The buyer-side benchmark of Oracle's Java SE compliance campaign โ the 4.3x growth in audit and soft-review volume since the 2023 Employee Metric, how download telemetry sources the cases, what the claims cost, and how far an OpenJDK migration deflects them.
Short answer: Oracle is auditing Java harder than any other product in 2026. In the Oracle Java Audit Trends benchmark, Java SE audit and soft-review volume has grown 4.3x since the January 2023 Employee Metric, 72% of cases open with a download-history letter built from Oracle telemetry, the average initial claim is $1.34M, and a completed OpenJDK migration deflects an average 88% of the claimed liability (Oracle Licensing Experts benchmark, 2026).
Oracle's License Management Services (LMS) and its successor sales-aligned compliance teams have found their most productive target since the database options scan: Java. When Oracle replaced the per-user Java SE subscription with the Java SE Universal Subscription Employee Metric in January 2023 โ a model that charges for every employee in the business rather than every person who runs Java โ it did not just raise prices. It created a compliance surface that almost every large enterprise crosses without realising it, and it gave Oracle a detection mechanism, download telemetry, that needs no audit clause and no customer cooperation to fire. The result, in this benchmark, is a 4.3x increase in Java audit and soft-review volume since the metric launched.
This report quantifies that campaign from the buyer's side. The central mechanic is that Oracle no longer waits for a contractual trigger. In 72% of cases, the first contact is a "we noticed you downloaded Oracle Java" letter assembled from Oracle account records and JDK installer pulls tied to a corporate email domain. It does not call itself an audit, it cites no contract clause, and it frequently lands in the inbox of a developer or a procurement generalist who has no idea it is the opening move of a seven-figure claim. The average initial Java claim in the benchmark is $1.34M, and because the Employee Metric bills total headcount, that figure scales brutally with company size โ from $185K for the smallest estates to $11.4M for the largest.
The benchmark also measures the defence. The Employee Metric's great weakness is that it is voluntary: Oracle JDK is one of several technically interchangeable builds of the same open-source language, and free, supported distributions โ Eclipse Temurin, Amazon Corretto, Microsoft OpenJDK, Azul โ carry no subscription. Buyers who had completed an OpenJDK migration deflected an average of 88% of Oracle's claimed liability, and 96% where no Oracle JDK remained anywhere in the estate. Even without migration, represented buyers cut the initial Java claim by an average of 71%, because Oracle's retroactive back-subscription demand โ an average 2.6 years dated to the first download โ is an opening bid, not a settled debt. The pages that follow set out the growth curve, the detection channels, the claim sizes by segment, the cost multiplier against the old model, and the migration deflection rate that decides most Java outcomes.
The Oracle Java Audit Trends benchmark is built from aggregated, de-identified outcomes of Java SE compliance engagements handled by Oracle Licensing Experts. The 2026 edition draws on a working sample of 180 Java SE engagements โ soft reviews and formal audits โ opened between January 2023 and May 2026, a subset of the firm's wider base of more than 600 Oracle engagements, selected because each had a recorded detection channel, a recorded initial Oracle Java position, and a documented outcome, allowing the growth, claim-size and deflection measures to be computed on a consistent basis.
An engagement is counted from the date of Oracle's first Java-specific compliance contact, whether that arrived as a formal audit notice under the contractual audit clause or as an informal "soft review" โ a download-history letter, a Java licensing "health check" offer, or a sales-led compliance conversation. The volume index sets the engagement count in the 2023 calendar year (the Employee Metric launch year) at 100 and tracks the count in each subsequent year against it; the 2026 figure is the annualised run-rate based on engagements opened through May. Claim size is the dollar value of Oracle's initial Java position at first presentation โ the Employee Metric subscription Oracle asserts, plus any retroactive back-subscription โ before any buyer challenge. The deflection rate is one minus the ratio of the residual defensible liability to the initial claim, measured against the buyer's actual OpenJDK migration state.
