/Commercial Distribution Agreement: If your company wants to bundle Oracle JRE with your application installer or embed it in a hardware device (say a medical device or kiosk that runs Java), you must seek a separate Java OEM license from Oracle. Oracle grants you distribution rights in this custom agreement, usually for a fee or royalty.
Alternatives: Many software vendors avoid this by directing customers to install Java themselves or by bundling OpenJDK with no such restriction. Some hardware devices use OpenJDK or get an Oracle Java Embedded license. Oracle had (or has) Java ME/Embedded licensing for IoT devices, which is separate from Java SE.
Example Scenario: You build a commercial software that runs on Java and want a one-click installer for your clients, including the JRE. If you include Oracle JRE, you would put your clients in a position to need a license or violate distribution terms. Proper approach: either have the installer fetch OpenJDK, require the client to have Java, or secure an Oracle distribution license (which might involve royalties per copy).

In summary, internal-use licenses do not cover external distribution. Always consult Oracle if you plan to ship Java with your product – otherwise, opt for open-source JRE alternatives to sidestep this limitation.

38. If a vendor’s application requires Oracle Java, who is responsible for licensing it?

This is a common concern. The responsibility depends on the agreements in place:

Check Vendor Agreement: First, see if your vendor’s license or contract with you includes Java. Some software vendors have an OEM agreement with Oracle, allowing them to provide you Oracle’s JRE as part of their product. If so, the vendor’s contract might say that the necessary Java runtime is included in the product license (and the vendor would handle compliance with Oracle).
If Not Mentioned: If the vendor simply says “requires Java” but doesn’t provide a licensed copy, then your organization is responsible for having a proper Java license. In that case, running the vendor’s application on Oracle Java means you need a Java SE Subscription or a non-Oracle JDK.
Oracle’s Advice: Oracle’s Java licensing FAQ indicates that if a third-party application needs Oracle Java, and the contract doesn’t explicitly cover it, the end user (you) must ensure that Java is licensed. So, assume it’s on you unless clearly stated otherwise.
Avoiding Surprises: Many companies have been surprised in audits when Oracle finds an installed Oracle JRE that came with a third-party app. The defense is only if the vendor has the right to bundle it. If not, Oracle will pursue the customer for licensing.
Best Practice: As an end-user, if you deploy a new third-party software that runs on Java, ask the vendor: “Are you providing a licensed Java runtime with this, or do we need to cover it?” If they shrug or refer to Oracle’s site, you probably need to handle it (maybe by switching that Java out for OpenJDK if possible).

Example: You use enterprise software from Vendor X, and their installer includes Oracle JDK 8. If Vendor X did not have a deal with Oracle, technically, your installation of Oracle JDK 8 requires your company to have a license. In an audit, Oracle would hold you responsible, not Vendor X. Always clarify this to avoid unintentional non-compliance.

39. Does an installed Oracle JDK on a server count as usage if it’s not actively used?

From a licensing perspective, an installed Oracle Java on a server can be considered “in use,” especially if it’s accessible or used for production. Important considerations:

License Acceptance: When you installed Oracle JDK, you accepted the OTN or NFTC license terms, which means you agreed to the permitted uses. If that server is a production server, simply having Oracle JDK on it (even if idle) could be seen as a readiness to use it for production. Oracle in audits often counts installations on production machines as needing licensing.
Discovery in Audit: Oracle’s audit scripts will typically scan for installed Java binaries (java.exe, libjvm. so, etc.) on machines. They will flag it if they find Oracle JDK installed on a server. It will then be on you to explain if it was ever used. It’s safe to assume that if it’s installed on a prod server, Oracle considers it “deployed.”
Uninstall Unused Copies: If you installed Oracle JDK for a one-time test and never removed it, that could become a compliance issue later. Best practice: uninstall Oracle Java from any system where it’s not needed. This not only avoids licensing issues but also security risks of unused software.
Evidence of Non-Use: Theoretically, if Oracle found an installation and you had logs proving it was never executed for a commercial workload, you might argue it wasn’t used. But that’s a gray area and not a guaranteed defense. Oracle might argue that the installation was not permitted in a production environment without a license.
Dev Tools on Prod: Sometimes admins install JDK on a production server for troubleshooting or debugging purposes but not for running the main app. Even in such cases, it’s a risk if no license exists. If those debugging tools were used in production, that’s production use.

The bottom line is to treat any Oracle Java installation on any company system as something you must license unless it’s purely dev/test. If it’s not needed, remove it to be safe. In an audit, you don’t want to negotiate what “used” means – Oracle tends to count installations as used.

40. Does running Oracle Java in containers or virtual machines affect licensing?

The use of containers or VMs doesn’t change Oracle’s licensing requirements – it is treated like any other deployment:

No Container Exemption: If you have Oracle JDK baked into a Docker container that you deploy to production, Oracle Java is still being used in production. The form factor (container vs. physical) doesn’t matter. You need a license for those, just as you would on a normal server.
Counting in the Old Model: In the legacy model, one might wonder if each container is separate for licensing. Under the new model, it’s irrelevant because it’s per-employee. Under the old model, it would depend if containers were on the same physical host (then the host’s processor counted once) or separate. Oracle’s partitioning policies, etc., could get complex. But that’s moot now with the employee metric.
Cloud VMs: Similarly, if you run Oracle Java on a cloud VM (AWS, Azure, etc.), you need to license it like on-prem. The cloud provider doesn’t cover Oracle Java (unless it’s Oracle Cloud, which we discussed has allowances). Running 100 Java containers in Kubernetes on AWS counts as usage by your company requiring a Java subscription for those users/servers.
Ephemeral Instances: Even if containers are short-lived or autoscaled, as long as Oracle Java is being used, it’s the organization’s responsibility to have it licensed. The subscription model simplifies this: no matter how many ephemeral containers spin up, you’re fine if all employees are licensed. On older licensing, you would theoretically need to ensure you had enough processor licenses to cover peak container density, which was tricky.
Isolation: Note that putting Java in a container doesn’t isolate you from Oracle’s perspective. Some might think using a container image somehow “disguises” the usage, but if audited, you’ll likely have to reveal what software you run. And many containers running on one host still equate to usage on that host.

