The due diligence checklist for a major acquisition typically runs to hundreds of items. Software licence obligations rarely appear near the top — yet they represent one of the most material and underestimated categories of post-transaction risk. Enterprise software vendors, particularly Oracle, SAP, IBM, and Microsoft, have invested heavily in refining the provisions in their licence agreements that govern what happens when a customer is acquired, merges with another entity, or divests a business unit.
The consequences of managing this poorly range from expensive — triggering licence shortfalls that require immediate purchase — to catastrophic, including audit findings that generate eight-figure claims based on pre-acquisition non-compliance that the acquirer has unwittingly inherited. Understanding M&A licensing dynamics is not optional for any organisation engaged in active transactions. It is a core risk management discipline.
Change-of-Control Provisions: What They Mean
The majority of enterprise software licence agreements contain change-of-control clauses. These provisions define what happens to the licence when the customer entity changes ownership. The specific language varies enormously between vendors and between individual contracts — and that variation has major financial consequences.
At their most restrictive, change-of-control provisions may void the licence entirely upon a transaction, requiring the acquiring entity to purchase new licences at current list prices. This scenario, while uncommon, has been used by vendors as leverage to generate significant incremental revenue from buyers who discover the risk only after close. More common are provisions that require vendor consent to assignment of the licence to the new entity, or that restrict the scope of the licence to the originally licensed entity (preventing the acquiring company from extending use to the combined organisation).
The Oracle Change-of-Control Risk
Oracle's licence agreements are among the most restrictive in the industry regarding M&A. Oracle licences are typically granted to a specific named entity and its subsidiaries — meaning that when the licensed entity is acquired, the acquiring parent and its other subsidiaries do not automatically gain rights to use the Oracle software. This creates a situation where the combined organisation may be running Oracle software across entities that are not licensed for it.
Oracle is well aware of this dynamic and monitors acquisitions of its customers closely. Following a transaction involving an Oracle customer, the company will often initiate a "licence review" that is in practice an audit designed to identify the scope expansion created by the merger. Findings from these reviews have generated some of the largest software audit settlements on record. See our Oracle audit tactics guide for a detailed analysis of how Oracle conducts these reviews.
The Oracle Acquisition Trap: A global manufacturer acquires a mid-size competitor that runs Oracle E-Business Suite across 3,000 users. Post-close, the acquiring company's IT team integrates the target's systems into its existing Oracle environment. Eighteen months later, Oracle's licence compliance team arrives for a review — and claims that the integration of the target's Oracle deployment into the acquirer's environment (which runs different Oracle licences with different named entities) constitutes unlicensed use.
The result: A remediation demand exceeding $28M. The acquirer had not reviewed Oracle licence terms during due diligence and had not notified Oracle of the transaction as required by the licence agreement. This scenario repeats across dozens of acquisitions annually.
SAP Change-of-Control Provisions
SAP's licence agreements typically include both a change-of-control provision and a "transfer of licences" clause that requires SAP consent to move licences between legal entities. In practice, SAP generally consents to licence transfers between entities within a combined group — but the consent process takes time, may require commercial negotiation, and creates an opportunity for SAP to review the target's licence compliance before granting consent.
The specific risk with SAP in M&A contexts is indirect access. When two SAP-licensed entities merge, their combined third-party system landscape may create new indirect access scenarios that did not exist in either entity independently. Identifying and quantifying this risk before close is essential for accurate deal economics. Our SAP indirect access guide covers the technical and commercial dimensions of this risk.
Microsoft EA in M&A Transactions
Microsoft Enterprise Agreements contain provisions that address both acquisitions and divestitures. For acquisitions, the relevant question is whether the acquired entity's users can be brought under the acquirer's EA — and whether doing so requires a true-up payment or renegotiation of the EA terms. For divestitures, the question is whether the divested entity can continue to use Microsoft software licensed under the divesting company's EA during a transition period.