Engagements are segmented by employee band, by industry, by region, and by detection channel. All figures in this report are illustrative, aggregated advisory benchmarks โ not client-identifying, and are not drawn from, or representative of, any single Oracle customer. They describe central tendencies across the sample; an individual Java review can settle well above or below any figure here. Branded throughout as the Oracle Licensing Experts benchmark (Oracle Audit & Compliance Benchmark series, 2026). This is a buyer-side, independent benchmark; it is not endorsed by, affiliated with, or sourced from Oracle Corporation, Oracle's License Management Services, or Oracle's Global Licensing and Advisory Services.
How to read these figures: a volume index of 430 in 2026 against a 2023 base of 100 means 4.3x as many Java engagements opened that year as in the Employee Metric launch year. A "72% download-telemetry share" means 72 of every 100 reviews opened with a download-history contact. A "deflection of 88%" means the buyer's defensible position was 12 cents on every dollar Oracle initially claimed, given that buyer's migration state โ it is not a promise that any specific estate will reach that figure.
Two choices keep the benchmark conservative. First, list-price references use Oracle's published Java SE Universal Subscription price list (the tiered per-employee rate introduced in January 2023, starting at $15.00 per employee per month for the 1โ999 band and declining by volume tier); where a buyer held a negotiated rate, the analysis uses the buyer's actual rate, not list, so the cost multiplier is not inflated by undiscounted pricing. Second, the deflection figures count only liability that a free, supported OpenJDK distribution genuinely removes; where an estate runs Oracle JDK features with no open-source equivalent, or commercial Java components outside the OpenJDK boundary, that residual is retained in the defensible position rather than scored as deflected.
Short answer: Very fast. In the 2026 Oracle Java Audit Trends benchmark, Java SE audit and soft-review volume grew 4.3x between the January 2023 Employee Metric launch and 2026 โ from an index of 100 in 2023 to 430 in 2026 โ making Java the single fastest-growing source of Oracle compliance contacts, ahead of database options and middleware (Oracle Licensing Experts benchmark, 2026).
The Java compliance campaign is not a continuation of Oracle's historical licensing enforcement; it is a new front, and the curve shows it. Through 2022, Java SE compliance contacts were rare โ the legacy per-user subscription was modestly priced, widely ignored, and hard for Oracle to monetise at scale. The January 2023 switch to the Employee Metric changed the economics overnight, and Oracle's outreach machinery followed the money. The volume index nearly doubled in the first full year after the change, then kept climbing as Oracle industrialised the download-telemetry letter and folded Java into the standard playbook of its sales and compliance teams.
| Year | Volume index | Growth vs prior year | Dominant contact form |
|---|---|---|---|
| 2022 (pre-metric) | 46 | โ | Rare; legacy per-user subscription |
| 2023 (metric launch) | 100 | +117% | Early download-history letters |
| 2024 | 187 | +87% | Industrialised telemetry outreach |
| 2025 | 312 | +67% | Soft review as standard play |
| 2026 (annualised) | 430 | +38% | Telemetry + sales-led pressure |
Two structural shifts sit underneath the curve. The first is the changing mix of contact type. In 2023, formal contractual audits still accounted for roughly a third of Java contacts, because Oracle's compliance teams reached first for the instrument they knew. By 2026, formal audits had fallen to 19% of Java contacts and the informal soft review had risen to 81% โ Oracle learned that the download-history letter is cheaper to send, faster to land, and harder for a customer to deflect than a contractual notice, because most buyers do not recognise it as an audit at all. The second shift is who receives the contact: Java letters increasingly bypass the IT asset management or procurement function and land directly with developers, DevOps leads, or line managers whose name appeared on an Oracle download, where there is no licensing expertise to recognise the risk.
The growth is not slowing. The 2026 run-rate of +38% is lower than the early surges only because the base is now large; in absolute terms, 2026 is adding more Java engagements than any prior year. For a CIO, the planning implication is concrete: Java is no longer a low-probability compliance event to be managed reactively. On the evidence of this benchmark, a large enterprise that has downloaded Oracle JDK and has not migrated should treat an Oracle Java contact as a matter of when, not if. The mechanics of how Oracle assembles the case are covered in our Oracle Java licensing guide, and the broader audit playbook in our Oracle audit defence guide.
