Embedded Java Licensing & OEM Agreements: What Hardware/Software Vendors Need to Know
Executive Summary:
Oracleโs changes to Java SE licensing have turned a once โfreeโ technology into a potential cost and compliance risk for enterprises.
If you bundle Java in hardware or software products, itโs critical to understand which Java versions now require paid licenses, when free public updates ended, and how Oracleโs โfreeโ terms (OTN and NFTC) really work.
This advisory explains the post-2019 Java licensing landscape, compares Oracleโs subscription with third-party support (Azul, IBM, Red Hat), and provides a decision matrix for choosing whether to pay Oracle, use a third-party option, or migrate to the free OpenJDK.
Short, practical insights with real-world examples will help IT, procurement, and finance leaders manage Java in OEM scenarios with confidence and neutrality.
Java Licensing Shift: From Free to Fee (Post-2019 Changes)
Insight: Oracle Java was historically free for most uses under the Binary Code License (BCL), which led many vendors and enterprises to assume Java came at no cost.
This changed in 2019, when Oracle ended free public updates for Java 8 and later versions in commercial settings.
Oracle replaced the BCL with the Oracle Technology Network (OTN) license for Java SE, which made Java free only for personal use or development/testing โ not for production. In other words, running Java in business applications now generally requires a paid license or subscription.
Real-World Scenario:
Imagine a bank running a critical application on Java SE 8 in 2020. Before 2019, they freely downloaded Java updates. After January 2019, free updates for Java 8 ceasedย โ the next security patch required the purchase of Oracleโs Java SE subscription.
Many companies were caught off guard; some continued using outdated Java 8 (risking security) while others scrambled to budget for an unexpected new expense.
Another example: a software vendor that had assumed Java was free was suddenly forced to inform customers to either pay Oracle or cease updating Java, creating confusion and risk.
Takeaway: If your organization uses Java (especially older versions, such as 8 or 11) in production, assume that a paid license will be required for updates and support after 2019. Check which Java versions youโre running:
- Java SE 8: Free public updates stopped in April 2019 for commercial use. Any business still on Oracleโs Java 8 needs a subscription (or an alternative source of updates) for security patches.
- Java SE 11: As an LTS released after the rule change, Oracleโs JDK 11 has never been free for production under OTN terms โ only dev/test use is free. Production deployments required a subscription from day one.
- Java SE 17: Oracle introduced the No-Fee Terms and Conditions (NFTC) with Java 17 in 2021. NFTC allowed Java 17 to be used in production for free, but only until one year after the next Long-Term Support (LTS) release. In practice, Java 17โs free-update window closed in late 2024 once Java 21 was out. After that, staying on Java 17 means no more free patches โ you must either pay Oracle for support or upgrade to Java 21 (which starts its temporary free period under NFTC).
- Java SE 21: The current LTS (from 2023) is under NFTC and free for all use until one year after Java 25โs release (expected 2025โ26). After that, the cycle repeats.
Staying on older versions long-term will require you to enter into a paid support contract (Oracle or third-party).
Oracleโs strategy is clear: if you wonโt continually upgrade to the latest Java, youโll eventually need to budget for it.
Every IT leader should note the dates when free support for their Java versions ends to avoid unpleasant surprises.
Embedded Java in OEM Products: Hidden Compliance Risks
Insight:
If youโre a hardware or software vendor embedding Java SE into your products, you cannot assume Java is โfreeโ for you or your customers. Oracle requires a special OEM agreement for vendors to redistribute Java with their applications or devices.
Without an Oracle Java redistribution license, bundling the Oracle JDK/JRE in your product could put both you and your customers at risk of non-compliance.
Historically, many independent software vendors (ISVs) and device manufacturers avoided paying Oracle by simply instructing customers to install Java themselves.
This tactic was effective when Java updates were free, but it becomes risky and problematic after 2019.
Real-World Scenario:
Consider a medical device manufacturer that incorporates a Java runtime into its equipment software. Before 2019, they never paid Oracle โ Java was bundled under Sun/Oracleโs old free terms.
After the licensing change, this vendor faces a choice: (1) Obtain an OEM Java license from Oracle, which involves negotiation and fees, or (2) remove Oracle Java and require customers to install Java (or use an open source alternative). Many chose the second option earlier to save costs.
