Client Profile
The client is a mid-sized UK professional services firm providing management consulting, technology implementation, and outsourced business process services to financial services, public sector, and retail clients. The firm employs approximately 4,200 permanent staff and engages a further 1,800 contractors on client delivery engagements, typically structured as fixed-term project assignments through specialist staffing agencies.
The firm's internal technology estate is relatively lean by enterprise standards — the majority of its technology investment is directed at client-facing delivery tools rather than internal enterprise applications. Java is present across internal development platforms, project delivery tooling, a ServiceNow implementation, and a number of client-specific integration layers that the firm manages on a hosted basis. The firm had progressively adopted OpenJDK distributions for internal development tooling since 2020, driven by a policy decision to reduce commercial software dependencies in the development environment.
The Challenge
Oracle contacted the firm's IT department in early 2025, presenting a compliance communication that cited the firm's use of Oracle Java across internal development and client delivery infrastructure and asserting an indicative annual subscription of £910,000 under the 2023 Universal Subscription model. The calculation applied Oracle's standard per-employee rate to a total workforce figure of approximately 6,000 individuals, which Oracle had derived from the firm's published headcount data and Companies House filings.
The firm's IT leadership immediately identified two fundamental problems with Oracle's approach. First, Oracle's workforce figure of 6,000 included the entire contractor population — individuals who were not employees of the firm in any conventional sense, were engaged through third-party staffing agencies, and whose inclusion in Oracle's Universal Subscription metric was not supported by Oracle's own documentation of the employee definition. Second, Oracle's scan had identified Java instances across the firm's development infrastructure without distinguishing between Oracle JDK and OpenJDK distributions, despite the firm's internal policy mandating OpenJDK for all new development tooling since 2020.
The professional services context introduced an additional complexity: some of the Java-dependent tooling running on the firm's infrastructure was deployed in support of specific client engagements, where the relevant Java runtime was provided by the client's own platform vendor under OEM arrangements. Identifying the boundary between the firm's direct Oracle obligation and client-provided OEM-licensed Java required a careful analysis of the engagement-specific infrastructure.
The Approach
Redress Compliance deployed Java discovery tooling across the firm's internal IT infrastructure, development platforms, and hosted client delivery environments. The audit covered on-premise application servers, development workstations, CI/CD pipeline infrastructure, and the firm's primary hosted client delivery environment. Distribution-level identification distinguished Oracle JDK from OpenJDK distributions including Eclipse Temurin and Amazon Corretto, which the firm had standardised for internal tooling.
The audit confirmed that the firm's internal development environment was predominantly OpenJDK by instance count, consistent with the firm's 2020 policy adoption. Oracle JDK instances were concentrated in the ServiceNow platform runtime and a legacy Java-based reporting tool that had not yet been migrated to OpenJDK. The client-delivery hosted environments presented a more complex picture, with a mix of client-provided OEM-licensed platform Java and directly deployed Oracle JDK instances for specific integration middleware components.
The contractor headcount challenge was built on a detailed analysis of the firm's engagement structures. Redress Compliance reviewed the relevant Oracle Universal Subscription documentation and prepared a formal position on the contractor exclusion, establishing that individuals engaged through agency staffing arrangements under fixed-term project contracts were not within the scope of the employee-count metric as defined by Oracle's licensing framework. The 1,800 contractor population was supported by HR and payroll documentation confirming the agency-based engagement structure.
The combined analysis — OpenJDK identification, OEM exclusion for client-provided platform Java, and contractor headcount exclusion — reduced the applicable Oracle JDK obligation to the ServiceNow runtime and the legacy reporting tool, with a corresponding direct employee headcount of approximately 1,850 individuals in roles where Oracle JDK was operationally present.
The Outcome
The firm's Oracle Java subscription was agreed at £155,000 per year — an 83% reduction from Oracle's initial indication of £910,000. The subscription covered only the directly licensed Oracle JDK instances in the ServiceNow runtime and the legacy reporting environment, sized against the actual headcount of employees in relevant operational roles. No back-payment obligation was accepted. Total savings relative to Oracle's initial demand exceeded £2.3M over a three-year horizon.
A migration pathway for the legacy reporting tool to OpenJDK was identified during the engagement, with estimated completion within 18 months, which will further reduce the firm's Oracle Java commercial exposure at its next renewal. The engagement also produced a documented Java estate inventory covering 1,412 installations, which forms the basis of the firm's ongoing Java ITAM framework.
Key Takeaways
- Professional services firms with significant contractor populations routinely face overstated Oracle Java demands. Oracle's compliance communications are typically based on published headcount data that does not distinguish between permanent employees and contractors. In professional services environments where contractors can represent 20–40% of the total workforce, a successful contractor exclusion challenge routinely reduces Oracle's demand by 25–40%.
- OpenJDK adoption in development tooling eliminates Oracle commercial obligation for the largest Java instance counts in most professional services environments. Development workstations and CI/CD infrastructure typically represent the highest-volume Java deployment in professional services firms. Where these are running OpenJDK distributions, they carry no Oracle commercial obligation — but must be documented at the distribution level to support a credible audit defence.
- Client-delivery hosted environments require careful boundary analysis in Oracle Java audits. Professional services firms that host technology environments on behalf of clients face a unique complexity in Java audits — the Java runtime in client-provided platform deployments is often covered by the client's own vendor OEM agreements, not the firm's direct Oracle obligation. This boundary must be formally documented before any Oracle engagement.
- Oracle's Universal Subscription employee definition does not straightforwardly encompass agency contractors. Oracle's documentation of the employee metric focuses on individuals working in a capacity that benefits from the software's operation. Contractors engaged through agency arrangements on fixed-term project delivery engagements occupy a contestable position that is worth challenging formally with documented evidence of the engagement structure.
- Legacy Java applications represent migration opportunities that reduce future Oracle commercial exposure. Identifying Oracle JDK instances in legacy applications that could be migrated to OpenJDK — as part of a structured modernisation programme — provides both a long-term cost reduction pathway and a negotiating anchor in Oracle renewal discussions.
UK professional services firm receiving Oracle Java compliance communication?
Redress Compliance has worked with professional services organisations on Oracle Java audit responses — challenging contractor headcount methodology and documenting OpenJDK adoption to deliver substantial subscription reductions.