In summary, Containers and VMs are just modern ways to deploy software. Oracle’s Java licensing applies regardless of these. Ensure any container images with Oracle JDK are used only where you’re licensed (or switch those images to OpenJDK to avoid issues).

41. Can we avoid licensing fees if we only use older Java versions and never update them?

Sticking to an old Java version that was obtained under a free license (and never updating it) can technically avoid the need for a new license, but it comes with significant caveats and risks:

Legal Perspective: Oracle’s FAQ says you may continue to use releases you downloaded under the terms you originally got them. So, if you downloaded Java 8 update 202 under BCL before 2019, you can keep using that exact build under BCL with no subscription. You’re not violating a license if you don’t apply patches under a different license.
No Security Updates: The downside is that you won’t get any security fixes or improvements. Running an unpatched Java from 2018/2019 indefinitely is dangerous. Critical vulnerabilities in Java (or the JVM) discovered after that release will remain unpatched, exposing your systems to potential exploits. This is a major risk to weigh against the cost of a subscription. Oracle explicitly warns that older versions “are not updated with the latest security patches and are not recommended for use in production”.
Audit Risk: While using an old version might keep you technically legal, Oracle might still scrutinize it during an audit. They could question if you truly never updated. You’d be out of compliance if they find evidence that someone applied a later patch or a system auto-updated to a later version.
Operational Risk: Beyond security, there’s also compatibility. If your OS updates or other environment changes occur, that old Java might break or cause issues, and you have no support. For business-critical systems, this is generally not tenable in the long term.
Alternate Strategy: Some companies did this as a stopgap in 2019—they froze on Java 8u202 to buy time. But in the longer term, most either moved to OpenJDK builds for continued free updates or purchased subscriptions.

So yes, you could avoid fees by never updating Oracle Java beyond your last free version. You wouldn’t be violating Oracle’s license. But you’d be taking on serious security and support risks. It’s generally not a recommended strategy except perhaps in an isolated legacy system that cannot be changed and is walled off from threats.

42. Are advanced Java features like Flight Recorder and Mission Control free?

It depends on the Java version:

Java 8 “Commercial Features”: In Java SE 8, certain features such as Java Flight Recorder (JFR), Java Mission Control (JMC), Advanced Management Console (AMC), and Usage Tracker were considered commercial features. They were present in the binaries but were only used if you had a Java SE Advanced license (or subscription). Technically, using JFR/JMC on Oracle JDK 8 without an appropriate license was a violation (there was even a runtime check that you had to unlock commercial features with a flag).
Java 11 and later: Oracle open-sourced Flight Recorder and made it available in OpenJDK. As of Java 11, JFR is one of the standard features that is accessible to all. Mission Control was open-sourced as a separate tool as well. Thus, by Java 11+, these features are no longer restricted by license – they’re also freely usable in Oracle JDK. Oracle’s Java SE subscription now includes support for these features, and there is no extra charge.
Java 17/21: All these advanced features are included out of the box and can be used freely under the NFTC license while it applies. No separate “Advanced” license exists anymore—it’s unified.
Management Console (AMC): Oracle’s Advanced Management Console (for tracking Java usage in an enterprise) might require a subscription (it’s typically available to download on the support site). So, using AMC effectively requires a Java SE Subscription. But features like JFR/JMC that run with the JDK are free in newer JDKs.
Usage Tracker: The Java Usage Tracker logs JRE usage (helpful for audits). Enabling it was a commercial feature in Java 8 (it needed a license). In Java 11+, I believe usage logging has either been removed or is irrelevant due to the shift in the licensing approach.

Conclusion: If you’re on Java 8 and want to use Flight Recorder or other advanced features in production, you need a Java SE subscription (or had to have Java SE Advanced licensing).

On Java 11+, those features are part of the normal product – just ensure you’re licensed for Java in general if in production. Oracle’s subscription covers everything, so no feature-based add-on licenses exist.

Java Audit Triggers & Process

43. What might trigger an Oracle Java license audit?

Oracle may initiate a Java audit (or a softer license review) based on several possible triggers or red flags:

Subscription Changes: If a company significantly reduces or cancels its Java SE Subscription, it alerts Oracle. For example, suppose you did a one-year subscription and decided not to renew. In that case, Oracle might suspect you continue to use Java and may audit to ensure you uninstalled it or switched to something else. Similarly, unusually high increases could flag that maybe usage is widespread (though usually dropping support is a bigger trigger).
Customer History: If your organization has a history of compliance issues or audits with Oracle on other products, Oracle might extend scrutiny to Java. Past non-compliance makes Oracle more vigilant.
Whistleblowers/Internal Reports: In some cases, Oracle audits are prompted by insider information. An unhappy employee or contractor might report that “Company X is using Oracle Java without a license.” This can lead Oracle to investigate.
No Purchase History: If you’re a known Oracle customer (perhaps using Oracle DB or middleware) but have never purchased Java licenses, and Oracle’s sales team believes you are using Java (almost every company does), that could trigger outreach. Oracle might reach out under the assumption that you have unlicensed Java deployments.
Download or Usage Data: Oracle could potentially track large downloads of Oracle JDK from their site by a company (though one usually needs an Oracle account to download older versions). If, for instance, your company account downloaded 500 copies of Java from Oracle’s site, but you never bought a license, Oracle may follow up.
Random Audit Cycle: Oracle has audit clauses in most contracts and could include Java in routine audits of major customers. As Java becomes a revenue focus, Oracle might add Java to the list when auditing an enterprise’s databases or other software.