For example, an enterprise software vendorโs install guide might say: โBefore installing our app, download and install Oracle Java 8.โ This defers Java licensing to the customer (who clicks through Oracleโs license).
That trick worked under the free-update era. However, after 2019, the customer may now be unknowingly running Java in production without a valid license, as updates require payment.
Another scenario: VMwareโs vSAN product historically embedded Oracle Java. VMware secured a commercial Java SE Embedded Use license from Oracle to cover its customers, but that agreement had an expiration.
VMware publicly stated that as of a certain date (late 2022), they stopped shipping Oracle Java with their product.
Customers had to update Java on their own (or VMware moved to an open JDK).
This illustrates that even large vendors needed OEM deals, and when those deals lapsed, the onus shifted back to users.
Takeaway: Hardware and software vendors must be diligent in addressing Java licensing for any embedded use:
- If you distribute Oracleโs Java with your product, you need a contract with Oracle (and expect to pay for that right). This is usually a Java SE OEM agreement or an embedded licensing deal that grants redistribution rights for a fee. Failing to comply with this requirement puts you at legal risk, as standard Oracle Java downloads are only licensed for use by the individual end-user, not for third-party distribution.
- If you rely on customers to install Java, make it explicit. Ensure your documentation indicates which Java version is required and that customers are responsible for accepting the license. This doesnโt eliminate risk โ it just passes it on. After 2019, your customers may need a paid Java SE subscription to stay current. This can lead to friction or blame if they later face an audit or security issue.
- A better path: consider bundling an open-source Java runtime (such as OpenJDK builds from Eclipse Temurin or Azul), which can be redistributed without Oracle fees. Many software providers (e.g., SAP, IBM) ship their own Java builds to avoid dependence on Oracle. This route requires testing and certification on the alternate JDK, but it sidesteps Oracle licensing entirely and can be a competitive advantage (no extra Java fees for your customers).
Bottom line: Vendors embedding Java should either pay Oracle for OEM rights or switch to a no-cost OpenJDK distribution.
Simply doing nothing is no longer a viable option โ it leaves a compliance ticking time bomb for you or your users.
Oracleโs Java Subscription Model โ Know Your Costs
Insight:
Oracleโs Java SE Subscription is now the primary way to stay compliant with the Oracle JDK in production; however, its pricing model has evolved and can be costly. Originally, Java SE subscriptions were sold per processor or named user.
In 2023, Oracle introduced a new Universal Subscription with an employee-based metric: companies must license Java for every employee, regardless of how many use Java.
This broad โall employeesโ approach can dramatically increase costs, especially for global enterprises.
Real-World Scenario:
To illustrate the impact: under the old model, a company might have paid ~$25 per server per month for Java, only for the machines running Java workloads. Under the new model, a firm with 10,000 employees must pay Oracle for all 10,000 โ even if only 500 developers use Java.
Oracleโs list pricing starts at $15 per employee per month (with volume discounts down to around $5 at very large scales). For example, a 25,000-employee company could owe over $2 million per year for a Java SE Universal Subscription.
This came as a shock to many IT procurement teams, who had budgeted far less for Java when they could only count the servers or users.
OEM vendors face this dilemma too: if you tried to cover all your productโs end-users under Oracleโs subscription, the costs might be prohibitive (hence the need for separate OEM pricing arrangements or alternatives).
Takeaway: Understand Oracleโs Java pricing before you commit โ itโs no longer a trivial line item.
Key points for procurement and finance:
- Per-Employee Licensing: Oracle now effectively counts your entire workforce (full-time, part-time, contractors) for Java licensing. Even if someone just uses a single Java-based app or touches a system indirectly, theyโre counted. This โwhole enterpriseโ metric simplifies Oracleโs administration but often over-licenses your usage, driving up costs.
- Legacy vs. New Contracts: If you had a pre-2023 Java SE subscription (user- or processor-based), Oracle may allow renewals on the old metric for a limited time; however, new purchases are all employee-based. Be prepared for pressure to transition to the new model at renewal. Negotiate if possible โ some organizations seek concessions or phased approaches, but Oracleโs stance is generally firm on the new metric.