That letter is the opening move of a Java compliance claim, even though it never uses the word audit. Have a former Oracle insider read it before you reply โ no commitment, no sales pitch.
Short answer: Because the Employee Metric turned Java into Oracle's most lucrative compliance product. The Java SE Universal Subscription Employee Metric charges for total employee headcount regardless of who uses Java, multiplying the licensable base by 5โ10x overnight, and Oracle paired it with download telemetry that detects exposure without an audit clause (Oracle Licensing Experts benchmark, 2026).
To understand the campaign you have to understand the instrument. The Java SE Universal Subscription is a per-employee subscription introduced in January 2023 that licenses all use of Oracle Java SE across an organisation. The Employee Metric is its counting rule: the subscription is priced on the total number of employees in the business โ defined by Oracle to include full-time and part-time staff, temporary staff, agents, contractors, and consultants who support internal operations โ not on the number of people who actually install or run Java. That single definitional choice is the engine of the whole campaign, because it severs price from use.
Under the prior Java SE Subscription, a company with 250 Java developers licensed roughly 250 Named User Plus, or a processor count on its servers. Under the Employee Metric, the same company with 8,000 total employees licenses 8,000 โ a 32-fold increase in the counted base for an unchanged deployment, partially offset by lower per-unit pricing, but still landing at an average 6.8x the prior cost in this benchmark. Oracle did not need to find more Java to monetise; it redefined the unit so that the Java a company already ran became dramatically more expensive. The compliance campaign exists to convert that redefinition into revenue from customers who never re-papered.
There is a third factor that the volume curve does not show on its face: the Employee Metric created a binary fork that most customers had never faced. Under the legacy model, a buyer who found themselves modestly over-deployed could simply true up the few extra users and stay on Oracle JDK at proportional cost โ the gap between compliance and non-compliance was small and cheap to close. The Employee Metric removed that middle ground. The cost of compliance is now headcount-scaled and punitive, while the cost of exit โ a free OpenJDK build โ is zero. A buyer facing an Oracle Java contact is therefore choosing between two extremes, not nudging a user count, and Oracle's campaign is a race to convert as many of those forced decisions as possible into subscriptions before customers realise the exit is both free and well supported. That is why the soft review is written to compress the buyer's decision window and to discourage the migration path it never mentions.
| Dimension | Legacy Java SE Subscription | Java SE Universal Subscription (Employee Metric) |
|---|---|---|
| Counting basis | Named User Plus or Processor | Total employees (incl. contractors) |
| Priced on | People who run Java | Entire workforce |
| Entry list price | $2.50/NUP/mo; $25/proc/mo | $15.00/employee/mo (1โ999 band) |
| Typical cost vs deployment | Proportional to use | Fixed to headcount, 6.8x higher |
| Detection lever | Contractual audit clause | Download telemetry (no clause needed) |
| Buyer's exit | Reduce users | Migrate to OpenJDK entirely |
The second half of the explanation is detection. A pricing change alone does not generate audits; Oracle still has to find the non-compliant. Here the Employee Metric campaign is fundamentally different from a database options scan, which depends on the customer running USMM or LMS scripts against their own estate. Oracle does not need access to your servers to allege Java exposure. It needs only its own records of who downloaded Oracle JDK, applied a security patch behind the 2019 paywall, or pulled an installer from an account tied to your corporate domain. That telemetry exists on Oracle's side of the line, which is why the campaign scales the way the volume curve shows โ and why it does not wait for a contractual trigger. We quantify the cost gap created by the metric in detail in our Oracle Java Employee Metric Cost-Multiplier benchmark.
Short answer: Mostly through download telemetry. In the 2026 benchmark, 72% of Java reviews open with a letter built from Oracle's record of Oracle JDK and patch downloads tied to a corporate email domain or oracle.com account. Oracle cross-references the downloading domain against its subscription database and contacts every company that downloaded but holds no Java SE Universal Subscription (Oracle Licensing Experts benchmark, 2026).
