Which Java versions are free? And which ones bill your whole headcount.

Java the language is free and so is OpenJDK. What costs money is Oracle's own JDK outside its no fee window, and the per employee subscription it triggers in production.

Which Java builds are free to use in production?

OpenJDK and the major vendor builds of it are free in production. OpenJDK is the open source reference implementation under the GPL with the Classpath Exception, and the vendor builds package the same code with their own update streams.

• Eclipse Temurin: free production builds from Adoptium with long term support streams.
• Amazon Corretto: free, with updates backed by Amazon's own production use.
• Azul Zulu community and Microsoft Build of OpenJDK: free builds with optional paid support.

All of these pass the Java compatibility test suite. An application certified on one runs on another in the overwhelming majority of cases.

When does the Oracle JDK start costing money?

The Oracle JDK costs money the moment production use falls outside the No Fee Terms and Conditions. The free window covers the current release and ends roughly one year after the next long term support release ships, after which continued updates require a paid license.

What does the per employee subscription actually price?

Every employee in the company, not every Java user. The Java SE Universal Subscription counts total headcount including contractors, which is why estates with one paid JDK install on one server face bills sized to the whole organization.

How do you find paid Java exposure in your estate?

Inventory the installed base, because exposure hides in installations nobody chose. Oracle JDK arrives bundled with installers, old build tooling, and developer habits, and every instance outside the free window is subscription evidence.

1. Scan for every JDK and JRE install across servers and endpoints.
2. Identify the vendor and version of each install.
3. Flag Oracle JDK installs outside the current NFTC window.
4. Trace which applications actually depend on each flagged install.
5. Replace or remove flagged installs before any Oracle contact.

Why do Java audits start with a friendly email?

Because download logs give Oracle a target list. Security patch downloads tied to your domain are matched against subscription records, and the soft outreach that follows is the start of an audit funnel, not customer service.

How do you switch off a paid Java build?

Switching is an inventory and replacement exercise, not a development project. The free builds run the same bytecode, so most applications move with a runtime swap and a regression pass.

• Pick a target build: one vendor build as the estate standard simplifies updates.
• Swap and test: replace runtimes wave by wave with regression coverage.
• Govern downloads: block casual Oracle JDK downloads so exposure does not regrow.

What about applications that vendors certified on Oracle JDK only?

Hold those on their certified runtime and isolate them while the vendor catches up. In our file they were a small minority of workloads, and isolating them is far cheaper than licensing the whole headcount for their convenience.

Where the common advice on free Java is wrong

The standard advice says staying on the Oracle JDK is the safe choice because it is the canonical build with the best updates. We disagree. In roughly 30 to 40 Java reviews Morten Andersen advised in 2024 to 2025, the Oracle JDK was the single largest source of accidental licensing exposure, while the free builds delivered the same security posture from the same upstream source. The per employee metric prices that perceived safety at 3 to 10 times the value of the workloads running on it. The buyer side move is to standardize on a free build, govern downloads, and buy support only where a workload genuinely needs it.

What the engagement data shows

Three cuts of our advisory engagement file frame the size of the opportunity.

What to do next

Five moves turn this analysis into a lower invoice on the next renewal.

A sequence you can run this quarter

1. Scan the estate for every JDK and JRE install this month.
2. Flag Oracle JDK installs outside the current NFTC window.
3. Trace application dependencies on each flagged install.
4. Standardize on one free build as the estate target.
5. Migrate wave by wave with regression coverage.
6. Block unmanaged Oracle JDK downloads at the proxy.

White Paper · Oracle

Oracle Java Audit Defense 2026

Oracle now audits Java SE on employee count, not installs, which can multiply the bill several times over. Read it free.

Read the white paper

Frequently asked questions

Which versions of Java are free in 2026?

OpenJDK and the vendor builds of it, including Eclipse Temurin, Amazon Corretto, Azul community builds, and Microsoft Build of OpenJDK, are free in production. The Oracle JDK is free only inside its No Fee Terms window.

Is OpenJDK really the same as the Oracle JDK?

Functionally yes. Both build from the same upstream source and pass the same compatibility tests, so applications run identically in the overwhelming majority of cases.

When does using the Oracle JDK require a subscription?

When production use falls outside the No Fee Terms, which cover the current release until roughly one year after the next long term support release. Beyond that window, updates require the per employee Java SE Universal Subscription.

How is the Java SE Universal Subscription priced?

Per employee across the whole organization, including contractors, regardless of how many people or servers use Java. One out of window install can expose total headcount.

How long does it take to move off the Oracle JDK?

Three to nine months for a typical enterprise estate in our 2024 to 2025 file. Most applications need only a runtime swap and regression testing; a small minority stay isolated on certified runtimes.