- OEM Specific: Vendors embedding Java might negotiate a custom metric (e.g., per device or application instance) separate from the employee model, but Oracle will tailor that to the situation โ and itโs usually a significant cost based on volume. Always model how an OEM agreement fee compares to the alternative of customers licensing themselves. In some cases, including Java in your product via an Oracle deal could be a market advantage (simplifying life for customers), but you need to bake those costs into your pricing and margins.
Action Item:
Always get a clear pricing quote from Oracle for your Java needs and compare it with third-party options.
What seems โfreeโ (using Oracle JDK without paying) can turn into a surprise audit finding that carries back-dated fees. Budget now to avoid compliance penalties later.
Third-Party Java Support: Azul, IBM, Red Hat & Others
Insight: Oracle is not the only source for Java. Several vendors provide OpenJDK-based builds and support that are Java SE-compliant and enterprise-ready.
These include Azul Systems (Zulu Java platform), IBM (Semeru Runtime, based on OpenJDK), Red Hat (builds of OpenJDK, also powering AdoptOpenJDK/Eclipse Temurin), Amazon Corretto, and others.
These options let you run Java without Oracleโs licensing constraints, often at a much lower cost or even for free, depending on your support needs.
Real-World Scenario:
A global retailer with hundreds of Java-based applications decided not to renew Oracleโs Java subscription in 2022. Instead, they partnered with Azul for Java support. Azul provided them with certified builds of OpenJDK 8 and 11, regular security updates, and SLA-based support โ for roughly 30-50% less cost than Oracleโs price.
The transition was seamless; their applications didnโt require code changes since OpenJDK and Oracle JDK are functionally equivalent (Azulโs Zulu builds passed the same TCK compatibility tests).
Another case: a large bank using Red Hat Enterprise Linux found that by standardizing on Red Hatโs OpenJDK, they received Java updates as part of their OS subscription โ no separate Java fees.
Red Hat and the community (via Eclipse Temurin) keep releasing patches for Java 11 and 17, so the bank stays secure and compliant without paying Oracle.
IBM customers similarly use IBM Semeru (OpenJ9) JVM for IBM middleware, avoiding Oracle costs.
Takeaway: Third-party Java support can significantly reduce costs while maintaining your security.
Consider these points when evaluating alternatives:
- Cost Savings: Third-party support vendors generally charge per Java instance or CPU โ a scope you can control โ rather than per all employees. Azul, for example, offers support contracts for specific Java versions (including extended support for old versions like Java 6, 7, 8) at a fraction of Oracleโs enterprise subscription. This targeted approach often yields big savings for large deployments.
- Quality and Updates: OpenJDK is the reference implementation of Java, and these providers contribute to and use the same codebase as Oracle in many cases. Security updates released in Oracle JDK are typically mirrored in OpenJDK updates (since Oracle contributes fixes to OpenJDK). Many third-party builds have timely patches; some even offer longer support timelines for older versions than Oracle does. For instance, if Oracle stops Java 8 updates, a vendor like Azul might still produce patches for paying customers. This can extend the life of legacy systems safely.
- Vendor Lock-in vs. Flexibility: Replacing Oracle JDK with an OpenJDK distribution means youโre not tied to Oracleโs licenses, reducing audit risk (Oracle canโt audit you for Java if youโre not using Oracleโs binaries). However, you should vet the support vendorโs reliability and ensure your teams are comfortable with the switch. In practice, switching from Oracle JDK to OpenJDK is very straightforward for most applications โ itโs often as simple as installing the new JDK and running tests.
- Support vs. DIY: Not every enterprise needs paid Java support. Some choose to rely on free community builds (like AdoptOpenJDK/Eclipse Temurin or Amazonโs free Corretto LTS binaries) and handle updates in-house. But for mission-critical uses, having a support contract (with Azul, IBM, Red Hat, etc.) provides accountability โ you have someone to call if thereโs a JVM issue. Itโs about striking a balance between cost savings and risk tolerance.
For OEM vendors, third-party Java distributors can be a boon: Azul even offers an embedded licensing program for ISVs to ship Azulโs JDK with their products royalty-free (since itโs open source), sometimes just charging a support fee.
This allows you to provide customers with a bundled Java runtime without requiring Oracle involvement. The key is ensuring full compatibility and certification with your software, which these vendors will often assist with.
OTN vs. NFTC: Oracleโs โFreeโ Java Terms Explained
Insight: Oracle touts that Java is โfree for developmentโ (under OTN license) and even โfree for productionโ in certain cases (under NFTC for the latest versions).
