Oracle's Java licensing changes have left enterprises unsure which Java versions remain free for commercial use. The Java platform itself is open source, but Oracle's official distributions carry licensing restrictions that can expose organisations to significant compliance risk and unexpected costs. This guide explains exactly which Java versions are free, which are not, what Oracle's per-employee pricing model means for your organisation, and which free alternatives to deploy.
For years, Java was freely available for business use under Sun/Oracle's Binary Code License. Enterprises deployed Oracle's JDK across servers, desktops, and development environments without cost concerns. That changed fundamentally in 2019 when Oracle introduced new licence terms requiring paid subscriptions for certain Java releases.
Whenever Oracle releases a Java version, you must verify its licence terms before deploying it for business use. Oracle now actively audits companies for Java usage, and its per-employee licensing model means even a small unauthorised Java deployment can trigger fees calculated against your entire workforce, not just the systems running Java. Assign a team to monitor Oracle's Java licensing updates and maintain a complete inventory of all Java versions in your environment.
All Java versions have a free implementation available through OpenJDK and other providers. However, whether Oracle's JDK for a given version is free depends on the specific version and the licence under which it was released.
| Java Version | Oracle JDK Free? | Details |
|---|---|---|
| Java 7 and earlier | Yes (legacy) | Free under old Binary Code License. No free updates available. End-of-life. |
| Java 8 (LTS) | Partially | Free for updates up to 8u202. Updates 8u211+ require paid subscription. Still free for personal/dev use. |
| Java 11 (LTS) | No | Not free for production under Oracle's OTN licence. Requires subscription. Use an OpenJDK 11 build instead. |
| Java 17 (LTS) | Temporarily | Free under Oracle's NFTC licence until approximately September 2024. Updates beyond that require payment. |
| Java 21 (LTS) | Temporarily | Free under NFTC until approximately September 2026. Likely requires payment for updates beyond that point. |
| Non-LTS releases | No | Oracle JDK required subscription for these short-term versions. Short support cycles. Generally avoided in production. |
The difference is between the Java platform (always free via OpenJDK) and Oracle's distribution of Java (increasingly restricted). Any Java version can be used for free if you choose a non-Oracle distribution. Oracle's own JDK is free only in specific, time-limited scenarios. To avoid costs entirely, either stick to Oracle's LTS versions during their defined free period and be ready to upgrade when it ends, or run your Java on one of the many free OpenJDK-based distributions.
Oracle is not the only source for Java. Several free JDK distributions based on the same OpenJDK codebase are available from reputable providers. These distributions are functionally equivalent to Oracle's JDK. They pass the same TCK (Technology Compatibility Kit) tests but are released under open-source licences with no commercial use restrictions.
| Distribution | Provider | Support Highlights |
|---|---|---|
| Oracle OpenJDK | Oracle | Free, open-source build. Updates stop once the next Java version is released. Limited support window. |
| Eclipse Temurin | Eclipse Foundation (Adoptium) | Free and open-source. Community provides long-term updates for LTS versions. |
| Amazon Corretto | Amazon Web Services | Free. Amazon provides multi-year support for LTS releases. Used internally at AWS. |
| Azul Zulu (Community) | Azul Systems | Free community builds for many Java versions including older ones. Paid support available. |
| Microsoft Build of OpenJDK | Microsoft | Free. Microsoft provides LTS support for Java 11, 17, and 21. Optimised for Azure but works everywhere. |
| IBM Semeru | IBM | Free. Based on Eclipse OpenJ9 JVM. Optimised for cloud and container workloads with lower memory footprint. |
Free OpenJDK-based distributions are virtually identical to Oracle JDK in features and API compatibility. Many enterprises use Temurin, Corretto, or Zulu as drop-in replacements with no code changes required. By standardising on one of these company-wide, you eliminate Oracle Java licence fees entirely. The only consideration is ensuring you have a plan for applying security updates, either in-house or through a support vendor.
Standardise on a single free JDK (such as Temurin or Corretto) as your organisational standard. Make the approved distribution available through your internal software catalogue and block Oracle's JDK download site on your network. This ensures no one accidentally downloads Oracle's JDK and introduces a licence liability.
Using Oracle's Java without a proper licence poses significant compliance and financial risk. Oracle now actively audits companies for Java usage, and its per-employee licensing model means even a small unauthorised Java deployment can result in fees calculated against your entire workforce.
Under Oracle's per-employee model, widespread Oracle JDK use could force you to licence your entire workforce. This is not per-server or per-installation pricing. A massive, often multi-million-dollar expense that hits even organisations with modest Java footprints.
Running Oracle Java beyond its last free patch (such as 8u211+ or 11.0.x+) counts as unlicensed usage, risking back-dated fees if audited. Oracle calculates back-dated fees from the date unlicensed usage began, not from the date of audit discovery. For organisations that have been running Oracle Java 8 beyond update 202 for several years, the back-dated exposure can be substantial.
