Locations

Resources

Careers

Contact

Contact us

Oracle licensing

Legal Considerations for Oracle Third-Party Support

Legal Considerations for Oracle Third-Party Support

Legal Considerations for Oracle Third-Party Support

Third-party support for Oracle on-premises software, such as Oracle Database, E-Business Suite, WebLogic, PeopleSoft, or JD Edwards, can yield significant cost savings. However, switching from Oracle’s support to an independent provider raises important legal and licensing considerations.

Software asset managers, IT procurement leads, and Oracle licensing professionals must navigate these issues carefully to protect their organizations. This article provides an advisory overview of the key legal risks and contractual factors to manage, drawn from Oracle’s policies and real-world case precedents.

It also offers practical guidance on how to minimize legal exposure and maintain license compliance when transitioning to third-party support, all within the context of on-premises software, not Oracle Cloud or SaaS.

Oracle Licensing Basics: Perpetual Use and Support Entitlements

Most Oracle on-premises software licenses are perpetual, meaning customers have paid a one-time fee and can use the software indefinitely.

Crucially, a perpetual license remains valid even if you discontinue Oracle’s support services – you do not lose the right to run the software. Oracle’s standard model, however, ties valuable benefits, such as updates and fixes, to an active support contract.

As one licensing expert explains, even with a perpetual license, customers must pay annual support fees to receive Oracle’s updates, patches, and technical support​.

If you decide to drop Oracle support, you retain the right to use the software version you have, but lose access to Oracle’s ongoing maintenance releases and help desk.

Two Oracle policies are especially important here:

  • Matching Service Levels: Oracle’s support contracts include a “matching service levels” clause requiring that all licenses in a given license set be supported at the same level or not at all​. A license set generally means all licenses of the same product or family that the customer​owns. Oracle does not allow partial support: you “may not support a subset of licenses within a license set.” If you want to cancel support on some licenses, Oracle expects you to terminate those licenses entirely. In practice, this means that if you choose third-party support for an Oracle product, you will likely need to switch for all licenses of that product (or negotiate a contract carve-out). Dropping support on only part of a product’s licenses would violate Oracle’s policy and require a formal license termination for the unsupported subset​. Understanding which licenses are tied together in a license set is critical before making the switch.
  • Use of Updates and Patches Post-Support: Oracle’s technical support policies explicitly state that customers with unsupported programs are not entitled to any new updates, patches, fixes, or assistance for those programs. Once your support period ends, you legally cannot download or apply Oracle’s updates or patches (other than those you obtained while you were still under support). Oracle even warns that you cannot use software obtained for trial or other purposes to update unsupported programs​. In short, after moving to third-party support (or no support), you must rely on either existing patches you already have or fixes from your new support provider, because Oracle will cut off access to its support portal and updates. Your right to use the software is perpetual, but the right to new versions or code fixes from Oracle ends with the support contract.

Additionally, review your Oracle license agreement (e.g., the Oracle Master Agreement or Oracle License and Services Agreement) for any other terms that survive after support ends.

Typically, the license grants you a set of use rights (for instance, number of users, processors, or specific modules) perpetually, but does not grant rights to Oracle’s intellectual property beyond those licensed uses.

All Oracle software and support materials remain Oracle’s copyrighted and proprietary material, meaning your rights to them are defined strictly by contract.

Key Legal Risks When Switching to Third-Party Support

Making the move to a third-party support vendor introduces several legal risks that customers must actively manage. The good news is that third-party support itself is legal – there is no law prohibiting a customer from hiring an independent firm to service their Oracle software.

Courts have affirmed customers’ rights to do so, as long as Oracle’s intellectual property and contract terms are respected.

The risks arise if either the customer or the support provider violates Oracle’s license agreements or IP rights in the course of providing support.