Essentially, anything suggesting “this company might be using Oracle Java without paying” is a potential trigger. Oracle’s compliance and sales teams often coordinate – an audit might also be triggered simply as a sales strategy to push Java subscriptions.

44. What is an Oracle Java soft audit (license review)?

A soft audit, sometimes called a license review or friendly audit, is an informal compliance check initiated typically by Oracle’s sales or account management team, not the formal LMS auditors.

Characteristics:

Informal Request: It often starts with an Oracle rep reaching out via email or call, saying something like, “We’d like to understand your Java usage” or asking you to complete a Java usage questionnaire. They won’t call it an audit – more like a “licensed health check.”
Data Collection Light: Oracle might ask for inventory info: number of Java installations, versions in use, where they are deployed (dev vs prod), etc.. They may not (initially) run official scripts, but rely on you to provide the info.
Run by Sales, Not Legal: Oracle’s sales organization drives soft audits, not the License Management Services (LMS) audit team. The tone may be more casual, but it’s an audit in disguise.
Potential Escalation: If you respond and the data suggests non-compliance (e.g., you list 200 servers running Oracle JDK8 with no subscriptions), the soft audit can quickly escalate into a formal audit or a demand to purchase subscriptions. If you ignore it or provide insufficient info, they might formally involve LMS.
No Audit Letter: A key difference is that you haven’t received the formal audit notification letter from Oracle’s Contracts & Legal department. It’s all happening through conversations and emails.

Example: Oracle’s account manager emails: “Hi, as part of Oracle’s license advisory, we’d like to review your use of Java SE in your environment. Can you provide us the count of Oracle Java installs and any Java SE subscriptions you have?” This is a soft audit opening. Treat it seriously because how you handle it could determine if it stays informal or becomes a formal LMS audit.

45. What is a formal Oracle Java audit, and how does it work?

Oracle’s License Management Services (LMS) team officially sanctioned a formal Oracle Java audit following contract audit clauses and a defined process.

Here’s how it typically works:

Audit Notification Letter: Your organization will receive a formal audit notice (usually via email and certified letter) from Oracle, citing the audit clause in your agreement. It will state that Oracle is exercising its right to audit your use of Oracle programs (including Java). This letter is often addressed to a high-level person (CIO or legal contact).
Kick-off Meeting: Oracle’s LMS will schedule a meeting with your team to explain the scope of the audit, timelines, and what data they will need. For Java, they’ll clarify they want to assess all deployments of Oracle Java.
Data Collection: Oracle will likely provide audit scripts or tools for you to run. These might scan systems for installed Java versions, or you may need to provide inventory lists. Oracle LMS might ask for the java -version command output from all servers or deploy their Oracle Collection Tool, which can detect Java installations. They’ll gather the number of installations, versions, patch levels, and possibly evidence of usage (like logs).
Analysis: They compare the collected data against your entitlements (do you have subscriptions? How many?). They determine where you are lacking licenses. They’ll prepare a report of findings.
Audit Report & Resolution: Oracle presents the audit results, listing unlicensed Java instances and the license fees due. They typically will then hand this over to a sales team to discuss purchasing the required subscriptions (and possibly back support fees). You’ll have a chance to review and discuss the findings before any final settlement.
Timeline: Formal audits can last months. Oracle usually requests data within a few weeks, analyzes it, and negotiates—the whole process might take 3-6 months or more, depending on complexity.

Formal audits are more serious – you will likely need to involve your legal counsel and software asset management team. Oracle LMS audits are thorough and follow a documented procedure, leaving less room to maneuver than a soft audit.

46. What information will Oracle request during a Java audit?

Oracle will seek comprehensive data about your Java deployments during a Java audit. Expect requests for:

Inventory of Installations: A list of all systems (servers, VMs, desktops, etc.) that have Oracle Java installed. This includes specifying which version (Java 8, 11, 17, etc.) and the update level (e.g., 1.8.0_271) on each.
Usage Details: Oracle may ask how each instance is used – development, testing, production, or as part of an Oracle product. They’ll want to identify which are potentially subject to licensing fees (production/non-Oracle-use ones).
Java Options & Features Used: In some cases, they might check if you’ve been using commercial features on Java 8 (via logs or config). For instance, if -XX:+UnlockCommercialFeatures was used to enable Flight Recorder on Java 8, a sign of unlicensed feature use.
Oracle Support Access: They might check if you downloaded patches from My Oracle Support. If yes, that implies you should have had a support contract.
Scripts Output: Oracle often supplies a script that when run, outputs all installed Java versions on a machine. It might parse the registry (on Windows) or common install locations. The output would list installations. They’ll want those outputs from all relevant machines.
Proof of Entitlement: They will also ask for proof of any Java licenses you do have: copies of subscription contracts, Oracle CSI numbers for support, etc. This is to validate what coverage you already have.
Environment Scope: Sometimes, they ask for diagrams or descriptions of your IT environment to ensure you didn’t omit anything.

Essentially, Oracle wants to find every instance where their Oracle JDK/JRE is used and then reconcile that with whether it’s a scenario that requires a license and if you have one. Being prepared with a thorough internal audit ahead of time can help ensure you know what they’ll find.

