Many organisations believe that by not actively purchasing Oracle Java, they are outside the scope of Oracle’s licensing requirements. However, Oracle has several ways of detecting Java usage—some of which operate quietly in the background. From download activity, businesses may be more visible to Oracle than they realise.

This article explains how Oracle identifies Java usage, why it matters under the licensing model, and what you can do to reduce your risk.

Why Tracking Matters Under Oracle’s Rules

As covered in Part 1 of this series, Why You Need a Java Strategy Before Oracle Reaches Out, Oracle now licenses Java based on employee headcount, not technical usage. Even limited or indirect use of Oracle Java can create significant cost and compliance risks.

Critically, Oracle does not require a formal audit to begin outreach. Any indicators of usage can prompt the initiation of commercial discussions, which may happen before an organization has fully assessed its negotiation position.

How Oracle Detects Java Usage

When you download Oracle Java software, Oracle can identify the location of the download based on your IP address. Once the software is installed and automatic updates are enabled, it will regularly connect to Oracle’s servers to check for new versions and new updates are downloaded automatically. Each time this occurs, Oracle can detect that a download has taken place. Even if no update is available, Oracle can detect when a connection is made to its update servers—especially when downloads occur directly from its site. Visibility may be more limited in cases where Java is updated through third-party tools.

Each of these interactions is logged, capturing information such as:

• IP address and network domain
• Version and format of the downloaded file (e.g. JDK or JRE, operating system)
• Frequency and timing of connection attempts

Note: Tracking is most reliable when downloads occur directly from Oracle’s site. Updates retrieved via third-party tools may offer less visibility to Oracle.

Although Oracle cannot directly verify whether the software is being actively used, repeated update requests from the same IP address—especially at consistent times— strongly indicate that the software is both installed and potentially in use.

For organisations that have not formally licensed Oracle Java, this activity may prompt Oracle to initiate outreach or raise questions about compliance status. Through these logged interactions, Oracle can associate download behaviour with specific organisations, even if no commercial agreement exists.

Java Usage Tracker

Certain Oracle Java versions include an optional Java Usage Tracker (JUT), which can be configured to capture internal data such as:

• When and where Java applications are launched
• Java Version information

The Java Usage Tracker is intended solely for internal use. It must be manually configured and produces local output only – Oracle does not have direct access to the data.

However, it is important to note that the use of JUT requires a licensed Oracle Java subscription, meaning organisations using the tool already need to be fully licensed. This can undermine its effectiveness as a compliance investigation tool for unlicensed estates.

Additionally organisations that use Oracle’s Java Management Service (JMS)—a commercial cloud service—send JUT data to Oracle, providing Oracle with detailed visibility into their Java estate.

Third Party Software Dependencies

These deployments are often overlooked, as Java may be bundled within broader business applications without being flagged during procurement or implementation.

Many enterprise systems rely on Java in the background, including:

• ERP platforms
• HR and payroll tools
• BI and reporting systems

In some cases, Oracle Java is bundled into third-party applications under a licensing framework known as the Binary License and Redistribution Agreement (BLRA).

These agreements allow Independent Software Vendors (ISVs) or Original Equipment manufacturers (OEMS) to include Java in their solutions under the terms of the BLRA.

In such cases, the responsibility for licensing lies with the software vendor—not the end customer—provided that:

• Java is used exclusively within that software package; and

If Java is installed outside of that packaged use or accessible system-wide, additional licensing obligations may apply.

Oracle Support and Public Data Sources

In some cases, organisations may already have visibility within Oracle’s ecosystem through past engagements or technical support requests. If your organisation has ever raised a support ticket or engaged with Oracle technical teams, Oracle may already be aware of your environment. Additionally, public data such as cloud footprint, employee count, and known software stacks may be used to prioritise licensing discussions.

What This Means for Your Business

Organisations are at risk of unexpected licensing obligations if they:

• Have Oracle Java installations
• Are unsure which Java versions are deployed across their estate
• Believe they are not “using” Java, but run applications that depend on it

In today’s model, these scenarios can trigger licensing demands based on the full employee count—not the actual number of Java users.

What You Can Do

1. Conduct a Comprehensive Java Audit

• Identify all Java installations—across servers, desktops, and bundled apps
• Determine which distributions are in use (Oracle vs non-Oracle)
• Assess whether automatic updates are still enabled

2. Implement Strong Java Controls

• Restrict Oracle Java installations unless explicitly approved
• Establish policies for software procurement and Java usage
• Review update settings to prevent unintended Oracle Java downloads

3. Engage Independent Expertise

• Validate your exposure before Oracle makes contact
• Receive clear advice on how to respond to sales pressure or audit threats
• Explore alternative Java distributions where they meet your needs and reduce compliance complexity

Next: What Are Your Options Beyond Oracle

Even if your organisation is at risk, you are not locked in. In our next article, we explore trusted, enterprise-ready alternatives to Oracle Java—and how to switch with minimal disruption or compliance risk.

Martijn Smit, Chief Revenue Officer CRO and Software Licensing Leader

Martijn has an extensive career in software licensing, specializing in Oracle licensing and working with manufacturers and wholesalers. As ITAA’s Chief Revenue Officer, he leads marketing, cross-selling, and strategic partnerships. Known for problem-solving, team leadership, and clear communication, Martijn drives growth and innovation within the company.