Below are the main legal risk areas to be aware of:

  • Breach of Oracle Contract Clauses: Oracle’s agreements often include clauses that can complicate third-party support. For example, contracts may specify that only the licensed customer (and authorized users) can access Oracle’s support materials, such as patches, not a third-party proxy. Support rights are generally non-transferable, meaning you cannot hand off your Oracle CSI (Customer Support Identifier) to a third party. Oracle can argue that if a third-party provider accesses software or updates on your behalf, it violates these terms​. Any use of Oracle’s support website or downloads by an unauthorized party (even one you hired) could be deemed a contract breach. Oracle has indeed invoked such clauses in disputes, claiming that customers using third-party support were not adhering to the terms of the contract they signed. To avoid a breach, ensure that any access to Oracle’s systems or software is strictly within the bounds of your license. Usually, this means the third party can only work with materials you, the customer, have legally obtained and provided to them.
  • Intellectual Property (IP) Infringement: The most serious risk is related to Oracle’s intellectual property rights, specifically copyrights on software and support materials. When you leave Oracle support, you must not use Oracle’s proprietary code or fixes beyond what you’re entitled to. For instance, if a third-party support vendor were to copy Oracle’s patch code or use Oracle’s internal support tools without permission, Oracle could claim copyright infringement. Oracle has a track record of accusing third-party providers of “unauthorized use of [its] software” and the illegal copying and distribution of Oracle’s code. If your support provider delivers a fix that was taken from an Oracle patch you weren’t entitled to, both the provider and potentially your organization could be exposed to IP infringement claims. Likewise, be very cautious not to download patches or updates from Oracle through unofficial means after your support has expired – using Oracle’s copyrighted patches without a support entitlement would violate Oracle’s intellectual property rights.
    In summary, third-party support must be conducted in a way that doesn’t misuse Oracle’s intellectual property. All fixes or workarounds provided should either be the customer’s existing licensed software or genuinely independent, custom code developed by the third party. Any hint of Oracle proprietary code being improperly accessed or distributed is a legal red flag.
  • Oracle Audit Exposure: Ending your support payments does not end Oracle’s right to audit your software usage. Oracle license agreements give Oracle the right to perform audits to verify that you are using the software according to your licenses. This audit clause remains in force as long as you use Oracle’s software, regardless of support status. Oracle’s License Management Services (LMS) can request an audit if they suspect non-compliance, or even as a routine check. Oracle is one of the most audit-prone vendors in the industry​. There is a common fear (sometimes stoked by Oracle sales reps) that switching to third-party support will automatically trigger an audit. While Oracle does not explicitly state that an audit is automatic, many customers observe that audit risk increases once they stop paying support, simply because Oracle has a financial incentive to identify any compliance gaps. Oracle sales teams have been known to warn that leaving support “will trigger audits or penalties,” which is largely a scare tactic​. In reality, audits are initiated for various reasons, often to generate revenue or at contract milestones, and leaving support is just one of many factors. Nonetheless, you should prepare as if an audit could come. The risk is that any compliance shortfall discovered in an audit (for example, the use of extra licenses, unlicensed options, or the use of a feature requiring a license you don’t have) can lead to hefty back-license fees or even legal action for breach. Customers moving to third-party support must ensure their license compliance status to face an audit with confidence. (We discuss audit preparation in the recommendations below.)
  • Uncertain Warranty and Indemnity Protection: When on Oracle support, you benefit from Oracle’s assurances (to some extent) that the software and patches provided are authorized and won’t infringe third-party IP, along with Oracle’s defense obligations in case of certain IP claims. When you switch to a non-Oracle support provider, you’ll want similar protections from them. If your third-party vendor lacks strong indemnification provisions, your company might bear more risk if Oracle were to sue over IP misuse. This is not a risk per se of breaking Oracle’s rules, but a risk of who bears liability if something goes wrong. It’s critical to arrange that the third-party provider will defend and indemnify you if their services result in an Oracle lawsuit. We cover this in the mitigation steps.

(Operational risks such as not receiving security patches are also a consideration, but those fall outside the legal scope. From a legal standpoint, the primary concerns are contract compliance, IP rights, and audit liabilities as outlined above.)

Lessons from Legal Disputes: Oracle vs Third-Party Support Providers

Several high-profile lawsuits illustrate Oracle’s tough stance on protecting its intellectual property and revenue streams.