47. Will an Oracle audit cover developer machines and test environments too?

Yes, an Oracle audit will typically cover all environments – production, development, test, etc. – but the outcome might treat them differently:

Scope: Oracle’s audit scope usually includes all use of Oracle software. They will also want the Java inventory on dev and test machines, not just production servers. The LMS scripts will likely detect Java on any machine scanned, regardless of role.
License Requirement Differences: While dev/test installations of Oracle Java are usually allowed without a paid license (per OTN terms), Oracle will still count them and verify that they are non-production. Oracle may question volumes – e.g., if you have 500 installs claiming to be “dev,” they might probe if some are doing prod work.
No Fee for Dev/Test: If it’s clear those are strictly dev/test, Oracle should not require you to license them (assuming OTN terms apply). However, any ambiguous information could be flagged. For instance, if a test server sometimes serves a production user report, Oracle would argue that it needs licensing.
Focus on Non-Compliant Use: In the final compliance report, Oracle might list dev/test instances but note that they are permitted uses. The non-compliance (what they’ll charge for) will be the production instances running without a license.
Your Burden: You may be required to demonstrate or certify that certain servers are strictly non-production. During the audit, be prepared to explain the function of environment names. If you have clear labeling (e.g., “DEVAPP01” server vs “PRDAPP01”), that helps. Provide network segmentation information or policies showing end-users can’t access those.

So, while dev/test machines are not the target for license fees, they are absolutely in scope for discovery. Oracle will want a complete picture to ensure that nothing is overlooked. It’s in your interest to delineate which finds are non-production (and thus allowed under OTN) when discussing with Oracle’s auditors.

48. What are the potential consequences of failing a Java license audit?

“Failing” an audit – meaning Oracle finds you out of compliance – can lead to several consequences:

Purchase Requirement: Oracle will almost certainly require you to purchase Java SE Subscriptions to cover the shortfall. This could mean a significant unplanned expense. For example, suppose they find 100 processors of Java usage unlicensed. In that case, they might demand you buy an equivalent subscription (now employee-based, so maybe they’ll just convert that into an employee count) in the future.
Backdated Fees: Oracle may ask for a refund for the period you were unlicensed. Often, they calculate what it would have cost had you been subscribed during the unlicensed usage period and ask for that as well. This is effectively a penalty in the form of retroactive support fees. For example, if you ran Java 8 for 2 years unlicensed on X servers, they might charge 2 years’ worth of subscription for those servers.
Penalties: In some cases, Oracle can levy contractual penalty fees or interest. While Oracle’s license agreement doesn’t specify penalties, the negotiation could include a premium. There have been instances where Oracle suggests a one-time fine or increased first-year cost as a punitive measure.
Cease Usage or Legal Action: If a company refuses to comply (pay or stop using), Oracle could escalate to legal action for breach of license/copyright. This is rare, as most companies will settle by purchasing licenses. However, it’s a theoretical risk if one ignores the audit results entirely.
Operational Impact: Internally, failing an audit can cause project delays (you might have to urgently replace Oracle JDK with something else in some systems if you don’t want to pay), eat management time, and cause reputational issues within the company (compliance teams will be alarmed).
Audit Clause Consequences: Some Oracle contracts require you to pay the audit costs if found significantly non-compliant. I’m unsure if Java SE has that stipulation, but Oracle sometimes includes it.

Failing a Java audit usually results in an unexpected bill and mandatory subscription purchases (and possibly signing up to the new metric). Depending on the scope, the financial hit can range from modest to very large. It’s best to avoid reaching that point by maintaining compliance or negotiating early.

49. Can Oracle charge penalties or back fees for unlicensed Java use?

Yes, Oracle can and often will seek backdated fees for the period of unlicensed use, and potentially penalties, as part of the audit resolution.

Here’s how that works:

Backdated Subscription Fees: Oracle’s common practice is calculating what you should have been paying. For example, if you used Oracle Java on 100 employees’ machines for 2 years without a subscription, they might ask for 24 months * $15 * 100 (if using the current model pricing) as back payment. This can add up quickly. Oracle sees this as recovering support fees you benefited from Java without paying for the past period.
Contractual Penalties: While Oracle’s standard license doesn’t mention fines, the result of the negotiation can include lump-sum penalties. Oracle LMS might add a line item for “retroactive support” or “license gap penalty.” These are typically negotiable—Oracle might waive some if you agree to a sizable subscription in the future.
Interest or Legal Damages: If it went into a legal claim, Oracle could claim damages for copyright infringement for unlicensed use. That could include legal penalties far above license cost. However, in practice, Oracle prefers to settle commercially (sell you licenses) rather than litigate.
No Penalty if Resolving via Purchase: Sometimes, Oracle will forego explicit “fines” if you agree to a robust purchase to remedy the problem. Essentially, they roll the penalty into the purchase. For instance, “buy a 3-year subscription for all employees now, and we won’t charge for last year’s usage.” It depends on Oracle’s stance and the magnitude of non-compliance.
Audit Cost Clause: Check if your Oracle agreements have an audit clause stating that you pay audit costs if non-compliance is over a certain percentage. If yes, Oracle could add audit expenses to the bill (like the cost of auditors, etc.). Again, not sure if they enforce that often for Java, but it’s possible.

The key is that you have very little leverage if you are clearly out of compliance. Oracle will insist on compensation for past usage. Your best bet is negotiating the numbers via an amicable purchase (maybe commit to a longer subscription to avoid one-time fees). But yes, expect back fees to be part of the discussion if you have used unlicensed Java for some time.