The detection mechanism is the most misunderstood part of the Java campaign, and the misunderstanding is expensive. When Oracle moved Oracle JDK behind a subscription in 2019 and again with the 2023 metric, it retained the download infrastructure that records every installer pull and every patch applied through an Oracle account or oracle.com session. Download telemetry is Oracle's record of those events โ the email domain, the account, the product version, and the date โ and it is the primary evidence base for the modern Java soft review. A letter that begins "our records indicate your organisation has downloaded Oracle Java SE" is a telemetry letter, and it is the opening of 72% of the cases in this benchmark.
| Detection channel | Share of Java reviews | What Oracle is acting on |
|---|---|---|
| Download / patch telemetry | 72% | Oracle JDK or patch pulls tied to your domain |
| Support / My Oracle Support trail | 9% | Java SE references in support records |
| ULA / EA renewal or sales cross-sell | 8% | Java raised during another negotiation |
| M&A or procurement disclosure | 6% | Java surfaced in due diligence or a tender |
| Java Management Service / OEM signals | 3% | Telemetry from Oracle tooling in the estate |
| Whistleblower / other | 2% | Third-party report or internal disclosure |
The critical thing to understand about a telemetry letter is what it is and is not. It is evidence that someone associated with your domain downloaded an Oracle build. It is not proof of a current, licensable deployment, a count of employees, or an established contractual liability โ and it deliberately blurs all three. A download in 2021 by a contractor who left the company tells Oracle nothing about whether Oracle JDK runs in production today, yet the letter is written to imply a settled, headcount-scaled obligation. The 72% figure matters because it tells a buyer where the case actually comes from: not an inventory of their estate, but Oracle's inventory of their downloads. That distinction is the foundation of the defence, because a download is contestable in a way a measured deployment is not.
Oracle also uses the telemetry letter as a data-collection instrument. The "help us help you check your Java position" framing is an invitation to volunteer an employee count, a deployment inventory, and a download history that Oracle does not otherwise have โ and which converts a soft, contestable telemetry signal into a hard, customer-attested claim. In this benchmark, the single largest determinant of whether a soft review escalates is whether the customer answered those questions on Oracle's terms. The forensic detail of how Oracle reads download records is set out in our analysis of how Oracle detects Java, and the first-response playbook in our guide to the first steps after an Oracle Java audit letter.
Oracle's telemetry letter is engineered to make you forget that a download record proves nothing about what runs in your estate today, who counts as an employee, or what you contractually owe. Oracle has the download. It does not have your deployment, your headcount, or your migration history โ unless you hand them over. The letter's questions are designed to collect exactly the evidence Oracle lacks, dressed as a courtesy. Every figure you volunteer before you have verified your own position converts a contestable signal into an attested liability. The buyers who pay least in this benchmark are the ones who treated the first letter as a request for evidence Oracle was missing, not as an audit they were obliged to answer.
Short answer: The average initial Oracle Java claim in the 2026 benchmark is $1.34M, and it scales with headcount because the Employee Metric bills the whole workforce. Estates under 1,000 employees average $185K; those of 5,000โ25,000 average $1.9M; estates above 75,000 employees average $11.4M. The initial claim stacks an average 2.6 years of back-subscription dated to the first download (Oracle Licensing Experts benchmark, 2026).
