Oracle Java Embedded Licensing & OEM: Who Pays and When

What Is Oracle Java Embedded Licensing?

Oracle Java embedded licensing covers any scenario where Oracle JDK is bundled within a product, application, or device that is distributed to end users rather than used directly by the organisation that acquired the JDK. The primary models are:

• ISV (Independent Software Vendor) licensing: A software company embeds Oracle JDK within their application and distributes it to enterprise customers. The ISV holds a separate commercial agreement with Oracle — a Binary License and Redistribution Agreement — that covers their customers' use of Java within that specific application.
• OEM (Original Equipment Manufacturer) licensing: Hardware manufacturers embed Oracle JDK within firmware or bundled software on devices such as printers, scanners, point-of-sale systems, medical devices, or industrial equipment. Oracle JDK on the device is licensed through the hardware manufacturer's OEM agreement with Oracle.
• Embedded Software Licensing (ESL): Oracle's formal programme for software that is embedded in devices and not intended for general-purpose computing. ESL requires a separate commercial agreement with Oracle's Embedded sales team.

What all three models have in common is that they are separate, distinct from the Java SE Universal Subscription available to end-user organisations. Since January 2023, Oracle has explicitly stated that the Java SE Universal Subscription is available only for full internal business use and is not eligible under any redistribution agreement, including ISV, ESL, or Binary License and Redistribution Agreement frameworks.

The Critical Question: Does Your Vendor's ISV Agreement Cover You?

The most practically important issue in embedded Java licensing is straightforward: if Oracle JDK arrived in your environment via a third-party application, does the vendor's ISV agreement with Oracle cover your use of Java within that application — or do you have an independent obligation to Oracle?

The answer varies by vendor and by the specific terms of that vendor's Oracle agreement. Some vendors hold ISV agreements that explicitly cover customer deployments of Java within their application, in which case your organisation owes Oracle nothing for that specific deployment. Other vendors hold agreements that cover only specific versions or editions of their application, or that limit coverage to specific deployment configurations, or that were negotiated before Oracle's 2023 pricing change and may no longer be valid under Oracle's current terms.

The most dangerous assumption is that the vendor's bundling of Oracle JDK automatically means they have a valid ISV agreement in place. This is not always true. Some vendors have bundled Oracle JDK historically without an appropriate licence, effectively passing the compliance risk unknowingly to their customers. Others have ISV agreements that have lapsed. Oracle holds both the vendor and the enterprise customer accountable in these situations.

What to Ask Your Application Vendor

For any Oracle product or third-party application that bundles Oracle JDK in your environment, obtain written confirmation from the vendor addressing the following points:

• Does the vendor hold a current, valid Oracle Binary License and Redistribution Agreement (or equivalent ISV agreement) that covers customer use of Java within the application?
• Does the agreement cover the specific version of the application and the specific version of Oracle JDK currently deployed in your environment?
• Does the agreement cover your production deployment — not just development or test environments?
• Is the agreement current, and when does it expire or renew?
• Does the agreement cover all deployment scenarios in your environment — cloud, virtualised, containerised, on-premises?

Verbal assurances are insufficient. Oracle does not accept a vendor's verbal claim as a defence in an audit. You need written confirmation, ideally in the form of a written statement from the vendor's legal or compliance team, or a copy of the relevant licence agreement excerpts confirming coverage.

Oracle's Own Products and Bundled Java Rights

Oracle's own application portfolio presents its own set of embedded Java complexity. Many Oracle products — Oracle WebLogic Server, Oracle SOA Suite, Oracle E-Business Suite, Oracle Siebel, Oracle Fusion Middleware — historically shipped with Oracle JDK bundled as a required runtime component. Oracle has taken varying positions on whether these bundled deployments require a separate Java SE subscription.

Oracle's current position, as of 2023–2026, is that bundled Java rights under Oracle middleware and application licences are limited to use with those specific Oracle products — they do not constitute a general Java SE entitlement for your entire estate. If Oracle WebLogic is running on servers that also use Oracle JDK for other non-WebLogic applications, the non-WebLogic usage creates a separate subscription requirement under Oracle's interpretation.

