CIO Checklist for Oracle Licensing in M&A: Due Diligence Steps Before and After a Merger

Why Oracle Licensing Deserves a Dedicated M&A Workstream

Most M&A due diligence processes treat software licensing as a subset of IT due diligence, reviewed at a summary level alongside hundreds of other items. For Oracle specifically, this approach consistently produces material post-close surprises. Oracle's licensing complexity, the non-transferability of licences, and Oracle's commercial practice of initiating audits following publicly announced transactions make Oracle a standalone risk category that warrants its own dedicated workstream in any transaction involving a significant Oracle estate.

The financial exposure from unaddressed Oracle licensing issues in M&A ranges from hundreds of thousands of dollars for smaller Oracle estates to tens of millions of dollars for organisations running Oracle Database, Oracle Middleware, or Oracle Applications at scale. Oracle support fees compound at 8 percent per year. Our Oracle licensing advisory specialists have managed Oracle due diligence on transactions from $50M to $4B in enterprise value., meaning that undisclosed compliance gaps grow in value every year they remain unresolved after close.

This checklist structures the Oracle licensing due diligence workstream across four phases: pre-deal discovery, deal structuring and representations, integration planning, and post-close management. Each phase has distinct actions, and skipping any phase creates corresponding risk in the next.

Phase 1: Pre-Deal Oracle Due Diligence

Step 1 — Obtain the Complete Oracle Licence Inventory

Request from the target organisation a full list of all Oracle products licensed, including database editions, middleware components, application modules, Java SE subscriptions, and any cloud services. The inventory should include the licence metric (Processor, Named User Plus, Employee, etc.), the number of licences purchased, the date of original purchase, and the Oracle Order Document reference for each item.

Do not rely on the target's internal CMDB alone. Request the Oracle Support portal (My Oracle Support) access report for all active Customer Support Identifiers (CSIs) and cross-reference against the licence inventory. Gaps between the CMDB and the CSI records indicate either unregistered software or licences that are not correctly attributed to the right support contracts.

Step 2 — Assess Current Compliance Position

Determine whether the target organisation has had an Oracle audit in the past three years. If so, obtain the audit findings and the settlement documentation. If not, the absence of a recent audit combined with a transaction event significantly increases the probability of Oracle initiating a review following close.

Conduct a high-level compliance assessment of the three highest-risk areas: Oracle Database options usage (Partitioning, Advanced Compression, Diagnostics Pack, RAC), virtualisation and processor counting for Oracle Database deployments, and Java SE subscription coverage for all devices and users in the estate.

A compliance gap in the target's Oracle estate is a direct financial liability. Our Oracle audit defence specialists quantify Oracle exposure as part of pre-deal due diligence. that should be reflected in deal pricing, indemnification provisions, or remediation commitments before close.

Step 3 — Review All Oracle Master Agreements and Order Documents

Obtain copies of all Oracle Master Agreements, ULA agreements, OCS (Oracle Cloud Services) agreements, CSI agreements, and all associated Order Documents. Pay particular attention to the following contractual provisions: the definition of authorised use territory and entity scope, the audit rights and notification period, the definition of the contracting entity and any affiliates or subsidiaries covered, and any ULA certification dates or upcoming renewal milestones.

ULA agreements deserve specific scrutiny. An Oracle ULA grants unlimited deployment rights during a defined term, typically three to five years, for specific products. If the target has a ULA in place, the acquiring organisation must understand whether the ULA covers the acquirer's legal entities or only the target's entity, whether the transaction event triggers an early certification obligation, and what the certification position would be on the effective date of the transaction.

Phase 2: Oracle Licensing at Deal Structuring

Step 4 — Address the Non-Transferability Problem

Oracle licences are not transferable between legal entities without Oracle's written consent. This is a fundamental contractual reality that affects every M&A transaction involving an Oracle estate. If the transaction involves a share purchase (acquisition of the corporate entity), the target's Oracle licences remain technically in the same legal entity and can continue to be used without Oracle consent, provided the entity structure is preserved.

If the transaction involves an asset purchase, a business division carve-out, or a merger where legal entities are dissolved or combined, Oracle's written consent to the licence transfer is required. Proceeding without this consent creates a compliance position where the surviving entity is using Oracle software it is not contractually entitled to use — precisely the scenario Oracle's audit team looks for following publicly announced transactions.

Initiating dialogue with Oracle's Licence Transfer team early — ideally through experienced Oracle contract negotiation advisers — creates the best conditions for a commercially reasonable transfer agreement. — before public announcement if possible — creates the best conditions for a commercially reasonable transfer agreement. Approaching Oracle after close, from a position of fait accompli, almost always results in a worse commercial outcome.

Step 5 — Quantify ULA Impact on the Transaction

If the target has a live Oracle ULA, obtain a current deployment count. Our Oracle ULA advisory team specialises in ULA change-of-control analysis and certification strategy. for every product covered by the ULA. The ULA deployment count on the effective date of the transaction becomes the certified licence position if the ULA terminates or if Oracle treats the transaction as a certification trigger.

Oracle's ULA agreements typically contain change of control provisions that give Oracle the right to terminate the ULA, require immediate certification, or renegotiate terms following a merger or acquisition. The outcome depends on the specific ULA language, the negotiating leverage of both parties, and whether Oracle sees a commercial opportunity in the transaction.

