The Oracle LMS Java audit process, explained stage by stage.

When an Oracle Java audit moves from a friendly sales email to a formal process, it usually means License Management Services has taken over. LMS — rebranded by Oracle as Global Licensing and Advisory Services, or GLAS — is Oracle's dedicated compliance function, and its Java audits follow a defined, repeatable sequence. Understanding that sequence is the first advantage a customer can give itself. Across more than 340 Java licensing engagements, the pattern is consistent: every LMS stage contains assumptions, and every assumption can be tested.

What Oracle LMS (GLAS) is

License Management Services is the Oracle organisation responsible for verifying customer compliance with Oracle licence agreements. Oracle has renamed the function several times — you will see it referred to as LMS, as GLAS (Global Licensing and Advisory Services), or simply as Oracle's audit team — but the role is the same. It is the group that conducts formal contractual audits and produces the findings reports that lead to compliance claims.

For Java specifically, LMS works alongside Oracle's sales organisation. Sales teams often open the conversation with a soft, informal approach. When that approach does not produce a purchase, or when Oracle decides a customer warrants formal verification, the matter is escalated to LMS and a contractual audit begins. The distinction matters: a sales-led enquiry and an LMS-led audit are governed by different rules, and the customer's obligations are different in each. Our complete Java audit defence guide covers the soft-versus-formal distinction in full.

LMS is not a neutral arbiter. It is an internal Oracle function whose work feeds Oracle's revenue. Its findings are presented with the authority of a measurement, but they are the product of a commercial organisation. Treating an LMS finding as a negotiable opening position rather than a settled fact is the foundation of every effective Java audit defence.

Why LMS runs Java audits

Java became a major LMS focus after Oracle's January 2023 shift to the Java SE Universal Subscription employee metric. Before that change, Java compliance was a relatively minor revenue line. After it, a single unlicensed Oracle JDK installation could be priced against an organisation's entire headcount — turning a small technical issue into a seven-figure claim.

That arithmetic is why LMS Java audits have intensified. Oracle holds download telemetry showing which organisations have pulled Oracle JDK and update releases from its servers. That data does not prove how the software was used, but it provides a ready pretext to open an audit. LMS then uses the contractual audit right — embedded in the OTN licence, an ordering document, or a master agreement — to convert thin download evidence into a detailed, billable picture.

Stage 1 — Audit notification

A formal LMS audit begins with a written notification. Unlike a soft audit, this letter explicitly invokes a contractual audit clause, names License Management Services or GLAS as the conducting team, and sets out an intended process and timeline.

The notification is the first place to apply scrutiny. Audit clauses in Oracle agreements commonly require advance written notice — frequently 45 days — before the audit may proceed. The letter should also identify the specific contract Oracle is relying on. If it does not, the customer is entitled to ask Oracle to state the contractual basis precisely. A notification that names no contract, or names the wrong entity, is not yet a properly constituted audit.

Stage 2 — Kickoff and scoping

LMS then proposes a kickoff call to introduce the audit team and agree scope, schedule, and the data Oracle wants. Customers often treat this as a formality. It is not. The kickoff is where the audit's boundaries are set, and those boundaries determine the size of any eventual claim.

Three things should be established at kickoff, in writing. First, the scope: which legal entities, which geographies, and which products are in the audit. An audit of one subsidiary should not silently become an audit of the whole group. Second, the time period: Oracle frequently seeks a multi-year look-back, and the defensible period is often much shorter. Third, the data request: precisely what Oracle expects to receive, and in what form. Our dedicated guide on limiting Oracle Java audit scope covers this stage in depth.

Anything agreed loosely at kickoff is hard to claw back later. Anything agreed precisely, and in writing, becomes a constraint on Oracle for the rest of the audit.

Stage 3 — Data collection

Data collection is the heart of the LMS process. Oracle will ask for information about Java deployments across the in-scope estate — installation inventories, version data, deployment locations, and employee or user counts. It may request that the customer run Oracle-provided scripts or measurement tooling.

This stage decides the audit. The claim Oracle eventually presents is built almost entirely from the data collected here, so what is provided — and how — is the single most important defensive decision in the whole process.