Understanding these cases helps highlight what can go wrong and why diligence is required:

  • Oracle v. SAP (TomorrowNow case): In the late 2000s, Oracle sued SAP after SAP’s subsidiary TomorrowNow offered cut-rate support for Oracle’s PeopleSoft and JD Edwards software. SAP eventually admitted that TomorrowNow had infringed Oracle’s copyrights by downloading thousands of Oracle’s support materials without authorization​. A jury initially awarded Oracle $1.3 billion in damages, but after appeals, the final judgment was reduced to $356.7 million. This case showed that using Oracle customers’ credentials to download patches and updates for use beyond those customers’ entitlements is outright illegal. TomorrowNow employees had used login credentials of Oracle customers (including ones whose support had expired) to obtain software updates, and then used those to support other clients​The massive judgment (one of the largest in software IP history) sent a clear message: third-party support providers cannot “pirate” Oracle’s support content without facing severe consequences. It’s worth noting that the customers who hired TomorrowNow were not sued directly, but many had to scramble for support options when TomorrowNow shut down in the wake of the lawsuit.
  • Oracle v. Rimini Street: Rimini Street is one of the most prominent third-party support providers for Oracle products. Oracle has engaged in protracted litigation against Rimini for over a decade, accusing it of similar practices. Oracle alleged that Rimini Street illegally downloaded and copied Oracle software and support materials to support Rimini’s clients. In 2015, a jury found Rimini Street liable for copyright infringement and ordered Rimini to pay Oracle $90 million in damages and legal fees​. The court also issued a permanent injunction to stop certain Rimini business practices that were deemed infringing. Rimini argued that it changed its methods after 2014 to comply, but Oracle pursued a second round of claims. In 2023, a U.S. judge found that Rimini had continued to engage in “repeated infringement,” awarding Oracle further attorneys’ fees and reinforcing the injunction​. The Rimini cases underscore that Oracle will aggressively litigate to protect its IP, and that third-party providers must continually ensure their support processes don’t cross the line. For customers, the Rimini saga highlights the importance of vetting your support provider’s methods. While Oracle sued Rimini (not the customers), if your provider is shut down or forced to change service due to an injunction, your organization could be left in a difficult position.
  • Other Cases (ServiceKey, CedarCrestone, etc.): Oracle has also not hesitated to take smaller firms to court. For example, in 2012, Oracle sued a company called ServiceKey for offering unauthorized support for Oracle’s Solaris OS. That case ended with an injunction against ServiceKey, after they admitted to using a purchased Oracle login to illegally download Solaris patches and updates, and even to trafficking in Oracle’s support passwords​​. No monetary damages were awarded in that instance, but the practice was halted by court order. Oracle has also filed suits against other third-party support outfits (e.g., a former partner, CedarCrestone, was sued in 2013 for allegedly providing illegal Oracle support services). The pattern across these cases is consistent – the legal risk tends to materialize when a support provider obtains or uses Oracle’s proprietary patches or software in a way not permitted by Oracle’s licenses.

In summary, the case law shows that third-party support can be done lawfully, but both the provider and the customer must scrupulously avoid the “gray areas” that triggered these lawsuits.

It is entirely possible to receive support from a third party without infringing Oracle’s rights – for example, by servicing the software using the customer’s own legitimately licensed copies and developing original fixes. Many customers have successfully used third-party support for years with no legal issues.

The difference between a legal service and an illegal one often comes down to how patches and updates are obtained and delivered. As a customer, you should ensure your provider has a clean methodology that has withstood legal scrutiny and contractual commitments to keep it that way.

Mitigating Risk: How to Protect Your Organization

If your organization decides to proceed with third-party support, a proactive legal risk mitigation strategy is essential.

Below are key steps and protections to put in place to ensure you remain compliant and safeguarded:

  • Review Contracts and Give Notice to Oracle: Start by reviewing all your Oracle agreements— license and support contracts —with a fine-tooth comb, ideally with the help of a software licensing attorney or an experienced Oracle licensing consultant. Identify any clauses about third-party support, use of Oracle materials, or notice periods. Most Oracle support contracts auto-renew annually. To stop support, you typically need to give Oracle formal notice of termination by a certain date (often 30 days before the renewal date – check your terms). Provide this notice in writing to Oracle and get confirmation to avoid any claim that you canceled improperly. If you are dropping support for only some products or licenses, be mindful of the matching service level rule – Oracle will require that you sign a license termination letter for any licenses in a set that you intend to continue using without support. Ensure those license reductions are documented so that Oracle’s records show you are no longer entitled to updates for those licenses (and possibly so they won’t count them in an audit for support coverage). In short, handle the end-of-support process by the book: maintain clear communication with Oracle and adhere to any contractually mandated steps or timelines.
  • Maximize Use of Your Entitlements Before Support Ends: While you are still an Oracle support customer (up until your termination date), take full advantage of that status to prepare for the future. Download all relevant patches, updates, bug-fix scripts, and documentation from Oracle’s support portal while you are still entitled to do so. Oracle allows supported customers to download any available updates for the products they have, and you’ve paid for that right. Create an internal archive of installation media, the latest patch sets, and technical documents for your Oracle software. This ensures that, once your Oracle support is gone, you still have the necessary resources to maintain your systems, at least up to the version you froze. Remember, after your support lapses, you will not be able to log in and grab patches (Oracle’s policy forbids downloading or receiving updates for unsupported programs​). Therefore, make an end-of-support checklist to capture everything you might need before the cut-off date. Many customers also time their support termination right after a major update or patch bundle release, so they leave with the most up-to-date code available under their license. (What you obtain while you had support remains legally yours to use under the terms of your license.)
  • Choose a Reputable Provider and Secure Indemnities: The choice of a third-party support vendor is a pivotal factor in legal risk. Do thorough due diligence on providers – ask how they deliver support without violating Oracle’s IP. A trustworthy vendor should be able to explain their process (for example, whether they develop custom fixes in-house or use your on-site environments) and should have no active litigation with Oracle regarding illegal practices. Insist on strong indemnification clauses in your contract with the provider. This means the vendor contractually promises to defend you and cover any costs if Oracle brings an IP infringement or contract interference claim due to the vendor’s actions. Also seek warranties or assurances that their services will not rely on any unlicensed Oracle intellectual property. Essentially, the provider should commit in writing to keeping you on the right side of Oracle’s rules. If a vendor is cagey about their methods or unwilling to indemnify, that’s a red flag. It’s wise to review the third-party support agreement with legal counsel to ensure that responsibilities for IP issues are assigned. By structuring the deal properly, you transfer much of the IP risk to the provider; however, it’s ultimately better if no infringement occurs at all.
  • Maintain License Compliance Rigorously: Before and after the switch, license compliance is your responsibility. Conduct a comprehensive internal audit of your Oracle deployments to verify you are fully compliant with your license entitlements before leaving Oracle support. Identify any areas of over-use (e.g., running Oracle on more CPUs or users than licensed, or using options/modules you didn’t purchase) and remediate them now. This may involve technical reconfiguration or purchasing additional licenses from Oracle before ending the support relationship. While buying licenses may seem counterintuitive when you’re trying to leave Oracle, it’s far better to enter third-party support in a clean compliance state than to get audited later and owe Oracle a huge sum for unlicensed use. Many experts recommend performing this “self-audit” using the same scripts and methods that Oracle’s LMS team would use – essentially mirroring an Oracle audit, so there are no surprises. Also, document your license entitlements and deployments thoroughly. Keep copies of all Oracle ordering documents, proof-of-license certificates, and the correspondence related to any license terminations or support cancellations. After the transition, continue tracking your usage to ensure you don’t exceed the limits of what you own. Having a well-documented license position will enable you to defend against any Oracle audit findings. As one third-party support advisor puts it: “When you move to third-party support, you should always have a license assessment done to know your true license position based on how Oracle would audit.”​This preparation is key to a worry-free transition.
  • Restrict Access to Oracle Support Systems and IP: Once your Oracle support is terminated, make sure no one in your organization (or your support vendor) attempts to log into Oracle’s support portals or download Oracle’s proprietary support files. Inform your IT staff of the change, so they don’t inadvertently violate agreements by, say, using an old Oracle login to pull a patch. Similarly, avoid engaging in “self-support” practices that Oracle forbids, such as using patches obtained for one licensed system on an unsupported system. Each Oracle license is discrete – you can’t, for example, use a patch you downloaded for the Development environment to update a Production environment that isn’t licensed for support. These kinds of actions would breach Oracle’s contract or copyright (Oracle has explicitly barred using support materials obtained for one instance to update an unsupported instance​). The safest practice is to silo and use Oracle materials only within the scope they were provided. In the future, rely on your third-party provider’s guidance and their resources to address issues, and ensure those resources don’t include illicit Oracle downloads.

By implementing the measures above, organizations can significantly reduce the legal risks associated with third-party support. Essentially, you want to exit Oracle support on good terms, stay within the bounds of your license, and let your new vendor handle support using only legally obtained means.

In the next section, we distill these points into concrete recommendations.