A ULA with a high current deployment count that is approaching certification is a strategic asset in the transaction — it locks in a large licence entitlement at the pre-acquisition price. A ULA with low deployment and an imminent certification date is a liability, because certification would crystallise a small perpetual entitlement that leaves the combined organisation significantly under-licensed for its actual deployment.

Step 6 — Incorporate Oracle Representations and Indemnities

The sale and purchase agreement should include specific Oracle-related representations from the seller confirming that the disclosed Oracle licence inventory is complete and accurate, that there are no undisclosed Oracle audit findings or ongoing compliance discussions, that all Oracle support fees are current (see our Oracle support reduction advisory for post-merger support optimisation opportunities), and that no ULA certification events have been triggered or missed.

Indemnification provisions should cover any Oracle licence compliance gap or audit claim arising from the target's pre-close Oracle deployments. Setting an escrow amount or specific indemnity basket sized to the estimated Oracle exposure provides financial protection during the post-close period when Oracle is most likely to initiate a review.

Phase 3: Integration Planning

Step 7 — Conduct a Post-Close Licence Consolidation Assessment

Within 60 days of close, commission a formal Oracle licence consolidation assessment for the combined organisation. This assessment maps the merged Oracle estate against the combined licence entitlements, identifies any consolidated compliance position, and determines the optimal licence structure for the integrated entity.

Integration frequently creates new compliance exposure that did not exist pre-close. Running the acquirer's Oracle workloads on infrastructure that was licensed only for the target's entity, migrating databases to consolidated data centres, or deploying Oracle Middleware to serve applications across both legacy estates can all create new licensing obligations.

Step 8 — Rationalise Oracle Support Contracts

After close, the combined organisation typically has multiple Oracle support contracts with different CSIs, different renewal dates, and potentially different support tiers. Oracle support fees increase by 8 percent per year when not actively managed, making support consolidation and renegotiation one of the highest-value activities in the post-close Oracle integration workstream.

Consolidating Oracle support contracts — aligning renewal dates, removing decommissioned products from support, and negotiating a unified support agreement for the combined estate — typically yields savings of 15 to 30 percent compared to maintaining separate pre-close contracts.

Step 9 — Manage Oracle Relationship Proactively

Oracle's account teams will reorganise following a transaction to target the combined entity with commercial proposals. These proposals typically include ULA renewals, cloud migration incentives, and new product bundling. CIOs who engage Oracle proactively — with a clear understanding of the combined licence position and a defined strategy — consistently achieve better commercial outcomes than those who engage reactively when Oracle's team calls.

Oracle's fiscal year ends May 31, with Q4 running from March through May. Significant Oracle transactions — including post-M&A consolidation agreements — are most favourable when concluded in Oracle's Q4, when Oracle's sales team has the most incentive to close deals and the most flexibility on pricing and terms.

Phase 4: Post-Close Audit Risk Management

For comprehensive post-close Oracle risk management, visit the Oracle licensing knowledge hub for audit response guides, ULA certification playbooks, and support optimisation strategies.

Step 10 — Prepare for a Post-Merger Oracle Audit

Mergers and acquisitions are one of Oracle's most reliable audit triggers. Oracle's Global License Advisory Services (GLAS) team monitors corporate transaction announcements and proactively initiates licence reviews following transactions involving known Oracle customers. The audit may arrive within weeks of a public announcement or up to two years after close — the timing is unpredictable, but the probability is high.

Organisations that have completed Phase 1 through Phase 3 of this checklist are significantly better positioned to respond to a post-close audit. Their licence entitlement records are current, their deployment data is accurate, and they have already identified and addressed the most significant compliance gaps. Organisations that have not conducted pre-close due diligence face the audit with incomplete records and an unknown exposure.

Step 11 — Establish a Combined Oracle Governance Framework

The combined organisation requires a single Oracle licence governance framework that covers both legacy estates. This framework should define who is responsible for tracking the Oracle deployment position, who manages the Oracle support relationships and CSI portfolio, what the process is for approving new Oracle deployments or database option enablements, and how Oracle licensing is factored into infrastructure change decisions.

Without a unified governance framework, the combined organisation replicates the fragmented oversight that typically creates compliance gaps — each IT team managing Oracle locally without visibility into the organisation-wide licence position.

The Five Highest-Risk Oracle Scenarios in M&A

Target has a ULA approaching certification with low deployment. This creates a certified entitlement significantly below the combined organisation's actual usage, resulting in immediate compliance exposure at close.

Target is running unlicensed Oracle Database options at scale. Oracle Partitioning, Advanced Compression, and Diagnostics and Tuning Pack are commonly enabled without being licensed. The acquirer inherits this exposure and it becomes a post-close audit risk.

Target's Oracle estate includes Java SE subscriptions without full coverage. Since Oracle's 2023 Java SE subscription model change, all commercial users of Java SE 8 and above require a subscription. Under-coverage in the target estate becomes the acquirer's liability at close.

Asset purchase without Oracle licence transfer consent. Oracle licences used by the acquired business unit without a formal transfer agreement are technically unlicensed in the acquirer's hands — a compliance position that Oracle's audit team is specifically trained to identify.

Post-merger infrastructure consolidation without licence review. Moving Oracle workloads to consolidated infrastructure can change processor counts, virtualisation boundaries, and named user populations in ways that create new compliance obligations that were not present in either pre-close estate independently.