50. How does Oracle determine the fees for unlicensed Java usage discovered in an audit?

Oracle will determine what licenses you need and for how long and then price it out accordingly.

Quantification of Usage: First, they’ll identify how many Java installations or “units” were unlicensed from the audit data. Under the new model, they might translate this to the number of Java employees. Under the old model, it could be the number of servers (processors) and desktops.
Duration of Unlicensed Use: They may ask, “How long have you been using these?” If you’ve been downloading updates, they can pinpoint from when (e.g., using Java 8 update 261 means you used it at least since that update was out). If it is unclear, they might assume it has been since 2019 for Java 8, or since the release of Java 11, etc. They will then calculate the fees from that start time to the present.
List Price Applied: Typically, Oracle uses its standard price list (no discount) to calculate back fees. If the Java SE Subscription is $15/employee/month, they’ll use that. Or earlier, depending on the timing, $25 per processor per month for server, $2.50 per user for desktop, etc..
No Freebies Counted: Even if some of that use was during a free period (e.g., you used Java 17 in 2022, which was free), they shouldn’t charge for that portion. They would focus on periods where it wasn’t free. However, if they find use of Java 8 from 2020-2022, that whole time was not free, so they’ll count all those months.
Example Calculation: Suppose the audit finds Java on 10 servers and 100 desktops unlicensed, used from Jan 2020 to Dec 2024 (5 years). Under the old model, that might be 10 processors * $25 * 60 months + 100 users * $2.50 * 60 months. That’s $15,000 + $15,000 = $30k in back fees (just an illustrative simple calc). Oracle would present something like that. Now under employee model, they might say those 110 users would fall under employee count – say your company had 500 employees, and 110 used Java, they might just say you should have licensed all 500 employees for those 5 years: 500 * $15 * 60 = $450k (worst case if they play hardball). They might not go that far, perhaps focusing on actual usage.
Future Compliance: Often, rather than making you cut a check for back fees alone, Oracle will say, “Buy a subscription for X years for Y employees, which inherently covers past and future.” For instance, signing a 3-year subscription for all employees from 2025 onward might be presented as the resolution, and they’ll consider the past squared away in that deal.

Every audit negotiation can differ, but they will have done the math to determine a starting figure representing your “liability.” Negotiating how that gets settled (one-time payment vs. forward-looking purchase) is up to you. Constructive dialogue can sometimes reduce the sting if you commit to rectifying compliance.

Audit Preparation & Defense Strategies

51. How can we prepare in advance for an Oracle Java audit?

Preparation is critical to avoid surprises.

Steps to take proactively:

Inventory Your Java Installations: Maintain an up-to-date inventory of all Oracle Java installations in your environment. Know which version is on which machine and who is using it. This includes servers, VMs, developer workstations, and even build servers. Use software asset management (SAM) tools or scripts to scan for “java” executables regularly.
Track Usage Purpose: For each identified Java, document if it’s used for production, development, or as part of another product (like Oracle software). This will help you determine which are compliant (dev/test or part of Oracle products) and risky.
Centralize Java Deployment: Don’t allow users to download Oracle JDK randomly. Have a controlled process for Java installations. If you standardize on OpenJDK for most cases, enforce that. If Oracle JDK is needed, distribute it via IT with knowledge of where and why.
Stay Informed on Licensing: Keep updated on Oracle’s Java licensing policies. They change (as seen with NFTC and new subscriptions). Ensure your team knows which versions are free and which aren’t at any given time.
Internal Audits: Conduct your internal license compliance reviews periodically. Simulate what an Oracle audit would look for. Identify any unlicensed Oracle Java use and address it (either remove it, replace it with OpenJDK, or purchase subscriptions as needed) before Oracle comes knocking.
Document Entitlements: Keep all records of any Java licenses or subscriptions you have (contracts, order confirmations). Also, if you have Oracle products that include Java, keep those license documents handy to show that coverage. In an audit, you’ll need to prove what rights you have.
Security & Update Strategy: Have a plan for Java updates that aligns with licensing. For example, if you plan to stick with Oracle JDK, ensure you budget for a subscription; if you plan to avoid a subscription, plan migrations to free versions or OpenJDK. This way, you won’t inadvertently install patches that put you out of compliance.

By preparing in this manner, you can confidently face an audit. Even better, you might avoid one if Oracle’s data shows you already have subscriptions or a minimal Oracle JDK footprint.

52. What should we do if we get an Oracle audit notice for Java?

If you receive a formal audit notice:

Don’t panic, But Act Promptly: An audit notice is a legal request. Acknowledge receipt to Oracle and cooperate within reason. Engage your internal stakeholders immediately—legal, IT asset management, procurement, etc. Delaying or ignoring the notice is not a good idea, as contracts usually require compliance within a certain period.
Assemble an Audit Response Team: Include someone from legal, your software asset manager, IT operations (who knows where Java is installed), and perhaps an outside licensing consultant if needed. This team will interface with Oracle LMS.
Review Your Java Usage: Before Oracle digs in, do a quick internal audit. Gather your inventory of Java deployments (hopefully, you have this from preparation). Identify any obvious non-compliance so you know your exposure. This internal review is crucial so Oracle’s findings don’t blindside you.
Engage with Oracle Professionally: Attend the kick-off meeting. You can clarify the scope by confirming that it’s only Java (and related Java SE components). Sometimes, Oracle might broaden an audit to other products; try to keep it to Java if possible. Get a list of data they want and agree on realistic timelines.
Run Oracle’s Scripts Carefully: If Oracle provides scripts, vet them (possibly on a test system) before running them enterprise-wide. Understand what data they collect. It’s usually fine, but you want to be comfortable that they aren’t doing anything harmful. Then, run them as required. Avoid altering or tempering the script results—that can breach trust.
Accurate Data Provision: Provide Oracle the data requested accurately and completely. It’s often better to disclose fully and then negotiate rather than try to hide things (if Oracle finds evidence of hiding, audit negotiations can get ugly). However, you don’t need to volunteer information beyond the request. Stay within scope.
Engage Legal on Communications: All written responses might be used in negotiation. Have your legal counsel or licensing expert review communications to Oracle to ensure you aren’t admitting to things improperly or making incorrect statements.