"Rogue" installations via Oracle's download site or auto-update can appear without IT awareness. These put the entire company out of compliance. Additionally, some software vendors bundle Oracle's Java with their products. If that usage is not covered by the vendor's licence, you are responsible. This is a hidden trap that catches many organisations during audit.
Oracle's per-employee Java licensing model is designed to maximise audit exposure. A single Oracle JDK installation on one server can theoretically trigger fees for every employee in your organisation. The compliance risk is asymmetric: the cost of being found non-compliant vastly exceeds the cost of proactively migrating to a free alternative. Act before an audit letter arrives, not after. Regularly audit your systems for any Oracle JDK installations and remove or replace them proactively.
Standardise on a free OpenJDK distribution (Temurin, Corretto, or Zulu). Block Oracle's JDK download site on your corporate network. Provide approved Java installers through internal software catalogues. Scan all servers, VMs, and containers for Oracle JDK installations. Monitor Oracle's Java licensing announcements proactively. Plan Java upgrades to stay within free-use windows.
Do not assume Java is still free for commercial use. Do not ignore Oracle JDK installations that fall outside free-use criteria. Do not allow developers to download Oracle JDK without approval. Do not run Oracle Java past its last free patch without a subscription. Do not overlook Java bundled inside third-party vendor applications. Do not wait for an Oracle audit to address Java compliance.
Step 1: Identify all Java installations across all servers, desktops, VMs, and containers. Step 2: Verify licensing for each, flag any Oracle JDK not clearly covered by free-use allowance. Step 3: Replace or licence, swap non-compliant Oracle JDK with free OpenJDK equivalent. Step 4: Prevent reintroductions by blocking Oracle Java downloads and providing only approved builds. Step 5: Monitor and update, track when each version's free period ends and upgrade before then.
Java (OpenJDK) is free and open-source. However, Oracle's official Java distribution (Oracle JDK) is generally no longer free for commercial use since 2019. You can use Java without paying Oracle as long as you avoid Oracle's JDK or stick to the narrow scenarios where Oracle permits free use, such as during the NFTC licence period for certain LTS releases.
Yes, if you use the right distribution. For Java 8, you can run it for free using Oracle's JDK up to update 202, or by using a free OpenJDK 8 build (such as Temurin or Corretto) for later updates. For Java 11, do not use Oracle's JDK 11 in production. It always requires a subscription. Instead, deploy a free OpenJDK 11 distribution to run your Java 11 applications with no fees.
Since January 2023, Oracle offers Java SE subscriptions priced per employee across your entire organisation, not just the users or systems running Java. This means even a single Oracle JDK installation can theoretically trigger licence fees for every employee in your company. This model is designed to maximise audit exposure and makes proactive migration to free OpenJDK alternatives the most cost-effective compliance strategy.
Yes. All major OpenJDK distributions (Temurin, Corretto, Zulu, Microsoft Build, IBM Semeru) are built from the same OpenJDK source code and pass the same compatibility tests (TCK). They are functionally identical to Oracle's JDK in features and performance. The only difference is the support model: Oracle provides support through paid subscriptions, while free distributions rely on community updates or vendor-provided support.
Some software vendors bundle Oracle's Java with their products. If that usage is not covered by the vendor's own Oracle licence agreement, you are responsible for the licensing. This is a common hidden trap. Contact your software vendors to confirm whether their Oracle Java bundling is covered under their own distribution agreement. If not, request that the vendor switch to a free OpenJDK distribution or provide evidence of their Oracle Java redistribution rights.
Scan all servers, desktops, VMs, and containers using software asset management (SAM) tools or scripted discovery. Look for Oracle-specific identifiers in Java installation paths, version strings, and registry entries. Pay special attention to developer workstations (where Oracle JDK is often downloaded directly), CI/CD build servers, Docker images that may contain Oracle JDK base layers, and embedded Java installations inside third-party application directories. See Java Compliance Assessment.
Do not panic, but do not ignore it. Engage independent licensing advisory (not Oracle's representatives) immediately. Conduct your own internal discovery before sharing any data with Oracle. Understand your rights under the audit clause in your Oracle agreements. Do not sign any Oracle-provided tools or scripts without legal review. Many enterprises reduce their audit exposure significantly by demonstrating proactive migration to free alternatives and accurate self-assessment. See Java Audit Defence Service.
Oracle is actively auditing enterprises for Java usage, and its per-employee pricing model means even a small exposure can trigger fees for your entire workforce. Redress Compliance helps organisations identify every Oracle JDK installation, assess compliance risk, develop migration strategies to free alternatives, and defend against audit claims. Get a confidential assessment before Oracle comes knocking. Complete vendor independence. No Oracle partnerships, no resale commissions.
Java Advisory ServicesIndependent Java and Oracle advisory helping enterprises identify Oracle JDK exposure, migrate to free alternatives, and defend against Java audit claims. Fixed-fee engagement models.