Software due diligence is the work of measuring a target software estate against its licensing entitlements to find under licensing and audit exposure before a deal closes. The question of what is software due diligence and why it matters in M&A comes up because standard diligence does not do this. Financial diligence counts spend, legal diligence confirms contracts exist, and IT diligence reviews systems and security. None of them measure whether the software the target actually runs is covered by what it has bought. That gap is where inherited licensing exposure sits, and it is almost always latent and unquantified until a publisher tests it with an audit after close.
This guide is part of the wider software due diligence method. It explains what the work covers, why it protects a buyer, and how it converts a hidden risk into a number the deal team can act on. For the practical sequence of tasks, see the software due diligence checklist for acquirers.
What is software due diligence and why it matters in M&A
Software due diligence builds an effective license position: a publisher by publisher comparison of what the target owns against what it actually deploys. Entitlement is assembled from order forms, license keys and purchase history. Deployment is measured from the estate itself, including server and processor data, user directories and the systems that connect to licensed products. The difference, expressed per publisher and as a number, is the exposure. It matters because that number changes the price a buyer should pay, the indemnities it should demand, and the conditions it should attach to close.
The exposure is rarely visible in the data room. A target can present clean maintenance invoices and signed contracts while running far more than it has licensed. The reasons are mechanical: virtualisation pulls cores into scope, user counts drift past entitlement, options get switched on, and connected systems create indirect access. None of this appears on an invoice, which is why standard IT due diligence misses it.
Why the exposure lands as an audit after close
A change of ownership is one of the most reliable triggers for a software audit. Publishers monitor corporate transactions and treat them as a prompt to review an account, because an acquired entity is often a soft target with disorganised records and a new owner with deeper pockets. The major audit risk after a deal comes from a short list: Oracle, SAP, Microsoft and IBM, with Broadcom now driving exposure through VMware, and Salesforce and ServiceNow increasingly active. As of mid 2025, SAP pursued AB InBev for a reported 600 million dollars and Diageo for a reported 60 million in disputes tied to indirect and inherited licensing, which shows the scale this exposure can reach when it is left unmeasured.
The point of diligence is to find the exposure while the buyer still holds the leverage. Before signing, a quantified gap becomes a price adjustment or an indemnity. After close, the same gap is a cost the acquirer simply absorbs, often under audit pressure and at the worst possible time.
Key takeaways
- Software due diligence measures a target estate against its entitlements to find under licensing before close.
- Financial, legal and IT diligence each leave licensing exposure unmeasured, which is why it stays latent.
- The core deliverable is an effective license position per publisher, with the gap expressed as a number.
- A change of ownership is itself an audit trigger. Oracle, SAP, Microsoft, IBM and Broadcom are the publishers most likely to act.
- Found before signing, exposure becomes a price adjustment or indemnity. Found after close, it is absorbed.
How deal structure changes the exposure
Deal structure decides which contractual terms apply to the inherited estate. A stock purchase carries the existing agreements and their liabilities across unchanged, so any under licensing follows the target into the portfolio. An asset purchase, merger or carve out can trigger anti assignment and change of control consent, which can mean renegotiation, termination or a fresh license at current pricing. Software due diligence should state, per publisher, whether the chosen structure improves or worsens the position, so the deal team can price it accordingly. This is covered in depth in software due diligence for stock versus asset purchases.
Who should run it and when
Software due diligence belongs with an independent, buyer side advisor who measures the estate without an incentive to sell the cure, not a reseller or publisher aligned firm. It runs alongside confirmatory diligence and feeds the investment committee before signing, then hands its findings to the reconciliation team for day one. The question of who should own software due diligence on the deal matters because a position built by a conflicted party is one an investment committee cannot fully trust.
What a software due diligence report contains
The work is only useful if it converts into a decision, so the deliverable matters as much as the analysis. A software due diligence report states the exposure per publisher as a low, expected and high range: the cost to cure quietly, the likely negotiated settlement, and the worst case at list price plus back maintenance. It names the probable audit window after close, identifies which contractual clauses bite under the deal structure, and recommends a specific lever for each finding, whether a price adjustment, an indemnity, an escrow or a closing condition. A report that stops at a list of issues without a number and a recommendation has not done its job, because the investment committee cannot act on it. The structure is set out in full in the software due diligence report.
The cost of skipping it
Buyers skip software due diligence because the estate looks quiet in the data room and the spend looks ordinary in the model. The cost of that decision is paid later and at a premium. An exposure that would have been a modest price adjustment before signing becomes a full settlement after close, negotiated under audit pressure when the publisher holds the leverage and the buyer has already paid for the business. The acquirer also inherits the disruption of an audit in the first year of ownership, when management attention should be on integration rather than on reconstructing entitlement records the seller never kept. The asymmetry is the whole argument: the diligence costs a fraction of the exposure it routinely uncovers, and it is the only point in the transaction where the buyer can still move the risk onto the deal terms.
Recommendations for buyers
- Commission software due diligence as a distinct workstream, not an assumed part of financial or IT diligence.
- Prioritise the publishers that drive audit risk: Oracle, SAP, Microsoft, IBM and Broadcom through VMware.
- Insist on an effective license position per publisher, with each exposure expressed as a low, expected and high range.
- Use an independent buyer side advisor so the number is one your investment committee can underwrite.
The full method, from the first data request to the day one handover, is set out across our software due diligence guide and delivered through our software due diligence service. The next step for most buyers is to quantify the gap, covered in quantifying software audit exposure before you sign.