Essentially, treat an audit notice seriously and respond in an organized, transparent, and timely fashion. Good faith cooperation can sometimes lead to a more amicable resolution.

53. How can we minimize our liability during a Java audit?

During the audit process, there are steps you can take to potentially minimize the compliance gap or at least position yourself better:

Identify and Isolate Non-Compliant Installations Quickly: If you find some unlicensed Oracle JDK installations (e.g., someone installed Java 8u271 on a server without a subscription), consider removing or replacing them immediately. If Oracle hasn’t collected data from that machine yet, removing it could reduce what they find. However, audit letters often require you not to alter or destroy records. Don’t delete evidence, but decommissioning an unused Java might be acceptable if the audit is ongoing.
Claim Permitted Use Where Possible: For any Java installations discovered, see if you can categorize them as permitted under OTN or part of an Oracle product. For example, if 20 installs are on dev-only servers, document that so they are not counted as a violation. Oracle might accept that those don’t need licensing (though they’ll double-check you’re not using them for prod).
Leverage Free Alternatives Mid-Audit: If the audit catches something, you might quickly swap some environments to OpenJDK. For instance, if you have time, migrate a prod server from Oracle JDK to OpenJDK and then present the OpenJDK installation as current. Oracle audits typically capture a point in time; if you’ve transitioned some systems off Oracle Java by formal data submission, those might not need licenses (Oracle can’t charge for what you’re not using at audit closure). This is a bit of a tightrope and must be done before data is captured or disclosed properly.
Negotiate the Findings: When Oracle presents preliminary findings, don’t accept them at face value if you see inaccuracies. Maybe Oracle counted a server twice or assumed an install was prod when it’s not. Provide clarifications or evidence to reduce the count. For example, “Server X listed with Oracle JDK 8 is solely running an Oracle Forms application, which is covered by our Oracle Forms license (restricted use Java).” This could remove that from the payable list.
Future Commitment: Sometimes, you can negotiate a lower penalty by agreeing to certain future actions, like a longer-term subscription. Oracle might waive some back fees if you lock in a 3-year deal. Use that as leverage to reduce immediate liability.
Use NFTC/Free Rights if Applicable: If some of your usage is on Java 17 or 21, which are free, make sure Oracle isn’t trying to bill for those. They might only bill if you need support beyond the free period. But emphasize: “Our Java 17 usage was under NFTC, which is no fee.” That portion should not incur cost (aside from the expectation that you upgrade or subscribe later).

In short, carefully analyze each item Oracle flags and see if there’s a legitimate reason it might not require a license or if you can remediate it quickly. The goal is to narrow the scope of non-compliance before the final tally.

54. Can we negotiate or contest Oracle’s audit findings if we disagree?

Yes, audit findings are not set in stone – they are often a starting point for negotiation. You can (and should) contest any points you believe are wrong or unfair.

Review and Rebut: Oracle will usually share an audit report or the list of non-compliant instances. Go through each line if something is misidentified (e.g., Oracle flagged a Java install that was an OpenJDK install – maybe they saw “1.8.0” and assumed Oracle JDK), present evidence of that, and ask for its removal.
Usage Clarification: If Oracle assumes all installations are production, but you have 30 dev/test, show them proof (like system names and usage logs) and argue that those should not require a license (per OTN allowance). This can reduce counts.
Timing Disagreements: If Oracle claims you have used Java since 2018 but only started in 2020, provide records to correct that—it could reduce backdated fees.
Legal/Contractual Arguments: Maybe you have an Oracle Unlimited License Agreement (ULA) that includes Java (some ULAs did cover Java SE in the past). Or you believe Oracle’s license doesn’t apply in a certain scenario. You can bring these arguments. Sometimes, definitions can be argued – e.g., what constitutes “Personal Use” or “General Purpose Computer”. These rarely void fees entirely but can be used to negotiate edge cases.
Negotiate Pricing: Even if you accept that you owe licenses, you can negotiate the commercial terms. Perhaps Oracle’s list price is too high—you might negotiate a discount or a different mix of products. Oracle might be open to bundling the Java resolution into a bigger deal or adjusting the scope.
Leverage Relationship: You have more leverage if you’re a significant Oracle customer (with databases, etc.). You can involve your Oracle account manager to help bring the audit to a business negotiation rather than a strict penalty payout. Often, audits end with purchasing licenses at some agreed-upon price—that’s a negotiation.
Professional Help: If the stakes are high, consider engaging a licensing consultant or an attorney who deals with Oracle audits. They can find flaws in Oracle’s findings or strategy to push back. For example, firms like Palisade Compliance or LicenseFortress specialize in Oracle audits and might identify overreach.

Remember, Oracle’s auditors aim to maximize findings, but they expect some pushback and negotiation. Remain factual and cooperative but firm on points of disagreement. The end goal is a settlement both sides can live with – you don’t have to accept the first bill as final.