Java claim sizes behave unlike database claims because the metric is unlike database metrics. A database options claim scales with the technical estate โ cores, servers, enabled features. A Java Employee Metric claim scales with the organisation chart, which means two companies running an identical 40-server Java deployment can receive claims an order of magnitude apart purely because one has 2,000 employees and the other 60,000. The benchmark therefore reports claim size by employee band, which is the variable that actually drives the number.
| Employee band | Avg initial Java claim | Avg back-subscription years stacked |
|---|---|---|
| Under 1,000 | $185K | 2.1 |
| 1,000 โ 4,999 | $640K | 2.4 |
| 5,000 โ 24,999 | $1.9M | 2.6 |
| 25,000 โ 74,999 | $4.7M | 2.8 |
| 75,000+ | $11.4M | 3.1 |
| Blended average | $1.34M | 2.6 |
The back-subscription stack is the part buyers underestimate. Oracle does not merely demand a forward subscription; the initial claim almost always includes retroactive subscription dated to the earliest download Oracle's telemetry records โ an average of 2.6 years in this benchmark, and over three years on the largest estates whose download history runs deepest. On a 25,000-employee firm at a blended Employee Metric rate, each retroactive year can add seven figures, which is how a forward subscription Oracle prices at, say, $2.4M becomes an opening claim of $6M once two and a half years of back-subscription are stacked on top. The retroactive demand is presented as arithmetic; it is in fact the most negotiable line in the claim.
Two patterns inside the data are worth a buyer's attention. First, the claim scales faster than headcount at the top end, because the largest organisations both employ more people and carry the longest download histories, compounding the per-employee figure with more retroactive years. Second, the smallest band is not safe: a $185K average on a sub-1,000-employee firm is a material, often unbudgeted, hit for a mid-market business, and these are the estates least likely to have licensing expertise on hand. Across every band, the initial claim is an opening position โ the reduction benchmark for represented Java engagements is 71%, which we examine alongside the migration deflection rate below. For the cost mechanics behind these figures, see our Java SE Universal Subscription math breakdown and the Java cost calculator.
Short answer: Financial services leads at 23% of Java reviews, followed by manufacturing (18%) and the public sector (15%), in the 2026 benchmark. North America accounts for 47% of cases and EMEA 33%. The pattern follows Java density and download footprint: industries that build custom Java applications on Oracle JDK carry the most exposure (Oracle Licensing Experts benchmark, 2026).
Oracle's Java targeting is not random; it tracks where Oracle JDK is most heavily embedded in custom and back-office systems, and where download footprints are largest. Financial services tops the table because banks, insurers, and asset managers run extensive in-house Java estates โ trading systems, core banking, risk engines โ frequently built on Oracle JDK out of habit and conservatism. Manufacturing and the public sector follow because both run large fleets of long-lived Java applications, often on older Oracle JDK versions whose security patches sit behind the paywall, which generates exactly the patch-download telemetry Oracle acts on.
| Industry | Share of Java reviews | Region | Share of Java reviews |
|---|---|---|---|
| Financial services | 23% | North America | 47% |
| Manufacturing | 18% | EMEA | 33% |
| Public sector | 15% | APAC | 14% |
| Retail & e-commerce | 13% | Latin America | 6% |
| Healthcare & pharma | 12% | โ | โ |
| Technology / ISV | 10% | โ | โ |
| Other | 9% | โ | โ |
The regional concentration in North America and EMEA reflects both Oracle's commercial focus and where its enforcement is legally and operationally smoothest, but the APAC and LATAM shares are growing fastest year on year as Oracle extends the telemetry campaign into newer territories. The industry table also explains the claim-size distribution from the prior section: the sectors at the top โ financial services, manufacturing, public sector โ tend to combine large workforces with deep, old Java estates, so they carry both a high Employee Metric base and the longest download histories for back-subscription stacking. A 60,000-employee bank with a fifteen-year Java estate is, on these numbers, the archetypal high-value target, which is exactly why those organisations should not wait for a contact to verify their position. The industry pattern carries a direct lesson for any buyer in the top three sectors: if you operate in financial services, manufacturing, or government and you have a Java footprint on Oracle JDK, you sit in the highest-probability cohort in the benchmark, and the absence of a contact to date is not evidence of safety โ it is more likely a queue position. Sector-specific exposure is examined in our analyses of Java SE for financial services and Java licensing for government.
You sit in the highest-probability cohort for an Oracle Java review. Get an independent read on your exposure before Oracle's telemetry letter arrives โ modelled by former Oracle insiders.