• You provide your own inventory, not Oracle's. Audit clauses typically require reasonable cooperation and accurate information. They generally do not give Oracle the right to run its own tooling across your systems or to receive raw, unfiltered estate data. Your own properly evidenced inventory is the appropriate basis.
• Separate non-Oracle Java first. Eclipse Temurin, Amazon Corretto, Azul Zulu and other OpenJDK distributions require no Oracle subscription. They should never appear in an Oracle claim, yet LMS measurement frequently misattributes them. Classify every installation by vendor before anything is shared.
• Distinguish licensed from unlicensed use. Oracle JDK still inside its NFTC free window, or used under OTN development and test terms, is not a subscription liability. The data you provide should make those distinctions explicit, not leave Oracle to assume the worst.

For more on how Oracle assembles its picture, see how Oracle detects unlicensed Java usage.

Stage 4 — Oracle's measurement

Once data is in hand, LMS produces its measurement: a calculation of how many Java SE subscriptions Oracle believes the customer should hold, and the resulting financial position. For the Universal Subscription this is driven by the employee metric — the asserted total employee count multiplied by the per-employee rate for the relevant volume band.

The measurement is where over-counting concentrates. LMS may apply an inflated public headcount figure, count the wrong legal entities, include contractors incorrectly, or treat the entire estate as in scope when only a fraction genuinely requires a subscription. Because the employee count is the base of the whole figure, an error there inflates everything above it. The measurement should be reviewed line by line against the customer's own evidenced position.

Stage 5 — Draft findings report

LMS issues a draft findings report. This document sets out the alleged compliance gap, the measurement behind it, and usually a financial figure. It is presented formally, with the weight of an Oracle measurement — and that presentation is precisely why customers over-react to it.

A draft findings report is a draft. It is an opening position, built to start high, and the word “draft” is the customer's signal that the figure is expected to move. The correct response is not to negotiate the headline number but to dismantle the inputs: challenge the employee count with evidence, remove out-of-scope and non-Oracle installations, correct the licence analysis version by version, and shorten any unjustified back-dated period.

Stage 6 — Review and dispute

The customer responds to the draft. This is the substantive defence phase, and it is a structured exchange, not a single rebuttal. An effective response replaces Oracle's assumptions with an evidenced counter-position: the correct employee count and the documents that prove it; the installations that are out of scope and the reason for each; the version-by-version licence analysis; the defensible look-back period; and realistic, discounted pricing in place of list price.

Each point is a documented correction rather than an objection. LMS responds to evidence, not assertion. A customer that arrives with a clear, sourced alternative figure is in a fundamentally different negotiation from one that simply says the number feels too high.

Stage 7 — Settlement

The audit closes with a settlement. A well-run settlement does two things at once. It resolves the past with a fair figure — the corrected analysis, documented in an agreement that explicitly closes the audited period so the same claim cannot be reopened. And it sets protective forward terms.

Oracle will frequently try to convert the audit claim into a forward Java SE Universal Subscription, offering to reduce or waive the back-claim if the customer commits to a multi-year deal. That can be a legitimate route to closure, but only if the forward subscription is itself correctly sized to the genuine, post-remediation Java requirement — with a price hold and a growth cap so headcount increases do not drive uncontrolled true-ups. An inflated back-claim and an oversized forward commitment must never be accepted together as a package. The Oracle Java renewal guide covers how to size and structure that forward deal.

LMS audits vs sales soft audits

It is worth being clear about the difference, because the customer's position is not the same in each.

Both demand the same discipline. The crucial point about the soft audit is that anything shared in it can become the foundation of a later LMS claim. The crucial point about the LMS audit is that, while it carries genuine obligations, it is also bounded by the contract — the audit clause constrains Oracle as much as it obliges the customer.

Where the LMS process bends

Every stage of the LMS process has a pressure point:

• Notification — verify the contractual basis and the notice period before engaging.
• Kickoff — pin scope, time period and data request in writing.
• Data collection — provide your own evidenced inventory; do not run Oracle's tooling or hand over raw data.
• Measurement — challenge the employee count, the single largest lever in the figure.
• Findings report — treat it as a draft opening position, not an invoice.
• Settlement — close the past cleanly and size the forward deal independently.

None of this requires confrontation. It requires preparation, evidence, and a measured pace. An organisation that runs its own inventory, understands its licence position, and negotiates from a documented figure consistently settles far below the LMS opening number.

Frequently asked questions

This article is general information about Oracle's Java audit process, not legal advice. For advice on a specific Oracle communication, consult a qualified independent Java licensing specialist.