Microsoft is generally more cooperative than Oracle in M&A licensing discussions, but the commercial implications are still significant. Bringing a 5,000-user acquisition into an existing EA requires a licence amendment and typically a pro-rated payment. Divestiture separation agreements with Microsoft are time-limited (typically 12–18 months) and require the divested entity to establish its own licensing arrangements within that window.
Licensing Due Diligence: What to Review Before Close
Effective licensing due diligence in an acquisition requires examining three things: the target's licence inventory, its compliance position, and the specific change-of-control provisions in its major vendor contracts.
Licence Inventory Review
Obtain a complete list of all software licences: vendor, product, licence metric, user count, and contract term. Verify this against actual deployment data from the target's SAM function (if they have one) or from direct technical assessment.
Compliance Position Assessment
For Oracle and SAP particularly, a rapid compliance assessment before close can identify whether the target has undisclosed licence shortfalls that would become the acquirer's liability post-close. This typically takes 4–6 weeks using specialist tools.
Contract Clause Review
Have every major vendor contract reviewed for change-of-control language, assignment restrictions, and notification requirements. These clauses vary significantly between contracts — never assume standard terms apply to any specific agreement.
Audit History Review
Request the target's vendor audit history. Any ongoing or recently concluded audit creates known liability that should be disclosed and quantified in deal economics. A target with an active Oracle audit is a materially different acquisition than one without.
The typical cost of specialist licensing due diligence for a major acquisition is $150K–$400K. Given that undiscovered licensing liabilities routinely reach eight figures in large transactions, this investment has one of the strongest risk-adjusted returns of any due diligence activity.
Post-Close Integration: Avoiding Compliance Traps
The period immediately following close is the highest-risk window for licensing compliance. IT integration teams are under pressure to move quickly, business leaders want the combined organisation to function as a unit, and the detailed licensing constraints from due diligence are rarely top of mind in the integration workstream. This is precisely when the most expensive compliance incidents occur.
The single most important rule for post-close integration is: do not extend use of any vendor's software to entities not covered by that licence before obtaining vendor consent or purchasing additional licences. This is particularly critical for Oracle, IBM, and SAP, where licence grants are typically entity-specific. Running Oracle E-Business Suite on servers shared between the legacy entity and the acquired entity, without appropriate licence coverage for both, is a compliance violation that Oracle will pursue aggressively.
Build a licensing integration checklist as part of the IT integration programme. For each major vendor, identify the licensed entities, the scope of use permitted under current licences, and the steps required to extend coverage to the combined organisation. Prioritise the vendors with the most restrictive change-of-control provisions and the highest audit frequency — Oracle, SAP, and IBM should be at the top of this list.
Divestiture Licensing: The Often-Overlooked Challenge
Divestitures present a distinct licensing challenge that is often given less attention than acquisition licensing — despite generating equally material financial exposure. When a business unit is carved out and sold, the separating entity typically relies on the parent's software licences during a transition period while it establishes its own IT infrastructure. Managing this transition well requires planning, negotiation, and time.
Most major vendor contracts prohibit the use of parent entity licences by a divested entity beyond a transition period (typically 12–24 months in negotiated agreements). Establishing the divested entity's own licensing arrangements — often under tighter commercial terms than the parent's scaled agreements — requires planning at least 12 months before the transition window expires.
The commercial opportunity in divestitures is often underused. The parent company may be paying maintenance on licences that will no longer be required post-divestiture — creating an opportunity to renegotiate the remaining position with the vendor. Conversely, the divested entity negotiating its first standalone vendor relationships has an opportunity to benchmark aggressively and establish competitive market terms from day one, rather than inheriting the parent's historical pricing.
For organisations navigating M&A transactions — as acquirer, target, or divesting entity — Redress Compliance provides specialist M&A licensing advisory, including due diligence assessments, vendor negotiation support for post-close integration, and transition licensing management for divestitures. Their team includes former Oracle, SAP, and Microsoft licensing specialists who understand vendor tactics in these situations from the inside.
The audit defence practice covers how to manage the vendor audit risk that frequently follows M&A transactions — including how to respond to Oracle licence reviews in the post-merger integration window.