The review method that turns a pile of contracts into a clear map of where the consent risk sits, while there is still time to act on it.
Finding change of control clauses before you sign is the difference between negotiating from knowledge and reacting to a publisher after close. Finding change of control clauses before you sign means reading the whole software estate, not a sample, classifying every clause that responds to a change of ownership or an assignment, and mapping each one to the system and business process it governs, all while there is still time to act. Once the deal is signed, the leverage shifts to the publisher, so the value of the review is almost entirely in the timing.
Before signing, a buyer has options. It can negotiate a consent into the deal, price the exposure into the purchase agreement, seek a seller obligation to obtain consents, or adjust the structure to avoid a trigger. After signing, most of those options are gone, and after close the buyer is simply exposed to whatever the publisher decides to do. This is why inherited software licensing exposure, which is usually latent and unquantified in standard due diligence, is so dangerous: it lands as a publisher audit after close, at the precise moment the buyer has the least room to respond. The review has to happen early enough to feed the negotiation, which in practice means during diligence rather than as a closing checklist item.
A reliable review has four stages. The first is to assemble the complete contract population, including master agreements, order forms, amendments, and any contracts held at subsidiary level, because a clause can sit in an amendment rather than the master. The second is to identify every clause that responds to a change of ownership or an assignment, including change of control, anti assignment, deemed assignment, termination on control, and notification language. The third is to classify each clause by type and by the strength of the publisher right, separating a notification only obligation from a consent at sole discretion. The fourth is to map each clause to the system it governs and the business process that depends on that system, so the exposure can be prioritized by operational criticality rather than by contract value. The output is a prioritized consent list rather than a pile of flags, and the method that produces it is described further in mapping high risk clauses across the software estate.
| Stage | Action | Output |
|---|---|---|
| Assemble | Gather masters, order forms, amendments, subsidiary contracts | Complete contract population |
| Identify | Find change of control, assignment, and termination language | List of relevant clauses |
| Classify | Sort by type and strength of the publisher right | Risk rated clause register |
| Map | Link each clause to system and business process | Prioritized consent list |
When the review is complete before signing, the buyer can act on it in the deal. It can require the seller to obtain specified consents as a condition of close, price a known repricing risk into the purchase agreement, or structure around a clause that threatens a critical system. It can also sequence the consent work so that the slowest and most critical consents start first, which matters because major publishers can be deliberate when they sense a deadline. The publishers most active on a change of ownership as of June 2026 are Oracle, SAP, Microsoft, and IBM, with Broadcom increasingly active across the former VMware estate and Salesforce and ServiceNow rising, and the magnitude that inherited and disputed licensing can reach is shown by SAP reportedly pursuing Anheuser Busch InBev for around 600 million dollars and Diageo for around 60 million pounds, both as reported and as of June 2026. Approaching consents without alerting publishers prematurely is itself a discipline, set out in planning consent requests without tipping off vendors. This review is commercial and licensing advisory work, with legal interpretation of any clause reserved to the buyer own counsel.
The review can only be as good as the inventory it starts from, and assembling that inventory is often the hardest part. Contracts live in many places: a contract management system if the target has one, but also in shared drives, email attachments, procurement folders, and the personal files of departed staff. Order forms and amendments are frequently stored separately from the masters they modify. A disciplined inventory gathers every document for each publisher, links amendments and order forms to their parent agreements, and records which legal entity holds each contract. Without that foundation, a review will read what is easy to find and miss what is not, and the clauses that hide in obscure amendments are exactly the ones most likely to cause trouble.
Where the target cannot produce a complete contract set, which is common, the buyer has to reconstruct it from secondary evidence: invoices, deployment records, support entitlements, and vendor portals. A gap between what is deployed and what the contracts on file account for is itself a finding, because it points to either missing documents or undocumented usage, both of which carry risk. The inventory exercise therefore doubles as an early indicator of licensing health, surfacing problems before the clause review even begins.
A prioritized consent list is only valuable if it is acted on while there is still time. Before signing, the buyer uses the list to decide which consents to require from the seller, which to begin quietly, which to price into the deal, and which to structure around. The most critical and slowest consents should be identified first, because they set the practical timeline for close. The buyer also decides which publishers can be approached safely before signing and which must wait, balancing the need to start early against the risk of alerting a publisher to a transaction it could exploit. This judgment, of timing and disclosure, is as important as the clause review itself, and it is why the review has to be paired with a deliberate consent strategy rather than handed off as a list. The legal reading of each clause remains with the buyer own counsel throughout.
A review done well produces a small set of clear deliverables rather than a mass of annotated contracts. The first is a clause register listing every contract that contains change of control or assignment language, the clause type, the strength of the publisher right, and the governing law. The second is a mapping of each clause to the system it governs and the business process that depends on that system, so the exposure can be read by operational criticality. The third is a prioritized consent list, ordered by how critical the system is and how slow or uncertain the consent is likely to be. The fourth is a costed view of the exposure, giving the deal team a number for consent cost, repricing risk, and replacement cost where consent could be refused.
Those four deliverables are what make the review actionable. The clause register tells the buyer what exists, the mapping tells it what matters, the consent list tells it what to do first, and the costed view tells it what to put in the deal model and the purchase agreement. A review that stops at a list of flagged clauses, without the mapping, the prioritization, and the costing, leaves the deal team to do the hard analytical work itself under time pressure. The value of finding the clauses before signing is realized only when the findings arrive in a form the deal team can act on immediately, which is why the output format matters as much as the thoroughness of the search.
We read the whole estate for change of control and assignment language before you sign, classify and quantify the exposure, and hand you a consent plan, not a surprise.
Request a change of control clause review