This is contested territory and has been a frequent point of dispute in Oracle Java audits. The key is the language in your specific Oracle licence agreements. Some older WebLogic and Fusion Middleware licences include broader Java SE bundled rights than Oracle now acknowledges. If you hold Oracle middleware licences, review the Java entitlement language carefully with specialist counsel before accepting Oracle's framing of your obligation.

OEM Java in Hardware Devices: A Growing Compliance Blind Spot

Oracle JDK embedded in hardware represents a different kind of exposure. Printers, multifunction devices, smart manufacturing equipment, point-of-sale terminals, medical diagnostic systems, and various IoT devices may run Oracle JDK at the firmware level or as part of device management software. Organisations operating large fleets of such devices — retail environments, manufacturing plants, healthcare facilities — may have hundreds or thousands of Oracle JDK instances in their environment that no software asset management tool has identified because they are not running on conventional server or desktop endpoints.

In hardware OEM scenarios, the licensing responsibility typically lies with the hardware manufacturer under their Oracle OEM agreement. However, this protection has limits. If a device is repurposed, if firmware is updated outside of the manufacturer's support channel, or if Oracle JDK on the device is used for purposes beyond the device's original function, the OEM agreement's coverage may no longer apply.

Organisations that are undergoing Oracle Java audits should specifically include an inventory of Java on non-traditional devices — OT systems, manufacturing equipment, print servers, and IoT endpoints — in their discovery process. Oracle's LMS scripts typically target conventional IT infrastructure, but the audit scope may be broadened to include these environments if Oracle identifies indicators of non-traditional Java deployment.

The 2023 Change's Impact on Embedded and OEM Licensing

Oracle's January 2023 licensing change explicitly excluded embedded, ISV, and OEM licensing from the Java SE Universal Subscription. The subscription is available only for internal business operations and is not eligible under any redistribution agreement. This means that organisations whose sole Java usage is within a vendor application covered by a valid ISV agreement are not required to purchase the Java SE Universal Subscription — their use is covered by the vendor's separate arrangement.

However, the same change made it harder for organisations in mixed environments — where some Java is in vendor applications and some is general-purpose Java in internal applications — to argue that all their usage is covered by vendor ISV agreements. Oracle draws a clear line: Java usage within a covered vendor application is the vendor's responsibility; Java usage in any other context is the enterprise customer's responsibility under the Universal Subscription.

The practical implication is that the vast majority of enterprise environments have some mixture of covered and uncovered Oracle JDK installations. The goal of your Java discovery and licensing review is to map each installation to its coverage category — covered by vendor ISV, covered by existing Oracle entitlement, covered by NFTC, or requiring a subscription — so your liability is accurate and defensible.

What to Do: An Action Plan for Embedded Java Exposure

If you have not yet assessed your embedded Java exposure, the following action plan will give you a defensible position:

1. Inventory all Java installations including non-traditional endpoints, OT systems, and hardware devices. Your CMDB and software asset management tool may not cover these — physical or network discovery may be needed.
2. Identify the source of each Oracle JDK installation. Was it installed by IT? Bundled by a vendor application? Embedded in hardware firmware? Each source has a different licensing implication.
3. For each vendor-bundled JDK, obtain written ISV coverage confirmation from the vendor addressing the five questions outlined above.
4. For Oracle product bundles, review the specific entitlement language in your Oracle licence agreements. Do not accept Oracle's current characterisation of bundled rights without validating it against your actual contract language.
5. For any Oracle JDK not covered by a vendor ISV agreement or existing Oracle entitlement, assess whether it requires subscription coverage or whether migration to an OpenJDK alternative is the most cost-effective response.

This analysis feeds directly into your overall Java licensing position — and directly reduces Oracle's claimed exposure in any audit or commercial negotiation. Contact our Oracle audit defence specialists for expert support on embedded Java assessment and audit defence.