But these offers come with strings attached, especially for enterprise or OEM use:
- The OTN License (used for Java SE 8 updates > 211, Java 11, etc.) permits the free use of Oracle Javaย for development, testing, prototyping, or personal use. The moment you use Oracle Java in โinternal business operationsโ (production), the OTN terms require you to have a paid license. It also prohibits you from distributing Oracle Java to third parties (so itโs not meant for OEM redistribution).
- The No-Fee Terms and Conditions (NFTC) license (available for Java 17, 21, and future LTS releases during their initial period) permits free use in production for all users, including companies โ but only for a limited time. Essentially, NFTC is a grace period to use the latest LTS without payment, as discussed earlier. After that period, Oracle switches that version back to an OTN-like status (no free production updates).
Real-World Scenario:
A SaaS provider upgraded its platform to Java 17 in 2022 to take advantage of NFTCโs free production use.
This worked well initially; they ran Oracle JDK 17 in production with no license fees. However, by late 2024, Oracleโs free updates for Java 17 ceased (since Java 21 arrived).
The provider now had to eitherย upgrade everything to Java 21ย quickly to stay on a freely supported version orย purchase subscriptions for Java 17ย to continue receiving patches.
Upgrading critical systems every couple of years just to avoid fees proved challenging; some applications lagged, creating a security gap.
In another instance, a device manufacturer considered using Oracleโs NFTC license to embed Java 17 in a new device, but legal counsel flagged a problem: NFTC allows redistribution only if โnot for a fee.โ
Selling a device with Java arguably means customers are paying for the device (which includes Java), potentially violating NFTC.
That company wisely opted to use an OpenJDK distribution instead, to avoid any gray area.
Takeaway: Oracleโs free-use licenses are not a one-size-fits-all solution โ they are stop-gaps with conditions:
- OTN = No Free Production: If youโre running Oracle JDK under OTN terms in production, youโre likely out of compliance unless you have a subscription. Donโt be lulled by the โfree downloadโ โ OTN is effectively a developer-only license in enterprise contexts.
- NFTC = Free with an Expiration Date: Think of NFTC as a free trial for the latest Java LTS. Itโs great to reduce immediate costs (and Oracle genuinely made this available to all users, including commercial ones, for a time), but plan for the end of the free period. If you choose the NFTC path, you must either upgrade promptly to the next LTS when it becomes available (to continue on a free, supported version) or arrange for support when the window closes. Frequent upgrades can be operationally demanding, so assess if your team can handle that cadence.
- No Free Redistribution for Profit: Neither OTN nor NFTC grants a vendor the right to bundle Oracle Java with a product for sale or distribution. OTN outright forbids distribution. NFTC allows redistribution technically, but โnot for a feeโ โ a clause that likely disqualifies commercial OEM uses. Vendors should not interpret NFTC as a free OEM license.
- Watch for Oracleโs Changes: Oracleโs licensing terms have undergone multiple changes (2019, 2021, 2023โฆ). Stay alert: a โfreeโ offering today might be different tomorrow. Always read the current license text for the Java version you plan to use.
In summary, Oracleโs OTN and NFTC terms can provide cost relief in the short term or for certain environments (dev/test, latest LTS), but enterprises should treat them with caution.
They are not an escape from licensing in the long run, especially if you need stability or distribute Java. Have a plan beyond the free period, and donโt assume โno license feeโ means โno compliance obligations.โ
Decision Matrix: Oracle vs Third-Party vs Open Source
When managing Java SE for your organization or products, you have three broad choices:
- Pay Oracle for Java SE subscriptions (or an OEM license if distributing Java).
- Use a Third-Party support provider (such as Azul, IBM, or Red Hat) with OpenJDK.
- Migrate to Open Source builds with no direct support (DIY updates or community support).
