Integration is when the estate changes fastest and is hardest to defend. Here is how buyers keep the combined estate within entitlement while the work is underway.
Avoiding compliance gaps during integration is the discipline of keeping a merged software estate within its entitlements at the very moment it is changing fastest and is hardest to defend. Integration moves workloads, provisions users, combines hardware, and retires platforms, and every one of those moves can push the estate out of compliance without anyone intending it. A change of control is also a recognised trigger for a publisher audit, so the estate is most likely to be examined precisely when it is most in flux. Closing the compliance gaps as the work proceeds is what keeps an audit from turning into a bill.
Compliance gaps open during integration because the actions that deliver synergy are the same actions that affect licensing. Provisioning users from one company onto a platform held under the other company agreement can exceed the contracted level. Combining hardware or moving workloads onto shared virtualisation can, under some publisher counting rules, expand the licensable footprint beyond the machines actually running the software. Enabling a feature or option that was dormant can create a usage no contract covers. Each is a sensible integration step in isolation, and each can be a compliance finding in aggregate.
The reason these gaps are dangerous is that they are invisible until counted. Inherited and unquantified usage is exactly the kind of latent exposure that standard due diligence misses and that surfaces as a publisher audit after close. By the time a vendor presents the finding, the estate has often changed so much that reconstructing a clean position is difficult. Avoiding the gap as the work happens is far cheaper than explaining it afterward.
The method is to make licensing a gate on integration changes rather than a review after them. Before a change that affects deployment, the buyer checks whether it crosses a contracted level, expands a licensable footprint, or enables an unlicensed feature, and either stays within bounds or negotiates the change deliberately. This requires holding a current reconciled position throughout integration, not just at the start, so the impact of each change can be assessed against what is entitled. The reconciled position from post close license reconciliation is the reference every change is checked against.
The control points are specific. Manage user provisioning against contracted levels for each major platform. Segregate and document virtualisation boundaries for publishers whose counting rules are sensitive to shared clusters. Audit enabled options and features so none is in use without a licence. Maintain an evidence trail so any change can be explained. Each of these is a small discipline, and together they keep the estate inside its entitlements while it changes.
| Integration action | How it opens a gap | Control |
|---|---|---|
| Provisioning users across estates | Exceeds the contracted level | Manage provisioning against contracted levels |
| Hardware consolidation | Shifts core counts and metrics | Re measure against the survivor agreement |
| Workloads onto shared virtualisation | Expands the licensable footprint | Segregate and document Oracle and similar boundaries |
| Enabling dormant features | Creates unlicensed usage | Audit enabled options and license or disable deliberately |
| Rapid undocumented change | Position becomes indefensible | Maintain a continuous evidence trail |
Keeping the estate compliant through integration is part of integration and consolidation advisory, and the position it maintains is the foundation of M&A software audit defense.
The timing problem at the heart of integration compliance is that the audit window and the integration window are the same window. A change of control signals to publishers that the account has changed, and several treat that as a reason to verify the estate. The major audit risks after a deal come from Oracle, SAP, Microsoft, IBM, and increasingly Broadcom following its VMware acquisition, Salesforce, and ServiceNow, as of June 2026. So the estate is most exposed to a review at exactly the time it is least settled, mid migration, mid provisioning, and mid consolidation.
This overlap is why compliance cannot wait until integration finishes. A review that lands during integration must be answered from the position the buyer holds at that moment, and if that position is undocumented and mid change, the buyer is exposed. The defence is to maintain a defensible position continuously, so that whenever a review arrives, the buyer can respond with an independent, evidenced measurement rather than reconstruct one under time pressure. That continuity is the practical heart of avoiding compliance gaps during integration.
Of all the compliance gaps integration can open, indirect access is the most insidious because it hides in connections rather than installations. Indirect access arises when systems that are not directly licensed connect to and use licensed software, creating usage the buyer never provisioned a seat for. Integration multiplies these connections, as systems from two companies are wired together and a platform held under one agreement begins serving data and processes from across the combined estate.
The reported Diageo dispute with SAP turned on exactly this dynamic, where connected systems generated usage that the licence position had not accounted for, as of June 2026. The lesson for a merging buyer is that compliance is not only about counting users and cores but about understanding what connects to what. As integration links systems across the two estates, each new connection should be assessed for whether it creates indirect usage of a licensed platform. This is subtle, contractual, and publisher specific, so engage your own counsel on the interpretation of any indirect access or digital access clause before relying on a position.
Avoiding compliance gaps during integration is not a one time clearance exercise but a discipline that runs for as long as the estate is changing. The merged company will keep provisioning users, moving workloads, and enabling features for months after the deal closes, and each of those actions carries the same licensing sensitivity on day two hundred as it did on day ten. A buyer who treats compliance as something checked once at the start and then forgotten will reopen the very gaps the early work closed.
The standing discipline rests on a simple rule: no change that affects deployment goes ahead without checking its licensing impact against the current reconciled position. That rule has to be embedded in how the integration team works, not bolted on as an occasional review, because the pace of integration outruns periodic checks. When the licensing gate is part of the change process itself, the estate stays inside its entitlements continuously, and the buyer is never surprised by a finding that traces to a change nobody assessed.
Embedding the discipline also means assigning it an owner who carries it past the end of integration into governance. The compliance gaps that open during integration do not close themselves when the integration is declared complete, and the estate continues to change under business as usual. Handing the standing discipline to the governance model, with the reconciled position kept current, is what turns a clean integration into a durably compliant estate rather than a brief moment of order before the drift resumes.
The scale of inherited licensing exposure is not theoretical. In publicly reported disputes, SAP pursued AB InBev for a reported 600 million dollars and Diageo for a reported 60 million over disputed and inherited licensing, as of June 2026. These figures illustrate why compliance gaps that open during integration matter: when usage crosses contractual lines and a publisher counts it, the resulting claim can run to eight or nine figures. The Diageo case in particular centred on indirect access, where systems connected to the licensed software created usage the buyer had not accounted for, a dynamic that integration can easily create.
The lesson for buyers is that the gap between a synergy capturing integration and a compliance crisis is discipline applied continuously. Closing compliance gaps as the work proceeds protects the synergy case from being reversed by an audit finding, and it keeps the combined estate defensible into the next phase. For how the gains are then held, see building a combined software governance model, and for the sequence that keeps reconciliation ahead of the riskier moves, see the integration roadmap for the software estate. Engage your own counsel for legal interpretation of any audit clause or publisher claim.
Avoiding compliance gaps is one track of post merger software integration, alongside the integration roadmap for the software estate and building a combined software governance model. Engage your own counsel for legal interpretation of any contract, audit clause or publisher claim.
Tell us where the integration stands. We respond within one business day with a scoped, buyer side engagement that protects the synergy case you underwrote.
Book a confidential call