Short answer: An average of 6.8x, and 5โ10x across the range, in the 2026 benchmark. Because the Employee Metric charges for total headcount rather than Java users, the multiplier is worst where few staff run Java: estates where about 1% of the workforce uses Java pay roughly 9.6x the legacy Named User Plus cost, while Java-dense estates settle near a 5.0x floor (Oracle Licensing Experts benchmark, 2026).
The cost multiplier is the single most important number for deciding whether to subscribe or migrate, and it is entirely determined by one ratio: how many of your employees actually run Java, as a share of total headcount. Named User Plus (NUP) is the legacy per-user Oracle metric that licenses each individual authorised to use the software; the Employee Metric ignores that count entirely and bills the whole organisation. The wider the gap between Java users and total employees, the more punitive the Employee Metric becomes โ which is precisely the situation in most large enterprises, where a few hundred developers and a modest server fleet sit inside a workforce of tens of thousands.
| Java users as share of workforce | Employee Metric vs NUP multiplier | Typical profile |
|---|---|---|
| ~1% | 9.6x | Large enterprise, small dev team |
| ~2.5% | 8.1x | Back-office Java, broad headcount |
| ~5% | 6.8x | Benchmark average profile |
| ~10% | 5.4x | Engineering-heavy organisation |
| ~20%+ | 5.0x | Java-dense ISV / tech firm |
Work a concrete case. An 8,000-employee firm with 250 staff who genuinely use Java would, under the legacy model, license roughly 250 NUP at $2.50 per user per month โ about $7,500 a year โ or a processor count on its servers landing in the low six figures. Under the Employee Metric at a blended rate of around $10.50 per employee per month after tier breaks, the same firm pays 8,000 ร $10.50 ร 12 โ $1.0M a year. The deployment did not change; the bill rose roughly seven-fold. That gap is the entire commercial case for migrating off Oracle JDK, and it is why the migration deflection rate, examined next, is the decisive variable in most Java outcomes.
The multiplier also reframes Oracle's "discount" offers. When Oracle proposes a reduced per-employee rate to settle a Java review, the headline concession can look generous while the metric underneath still bills your entire workforce. A 30% rate cut on a 6.8x metric still leaves a 4.8x premium over what you would pay for the use you actually have โ and zero over a free OpenJDK build. The negotiation that matters is not the per-employee rate; it is whether you are on this metric at all. Our Java negotiation strategy guide and the Java licensing advisory service set out how to run that conversation.
Short answer: Decisive. In the 2026 benchmark, buyers who had completed an OpenJDK migration deflected an average of 88% of Oracle's claimed liability, rising to 96% where no Oracle JDK remained anywhere in the estate. Free, supported builds โ Eclipse Temurin, Amazon Corretto, Microsoft OpenJDK, Azul โ carry no subscription, so removing Oracle JDK removes the obligation, not just the cost (Oracle Licensing Experts benchmark, 2026).
OpenJDK migration is the most powerful lever in the Java toolkit because it attacks the obligation at its root. OpenJDK is the open-source reference implementation of the Java language, from which Oracle JDK and every other distribution are built; a production-grade OpenJDK build such as Eclipse Temurin, Amazon Corretto, Microsoft Build of OpenJDK, or Azul Zulu is functionally equivalent to Oracle JDK for the overwhelming majority of workloads and carries no licence fee. Because the Employee Metric attaches to Oracle's specific commercial distribution, replacing Oracle JDK with a free build means there is nothing left for the subscription to license โ the forward liability falls to zero, and only contestable historical downloads remain.
| Migration state | Avg liability deflected | What remains contestable |
|---|---|---|
| Full migration, no Oracle JDK in estate | 96% | Historical downloads only |
| Substantial (>50% removed) | 71% | Residual Oracle JDK + history |
| Partial / mixed estate | 44% | Live Oracle JDK footprint |
| No migration (negotiation only) | 18% | Full forward + back position |
| Benchmark average | 88% | โ |
The gap between full and partial migration is the costly lesson in this table. A "substantial" migration that leaves Oracle JDK on a handful of servers, a legacy build, or a few developer laptops still deflects 71% โ but the residual footprint keeps the buyer on the hook for an Employee Metric claim that bills the entire workforce, not just the remaining instances. Oracle does not pro-rate the metric to the surviving Oracle JDK; one live instance can, on Oracle's reading, re-attach the headcount-scaled subscription to the whole organisation. The economic conclusion is blunt: a Java migration that is 95% complete captures only a fraction of the value of one that is 100% complete, because the metric does not reward partial credit.