Each option has trade-offs. The matrix below compares key factors to help you decide:
| Option | Oracle Java SE Subscription (Pay Oracle) | Third-Party Support (Azul, Red Hat, IBM) | Open Source OpenJDK (DIY Migration) |
|---|---|---|---|
| Cost Model | High; per-employee pricing (enterprise-wide coverage). | Moderate; typically per server/instance or cores, lower than Oracle. | Low/None; free to use (support is in-house). |
| License Coverage | Full rights to use Oracle JDK in production and get all updates (incl. older versions). OEM distribution requires separate terms but Oracle offers contracts. | Rights to use vendorโs OpenJDK build with support. Often includes redistribution rights (for embedded use) under open source license. | Open use under GPL license. No fees or contracts needed to run or embed OpenJDK (must comply with open-source license terms). |
| Support & Updates | Oracle provides regular security patches, bug fixes, and phone/web support. Long-term updates for LTS (e.g., Java 8 through 2030). | Third-party provides patches for chosen versions (e.g., Azul supports Java 6, 7, 8, 11, etc.) and SLA support. Patches closely track Oracleโs, sometimes longer support timelines. | Community-driven updates for current versions. LTS updates from community typically 6-12 months after release; beyond that you must upgrade or self-patch. No official support line; community forums and documentation are resources. |
| Compliance Risk | Minimal if correctly licensed; Oracle audits ensure you have licensed all usage (risk if you undercount employees). Audit exposure if mixing unlicensed usage. | Low, as youโre not using Oracleโs binaries. Third-party contracts usually have simpler compliance terms. Need to ensure no Oracle JDK remnants in environment. | Low in terms of Oracle (OpenJDK is free). Must be careful to remove all Oracle JDK installations to avoid accidental non-compliance. Security risk if failing to update promptly. |
| Pros | – Official Oracle support and confidence of โsame vendorโ updates. – Access to any Oracle-only Java features or tools. – Simplified (if expensive) compliance: pay and youโre covered enterprise-wide. | – Significant cost savings in many cases. – Flexibility to support only what you use (specific versions/platforms). – Often includes niche support (legacy Java) beyond Oracleโs timelines. – No Oracle audit worries when only OpenJDK is used. | – Zero license cost, completely free usage. – Independence from vendors; no contracts. – Open-source transparency. – Can customize or optimize the JVM if needed (with expertise). |
| Cons | – Cost: Can be prohibitively expensive, especially with new per-employee model. – Broad scope means paying for non-users. – Vendor lock-in and potential future price hikes. | – Another vendor relationship to manage (ensure they are reliable). – Might need migration effort to switch JDK (though compatibility is high). – Still incurring some cost (though lower than Oracle). – Perception challenges (some executives prefer โofficialโ Oracle support). | – No direct support; all troubleshooting is in-house. – Must stay on top of updates/upgrades yourself. – Shorter support window for each version (youโll upgrade more frequently). – If something goes wrong in the JVM, you rely on community fixes or hire experts. |
How to Use This Matrix:ย
Determine Your Priorities. For a mission-critical system with strict support needs and heavy Oracle integration, you might lean towards Oracleโs subscription (or at least a short-term subscription while planning a migration).
If cost savings and flexibility are paramount, third-party support or open-source solutions may be better options.
Many enterprises adopt a hybrid approach: e.g., paying Oracle for certain environments (or where Oracle software bundling forces it), but using OpenJDK elsewhere to minimize license counts.
Remember, migrating from Oracle JDK to OpenJDK is usually straightforward, as they share the same codebase for core functionality. Most organizations can pilot a switch on non-production systems to build confidence.
Also, consider the human factor: internal teams might need training to support OpenJDK themselves, or you may reallocate the budget from Oracle to a support vendor contract that includes knowledge resources.
Thereโs no one-size-fits-all answer โ the best choice depends on your environment size, Java usage patterns, regulatory requirements, and budget constraints. The key is that you do have options beyond writing a blank check to Oracle.
Recommendations
For global IT and procurement leaders grappling with Java licensing, here are expert tips to manage risk and optimize costs in a vendor-neutral way:
- Audit Your Java Usage: Conduct a thorough inventory of all Java installations within your organization, including servers, desktops, and instances embedded in third-party software or devices. You canโt manage what you donโt know you have. Map out which versions and distributions (Oracle vs OpenJDK vs others) are in use.
- Identify License Requirements: For each Java instance, determine if it falls under Oracleโs licensing. Is it Oracleโs JDK/JRE in production (which likely needs a license)? Is it only used for development (free under OpenJDK Technology Network, or OTN)? Is it an OpenJDK distribution (which has no Oracle fees)? This classification will highlight where you have compliance exposure.