Recommendations

To minimize legal exposure and maintain compliance while transitioning from Oracle to third-party support, consider the following actionable steps:

  1. Thoroughly Review Oracle Contracts: Before any change, review your Oracle license and support agreements with expert help. Identify clauses related to support termination, third-party involvement, and the use of Oracle materials. This ensures you know your rights and obligations (e.g., notice periods, matching service level requirements) upfront.​
  2. Provide Proper Termination Notice: Follow Oracle’s procedure to cancel support. Send required notices to Oracle before your support renewal deadline, and obtain written acknowledgment. If only part of your environment is moving off Oracle support, work with Oracle to complete any necessary license termination documentation to remain compliant with the license terms.
  3. Use Your Entitlements Before They Expire: Before your support end date, download all available patches, updates, and documentation for your Oracle software. Archive these legally obtained materials for future use. This way, you have the latest fixes you’re entitled to, ready to deploy when needed, even after Oracle support ends.
  4. Select a Trusted Third-Party Provider (and Vet Their Methods): Choose a third-party support firm with a solid reputation and no history of Oracle IP litigation. Discuss how they deliver support – they should use your licensed environment and their know-how, not Oracle’s code or support site. Ensure the provider contractually commits to compliance, including no unauthorized Oracle downloads, etc.​
  5. Negotiate Strong Indemnification Clauses: Include indemnification clauses in your contract with the support provider that protect you. The provider should agree to defend and indemnify your company if Oracle brings any IP infringement or contract claims related to the support activities. This gives you recourse if the provider’s actions cause legal trouble.
  6. Verify and Document License Compliance: Before switching, perform an internal license audit to confirm you’re using Oracle software within licensed limits. Rectify any overuse by reducing usage or purchasing additional licenses while you still can. Document your entitlements (licenses owned, quantities, versions) and your current usage in detail. This preparation means that if Oracle audits you later, you can demonstrate compliance with confidence​.
  7. Communicate Internally: Educate your IT and procurement teams about the switch to third-party support. Clearly instruct that Oracle support resources (support portal, patches beyond those already obtained) are no longer to be accessed. All support issues should be routed through the new provider. This helps prevent well-meaning but risky actions by staff, like accidentally downloading an Oracle patch or logging a ticket with Oracle.
  8. Monitor and Manage Ongoing Usage: After the transition, continue to manage your Oracle license footprint. If your usage grows (e.g., deploying Oracle software on new servers or to new users), remember that you still need proper licenses, even without Oracle support. Unlicensed use can be exposed in an audit. Consider maintaining a “license buffer” (some spare capacity within your licenses) if you anticipate growth, so you don’t inadvertently become non-compliant​. Avoid the need to go back to Oracle for new licenses. If you must, do so openly and obtain support for those new licenses if needed to stay compliant.
  9. Be Audit-Ready: Treat the possibility of an Oracle audit as a when, not if. Keep all documentation of your licenses and any communications with Oracle about your support termination. If Oracle’s License Management Services contacts you, respond cooperatively and provide only the necessary information to demonstrate compliance. Because you’ve pre-audited your environment and stayed within bounds, an audit should not uncover issues. Remember, Oracle’s audit clause gives them the right – but if you’ve followed the steps above, an audit will be a non-event rather than a crisis.
  10. Consult Legal Counsel When in Doubt: Lastly, if any uncertainties arise, such as ambiguous contract terms or a gray-area request from your third-party provider, seek advice from legal counsel knowledgeable in software licensing. It’s better to invest in a legal opinion up front than to face a multimillion-dollar lawsuit later. When navigating novel situations (for example, using a third-party fix that resembles an Oracle patch), an expert legal review can ensure you’re not crossing any lines.

By following these recommendations, organizations can confidently pursue the cost savings of third-party support for on-premises Oracle software while safeguarding against legal risks.

The key is to proactively address licensing and IP issues: honor Oracle’s contractual terms as you exit their support, and hold your new support partner to the highest compliance standards.

With careful planning and the right protections in place, you can achieve a successful transition that keeps your enterprise supported and legally secure.

Author

  • Fredrik Filipsson

    Fredrik Filipsson brings two decades of Oracle license management experience, including a nine-year tenure at Oracle and 11 years in Oracle license consulting. His expertise extends across leading IT corporations like IBM, enriching his profile with a broad spectrum of software and cloud projects. Filipsson's proficiency encompasses IBM, SAP, Microsoft, and Salesforce platforms, alongside significant involvement in Microsoft Copilot and AI initiatives, improving organizational efficiency.

    View all posts