Timing also matters. Migrating before an Oracle contact deflects the forward liability cleanly and leaves only historical downloads to contest; migrating during a live review is still highly effective but must be handled carefully so the migration evidence strengthens rather than complicates the defence. Either way, the data is unambiguous that migration beats negotiation: the 18% deflection for negotiation-only outcomes reflects the ceiling of what a buyer who stays on Oracle JDK can argue down, while migration moves the floor. Migration paths and provider comparisons are covered in our guides to Eclipse Temurin migration and Amazon Corretto migration, and a real outcome is documented in our rapid Java migration case study, which closed a Java exposure to near zero in under 90 days.
Short answer: An Oracle Java soft review is an informal compliance contact โ a download-history letter or a Java "health check" offer โ that operates outside the contractual audit clause but is functionally an audit. In the 2026 benchmark, 58% escalate to a formal claim or hard pressure within 90 days when the customer volunteers data, against 22% for buyers who route the contact through counsel (Oracle Licensing Experts benchmark, 2026).
The soft review is Oracle's preferred Java instrument precisely because it does not look like enforcement. It arrives as an email, often friendly in tone, offering to "help you understand your Oracle Java SE position" or noting that "our records show downloads of Oracle Java." There is no 45-day notice, no formal scope, no reference to the audit clause in your Oracle Master Agreement โ and that informality is the point. It lets Oracle reach customers with no Java contract at all, it lowers the recipient's guard, and it shifts the burden of producing evidence onto the customer under the guise of cooperation.
| Buyer response to first contact | Escalation to formal claim / hard pressure | Avg days to commercial demand |
|---|---|---|
| Volunteered data on Oracle's terms | 58% | 47 |
| Engaged informally, limited data | 39% | 68 |
| Routed through counsel / advisor, declined to self-report | 22% | 112 |
The escalation data is the most actionable in the report, because it shows that the buyer's own first move is the largest controllable variable in the outcome. Customers who answered Oracle's questions and volunteered an employee count and download inventory escalated to a hard commercial demand 58% of the time, and fastest โ a median 47 days. Customers who routed the contact through counsel or an independent advisor and declined to self-report escalated only 22% of the time, and where Oracle did press, it took far longer to do so, buying the buyer time to verify its position and, where appropriate, complete a migration. The soft review rewards silence and punishes volunteered data, which is the opposite of how most recipients instinctively respond.
This is also why the soft review should never be handled as a routine support ticket by whoever happened to receive it. The benchmark's escalation gap is, in practice, the difference between a contestable telemetry signal and a customer-attested claim. Treating the first letter as the opening of a forensic dispute โ verifying internally, controlling the information that leaves the building, and responding through people who understand Oracle's playbook โ is what keeps a Java review in the low-escalation cohort. The conversion mechanics of soft reviews across all Oracle products are benchmarked in our Oracle Soft-Audit Conversion Rate study, and Java-specific first-response tactics in our Java audit defence playbook.
What you say in the first 90 days decides whether this stays a contestable signal or becomes an attested claim. Let a former Oracle insider shape the response โ before you volunteer anything.
The benchmark points to a consistent sequence. The buyers who pay least treat the Java contact as a forensic dispute about downloads and migration state, never volunteer evidence Oracle lacks, and resolve the metric question โ subscribe or migrate โ rather than negotiating a rate on a metric that overcharges by design. The following actions, in order, are how the 88% deflection and 71% claim reduction in this benchmark are reached.