55. Should we involve legal or third-party experts during a Java audit?

It’s often a good idea to involve experts:

Internal Legal: Your legal team should be in the loop because an audit is a legal/contractual. They can review communications and ensure you don’t inadvertently admit liability beyond what’s accurate. Legal can also negotiate terms of any settlement.
External Licensing Consultants: Firms specializing in Oracle licensing can provide invaluable guidance. They know Oracle’s tactics and where customers have leverage. They can help interpret the license fine print (e.g., definitions of “employee”, or how Oracle’s policies apply) and assist in strategizing responses. They might also perform an independent license assessment to counter Oracle’s claims. The cost of a consultant can be far less than the cost of overpaying Oracle due to an unchecked audit.
Technical Experts: Sometimes, it helps to have a technical expert verify Oracle’s script results or gather data favorably (e.g., ensuring dev systems are labeled as such).
Negotiation Support: Oracle audits can feel intimidating. Having a third-party negotiator (like a licensing attorney or consultant) can even the playing field. They might communicate with Oracle on your behalf or advise you on your responses. Oracle is used to this and sometimes may be more reasonable knowing you have expert representation.
When to Involve: Ideally, this should be done from the beginning of the audit notice. At minimum, once Oracle delivers findings, have an expert review them before you sign or agree to anything.

If your Java usage is small and straightforward, you might handle it in-house. But if you anticipate a large exposure (hundreds of thousands or millions in fees), investing in expert help is wise. They can often help reduce the financial impact significantly or find a more palatable settlement.

56. What mistakes should we avoid during an Oracle Java audit?

To protect your organization, be mindful to avoid these common pitfalls:

Lying or Concealing Information: It may be tempting to hide certain installations or falsely say, “We don’t use Java there.” Providing false information can severely undermine your credibility and escalate the situation. Oracle auditors are experienced—if they sense deception (like altered script results or inconsistent stories), they might expand the audit or take a harder line. Always be truthful, even if the truth is that you messed up. You can negotiate terms, but if caught lying, negotiation goodwill evaporates.
Volunteering Unasked Data: Answer Oracle’s questions, but don’t overshare. If they didn’t ask about some internal project, you don’t need to bring it up. Stick to scope. Unsolicited info might open new inquiry avenues. Provide exactly what is required, no more, no less.
Not Reading the Fine Print: Don’t blindly run scripts or sign audit documents without understanding them. For instance, Oracle’s script might require you to agree to certain collection methods. Read and, if needed, negotiate any script execution agreement (sometimes Oracle asks you to sign an acknowledgment). Also, carefully review any final settlement or purchasing documents to ensure they match verbally agreed upon.
Ignoring Oracle’s Timeline: Failing to meet agreed-upon deadlines or going silent can aggravate the situation. If you need more time, ask for it proactively and give a valid reason. Communication is key—don’t stonewall Oracle; it will likely trigger a formal escalation.
Lack of Internal Coordination: Ensure everyone internally knows an audit is happening. One mistake is a tech team member unknowingly updating Java on a server during an audit freeze period, which could change results midway. To avoid confusion, coordinate a freeze on changes to Java installations until the audit is resolved.
Agreeing Under Pressure Without Analysis: Oracle might present a settlement and press for quick acceptance (“sign this order by end of quarter for a discount”). Don’t rush without fully analyzing if it truly covers your needs and is fair. Even in an audit, you have the right to take a moment (with legal counsel) to review any deal.

Avoiding these mistakes will help ensure the audit goes as smoothly as possible and that you don’t end up in a worse position due to procedural missteps.

Misconceptions & Risk Areas

57. Do we still need a license if we install only the Java Runtime Environment (JRE) instead of the full JDK?

Yes. The Oracle Java Runtime Environment (JRE) is not a licensing loophole—it’s covered by the same rules as the JDK.

Key points:

JRE vs JDK: The JRE is a subset of the JDK (just the runtime). Oracle licensed the JRE under the same Oracle Java SE terms. In Java 8, you could download the JRE separately, but the license was the Oracle BCL or OTN license. So, using an Oracle JRE in production beyond the free terms still requires a subscription, just like the JDK would.
No Longer Separate in Downloads: Starting with Java 11, Oracle stopped providing a separate JRE download. They only provide the JDK (which includes the runtime). This change means the distinction is even smaller. If you use Oracle Java, you’re using Oracle Java – period.
Misconception: Some people think, “Oh, I’m just using the JRE to run apps. I’m not a developer, so I shouldn’t need a license.” But Oracle’s licensing is about use, not which components you installed. Running an Oracle JRE 1.8.0_271 on a server for your business requires a license, just as if it were the JDK. Oracle’s FAQ explicitly notes that the Java SE licensing applies to the JRE.
Commercial Features: Before Java 11, the JRE didn’t include certain tools (like compilers), but that’s irrelevant to licensing. If anything, the JDK had more features that could trigger needing an Advanced license (JFR, etc.), but the JRE had everything needed to run Java programs, and that running is what Oracle licenses for production.

So do not assume that using just the JRE gets you off the hook. If you’re using Oracle’s JRE in a commercial context outside the free allowances, you need a Java SE subscription for compliance.

58. We use Oracle Java only for internal applications and don’t distribute it. Is this considered commercial use that requires licensing?

Yes. “Commercial use” covers internal business operations, not just selling software. This is a crucial point:

Commercial vs Non-Commercial: In Oracle’s terms, if Java is being used to further the interests of a business (help run your operations, services, etc.), it’s commercial use. It doesn’t matter if you aren’t directly selling Java or charging for a Java-based service. For example, using Java to run an internal HR system is commercial because your business relies on it in production.
Distribution Not Required: Some think you only need a license if you distribute Java or software externally. That’s not true. Even if nobody outside your company ever sees the Java, you must license it for internal production use. Distribution comes into play only for the additional OEM-type licensing, but lack of distribution doesn’t equal free usage.
Examples of Commercial Internal Use: Running a Java-based inventory management system for your warehouse or a Java app that processes data for your analytics team are internal. However, since they are production systems providing business value, Oracle requires licensing for the Oracle JDK/JRE used.
Non-Commercial Examples: Truly non-commercial would be a hobby project, a student using Java for a school project, or a volunteer using Java to create a free community website (with no revenue). Internal at a company = commercial, nearly always, because the company is a commercial entity (even non-profits when using it for their operations, it’s considered commercial in a licensing sense).