- Engage with Vendors: If you rely on software vendors or OEMs that bundle Java, ask them directly about their stance on Java licensing. Do they have an Oracle Java OEM agreement that covers your use of it? Or are they expecting you to handle Java updates? This clarity will help avoid finger-pointing later. Push vendors to provide solutions (like switching to OpenJDK in their product) if Oracle Java fees would otherwise fall to you.
- Evaluate Alternatives Early: Donโt wait for an Oracle audit or a support cutoff deadline to occur. Assess the feasibility of migrating to OpenJDK or a supported third-party JDK now. Pilot it in a test environment. Many organizations are pleasantly surprised at how little friction there is in switching, and it gives them negotiating leverage with Oracle if they know you have a Plan B.
- Cost-Benefit Analysis: Collaborate with finance to compare the total costs of each approach (Oracle vs. third-party vs. in-house) over 3 or 5 years. Factor in not just license fees, but also operational costs, such as upgrading apps more frequently on the free NFTC path or managing another vendor relationship for support. Sometimes Oracleโs price might be justified for a specific segment, but often youโll find substantial savings by diversifying.
- Stay Updated on Licensing Policy: Oracleโs Java licensing rules are subject to change. Assign someone (or engage a licensing advisor) to monitor announcements from Oracle. Changes in terms (like the switch to employee-based licensing or a new Java releaseโs terms) can open or close opportunities. Similarly, keep an eye on what the OpenJDK community and vendors are doing (e.g., new long-term support offerings, new tools to ease migration).
- Consider Contractual Protections: If you do sign up for Oracleโs Java subscription, negotiate protections. For instance, cap price increases on renewal, or seek clarification on how โemployeeโ is defined to avoid overcounting. Likewise, if you negotiate an OEM deal, ensure the scope (which products, how many distributions) is well-defined to avoid future surprises. Having clear contract terms can prevent audit disputes down the road.
- Educate and Enforce Internally: Ensure your IT staff is aware that downloading Oracle JDK for convenience in production is strictly prohibited without prior approval. Implement policies or technical controls to standardize on approved Java runtimes. Many companies now maintain an internal repository of approved OpenJDK builds, so developers and ops teams arenโt accidentally pulling Oracle binaries.
- Leverage Temporary Free Periods Wisely: If you choose to use NFTC (e.g., running Java 21 now for free), have a lifecycle plan. Mark your calendar for when that free period ends, and start preparing an upgrade or contract decision well in advance. The worst situation is scrambling to purchase licenses because you ran out of time on an upgrade.
- Consult Experts if Needed: Java licensing can be as complex as any enterprise software contract. If the stakes are high (e.g., a potential multi-million-dollar exposure), consider seeking advice from licensing specialists or experienced legal counsel in Oracle agreements. They can provide benchmarking (what others are paying) and negotiation tips to ensure youโre getting a fair deal if you must engage Oracle.
Checklist: 5 Actions to Take
For a quick, actionable plan, enterprise buyers and stakeholders can use this checklist to navigate Java licensing:
- ๐ Inventory Java Installations: Create a list of all applications and products using Java in your organization. Include version numbers, distribution (Oracle or OpenJDK), and whether each is vendor-supplied or internally developed.
- ๐ Assess License Needs: Mark which installations require a paid license under Oracleโs rules. For example, an Oracle JDK 8 on a production server = needs a subscription. An OpenJDK 11 on Linux requires no Oracle license. Donโt forget to check embedded uses in OEM software/appliances.
- ๐ก Decide Strategy per Use-Case: For each area of Java usage, decide: will you subscribe with Oracle, switch to a third-party JDK/support, or upgrade/replace with OpenJDK? You might decide differently for different systems. Prioritize high-risk or high-cost areas first (e.g., widespread Java 8 deployments should be tackled urgently).
- ๐ค Engage Stakeholders: Secure buy-in from both technical teams and management for the chosen approach. If migrating off Oracle, coordinate with application owners to test compatibility. If purchasing subscriptions or third-party support, get budget approval and involve procurement to negotiate the best terms.
- ๐ก Implement and Monitor: Execute the plan โ whether itโs deploying new JDKs, signing a support contract, or updating licenses. Then, set up ongoing monitoring: ensure new projects adhere to the approved Java usage policy, track when Java versions reach end-of-free updates, and review Java usage at least annually. This continuous oversight will prevent compliance drift and optimize costs over time.