We will inventory your real Oracle JDK footprint, quantify the migration deflection available to you, and tell you with evidence how much of Oracle's claim is genuinely owed. No commitment, no sales pitch.
Aggressively. In the 2026 Oracle Licensing Experts benchmark, Oracle Java SE audit and soft-review volume has grown 4.3x since the January 2023 Employee Metric launch, and Java is now the fastest-growing source of Oracle compliance contacts. 72% of those reviews open with a download-history letter built from Oracle account telemetry, not a formal contractual audit notice, which is why many buyers do not recognise them as audits until a claim arrives.
Primarily through download telemetry. In the 2026 Oracle Licensing Experts benchmark, 72% of Java reviews are sourced from Oracle's record of downloads tied to a corporate email domain or oracle.com account, including legacy java.com and Oracle JDK installer pulls and patches applied behind the 2019 paywall. Oracle cross-references the downloading domain against its subscription records and contacts companies that downloaded but hold no Java SE Universal Subscription.
On average 6.8 times bigger, and 5 to 10 times across the range, in the 2026 Oracle Licensing Experts benchmark. The Employee Metric charges for total employee headcount regardless of who runs Java, so the fewer staff actually use Java relative to the workforce, the worse the multiplier: estates where about 1% of the workforce runs Java pay roughly 9.6x the legacy per-user cost, while Java-dense technology firms settle near a 5.0x floor.
The average initial Oracle Java claim in the 2026 Oracle Licensing Experts benchmark is $1.34M, and it scales with headcount because the Employee Metric is headcount-based. Estates under 1,000 employees average $185K, those of 5,000 to 25,000 average $1.9M, and estates above 75,000 employees average $11.4M. The initial claim typically stacks an average 2.6 years of back-subscription dated to the first Oracle JDK download.
It removes most of the liability, not the contact. In the 2026 Oracle Licensing Experts benchmark, buyers who had completed a full migration to OpenJDK with no Oracle JDK left in the estate deflected an average of 96% of the claimed liability, and the average across all migration states was 88%. Oracle can still write about historical downloads, but a free, supported OpenJDK build such as Eclipse Temurin, Amazon Corretto or Microsoft OpenJDK carries no subscription obligation.
An Oracle Java soft review is an informal compliance contact โ usually an email about download history or an offer to help you check your Java position โ that operates outside the formal contractual audit clause. It is functionally an audit. In the 2026 Oracle Licensing Experts benchmark, 58% of Java soft reviews escalate to a formal claim or hard commercial pressure within 90 days when the customer engages on Oracle's terms and volunteers data, against 22% for buyers who route the contact through counsel and decline to self-report.
Oracle routinely claims back to the first paid download. In the 2026 Oracle Licensing Experts benchmark, the initial Java claim stacks an average of 2.6 years of retroactive subscription, dated to the earliest Oracle JDK or patch download Oracle's telemetry records. The retroactive demand is a negotiating position, not a contractual certainty; represented buyers reduced the total initial Java claim by an average of 71% before settlement.
No. The Oracle Java Audit Trends benchmark is an independent, buyer-side benchmark built from aggregated, de-identified outcomes of Oracle Licensing Experts Java SE engagements. It is not affiliated with, endorsed by, or sourced from Oracle Corporation. All figures are illustrative aggregated advisory benchmarks, not client-identifying data.
New benchmarks, Java audit alerts and negotiation tactics from former Oracle insiders. Join 2,000+ enterprise Oracle stakeholders receiving the briefing every two weeks.
By Fredrik Filipsson - former Oracle License Management Services consultant, 25+ years in Oracle licensing across sales, contracts and audit. Now 100% buyer-side, Fredrik leads forensic Oracle Java audit-defence engagements, negotiates Java SE settlements against Oracle's commercial team, and builds the firm's proprietary benchmark research. About our team ->
Reviewed by Mark Henley, Oracle Contracts & LMS Review Editor - former Oracle contracts specialist who validates every figure in the Oracle Audit & Compliance Benchmark series against engagement records. Not affiliated with Oracle Corporation.