So, don’t be misled by the term “commercial”. For Oracle, your company’s internal deployment is commercial usage. Only development/test, personal, or certain Oracle-product-bound uses are exempt, not the fact that it’s internal.

59. If we switch to OpenJDK or another Java distribution, can we avoid Oracle Java licensing fees?

Yes, moving to a non-Oracle Java distribution (OpenJDK-based) is a common and effective strategy for eliminating Oracle licensing fees in the future.

Considerations:

OpenJDK is Free: OpenJDK is free to use in any environment and is under a GPL license. Many vendors provide builds (Adoptium/Temurin, Red Hat, Amazon Corretto, Azul Zulu, etc.) that are essentially drop-in replacements for Oracle Java without cost or legal restriction. By switching, you no longer have to worry about Oracle’s licenses for those instances.
Migration Effort: In most cases, switching from Oracle JDK to OpenJDK build is trivial (they are binary compatible). But you should test critical apps to ensure no surprises. Things like font rendering differences or minor behavior differences have occasionally been noted, but generally, it’s smooth.
Timing (Audit Consideration): Doing this before or early in an audit reduces future exposure. Oracle can’t charge you for OpenJDK usage. However, be aware that switching today doesn’t erase past unlicensed use. Oracle could still come after you for past usage. But if you switch before they notice, they have a harder time proving past usage unless there’s evidence (like download logs or employees admitting it).
Partial Switch: Some companies keep Oracle for certain systems (where they want Oracle’s support or the stability of staying on Oracle’s build) and use OpenJDK elsewhere to minimize the number of licenses needed. That’s also valid. For example, maybe use Oracle JDK for an Oracle product that officially requires it, but OpenJDK for custom apps.
Stay Updated: If you switch to OpenJDK, ensure you have a process to get regular updates from the vendor. Oracle’s updates won’t apply, but, for example, Adoptium releases updates in parallel with Oracle’s CPU releases. Manage that so you remain secure.

In summary, migrating to OpenJDK or other free builds can immediately stop the meter on Oracle licensing costs. Many organizations have done this after 2019; it’s a prime reason Oracle introduced NFTC to entice some back. Just handle the transition carefully and be mindful of any past usage exposure.

60. We never bought Oracle Java; can Oracle still audit or charge us for using it?

Yes, even if you never purchased Java, Oracle can pursue compliance if you’re using their software.

Key points:

License Acceptance: By downloading or using Oracle Java (even if it is a free download), you agree to Oracle’s license terms. Those terms include restrictions and Oracle’s right to enforce them. So even without a purchase, if you’re using Oracle’s intellectual property beyond what’s permitted, Oracle can assert that you violated copyright/license.
Audit Rights: If you have any Oracle agreement (say an Oracle Master Agreement for other products), it might include audit rights for “Oracle programs,” which could encompass Java. Even if not, Oracle can request a license review or threaten legal action for unlicensed use. It might not be a classic “contract audit” but more of an infringement claim.
Precedent: Many companies audited for Java had never paid a cent for Java before. That didn’t stop Oracle from auditing them. Oracle essentially says, “You are using our software unlicensed. You need to pay up now (and in the future).” It doesn’t matter that you never had a contract—the contract was the click-through you accepted and then violated.
Risk of Non-Compliance: If you ignore Oracle’s compliance outreach because “we never bought anything, no contract,” Oracle could escalate to a legal cease-and-desist or litigation for copyright infringement. That’s a risk not worth taking for most.
Better Approach: It’s better to proactively eliminate or license any Oracle Java use rather than hope Oracle won’t notice because you never engaged with them. Oracle has various ways to find out usage (as discussed, triggers like downloads, or even scanning job postings – e.g., if your company posts a job for “Java developer for our systems,” Oracle knows you use Java).

So, even without prior dealings, you’re not invisible. Oracle can enforce its rights if it discovers unlicensed Java use. Being proactive (either by licensing properly or migrating away from Oracle JDK) is the safer path to avoid a nasty surprise. Oracle’s aggressive stance since 2019 shows that it is willing to chase down even those who have never paid customers.

Final Note: Oracle Java licensing and audits are complex, but with the right understanding and preparation, you can manage compliance and avoid surprises. Keep track of which Java you are using, stay updated on Oracle’s policies (Java SE licensing changes from Java 8 to 21 and beyond), and don’t hesitate to seek expert advice for your specific situation.

This will empower you to make informed decisions—whether to stay on Oracle’s Java with subscriptions or move to alternatives—and to confidently handle any Oracle audit inquiries that come your way.

Do you want to know more about our Oracle Java Advisory Services?

Author

Fredrik Filipsson

Fredrik Filipsson brings two decades of Oracle license management experience, including a nine-year tenure at Oracle and 11 years in Oracle license consulting. His expertise extends across leading IT corporations like IBM, enriching his profile with a broad spectrum of software and cloud projects. Filipsson's proficiency encompasses IBM, SAP, Microsoft, and Salesforce platforms, alongside significant involvement in Microsoft Copilot and AI initiatives, improving organizational efficiency.
View all posts