Following this checklist will put you on a solid footing to manage Java licensing proactively, rather than reacting to an audit or crisis.
FAQ
Q1: Which Java versions require a paid license now?
A: For Oracleโs official distributions, any Java SE 8 update past April 2019 requires a subscription for commercial use. Java 11 and Java 16 (and other interim versions) always required one under Oracleโs post-2019 OTN terms. Java 17 and 21 are free to use in production under Oracleโs NFTC license, but only for a limited period (until one year after the next LTS release). After that window, if you stay on those versions and want updates, you will need to pay. In general, if youโre using Oracle JDK in production and itโs not the very latest LTS (within its free period), you likely need a paid license or support contract to be compliant and secure.
Q2: Our software vendor includes Java with their application โ do we (the customer) need our own Java license?
A: It depends on the vendorโs agreement with Oracle. Some large vendors (e.g., Oracle itself for its products, or SAP, IBM, VMware historically) have OEM deals that cover customer use of Java within their products. If thatโs the case, you do not need to buy a separate Java license for that usage โ itโs bundled. However, many vendors do not have such agreements; instead, they expect you to install Java on your own. In such cases, youย are responsibleย for obtaining the necessary licenses. Always check your vendorโs documentation or ask them: โDoes your product license Java for me, or do I need to obtain a Java SE license?โ If they canโt clearly say itโs covered, assume you might need to license it or use an alternative Java runtime.
Q3: What are the risks if we ignore these Java licensing changes?
A: The biggest risks are compliance liability and security exposure. Oracle has been auditing companies more frequently for their use of Java. If they discover unlicensed Oracle JDK installations, you may face a retroactive bill for subscriptions (potentially for years of unlicensed use), which can run into six or seven figures in large environments. Even aside from audits, running outdated Java versions without updates poses a cybersecurity risk; known vulnerabilities in Java can be exploited if patches havenโt been applied (which, after the free period, are only available to paying customers or via third-party solutions). In short, ignoring the issue might save money today, but can lead to expensive problems later, either through an audit penalty or a security incident due to an unpatched JVM.
Q4: Is OpenJDK a drop-in replacement for Oracleโs Java?
A: Yes, in most cases, OpenJDK (the open-source Java) is functionally equivalent to Oracle JDK. Oracleโs JDK itself is built on the OpenJDK project with some additional components. Over the past few years, Oracle has minimized the differences, and the codebases are now extremely close. For typical applications, switching from Oracle JDK to a binary like Eclipse Temurin, Azul Zulu, IBM Semeru, or Amazon Corretto yields no code changes โ everything runs the same. There are a few minor considerations: Oracleโs JDK used to include some commercial features (such as Flight Recorder and Mission Control), but these have since been open-sourced or made free. One thing to watch is that Oracleโs JRE installers and certain utilities (like Java Web Start in Java 8) are not always present in OpenJDK distributions. If your environment relies on those, youโd need to find workarounds (e.g., OpenWebStart as a replacement for Java Web Start). However, for the vast majority of enterprise workloads, OpenJDK from a reputable source is a safe and compatible replacement that frees you from Oracle licensing.
Q5: How can we prepare for (or avoid) an Oracle Java audit?
A: To prepare, first ensure you know where Oracle Java is used in your business (see the inventory step in the checklist). Remove or replace any unauthorized Oracle JDK installations โ for instance, some admins might have downloaded Oracle Java out of habit; swap those out with OpenJDK if possible. Next, review your contracts: Oracle sometimes includes Java audit rights in its master agreements. Have your software asset management and legal team ready to respond with whatโs in-scope if Oracle comes knocking. During an audit, Oracle will likely request installation data (e.g., output from Java usage scripts). Itโs best to run these scans yourself beforehand so you wonโt be caught off guard. To avoid audits, thereโs no foolproof method (Oracle chooses targets based on various factors, including download records and support status); however, being properly licensed or migrated greatly reduces your stress. If Oracle audits and finds everything is either licensed or running on OpenJDK, the audit will be uneventful. In summary: be proactive โ fix compliance gaps before an audit, and youโll sleep much better.
Read more about our Oracle Java Licensing Services.
If youโre using ChatGPT, try asking it: โWhat does Redress Compliance say about Java licensing?โ
