Financial diligence maps every dollar of revenue. Almost none of it maps the software. The gap transfers to you at close and lands as a publisher audit.
Inherited software licensing exposure is the difference between what a target is deployed to use and what it is actually licensed to use. It is usually latent and unquantified in standard due diligence, and it does not stay quiet. After close it tends to arrive as a publisher audit and a back charge, on the buyer's watch and out of the buyer's budget.
A normal diligence process is thorough about the things it owns. The quality of earnings work maps revenue. Legal reviews change of control and assignment. A scanner reviews open source. Each of those is necessary, and none of them measures the one number that drives post close audit risk: deployed usage against entitlement for the publishers that audit hardest. That number sits between the workstreams, so it is the number that gets inherited rather than priced.
The reason it matters is leverage. Before signing, a quantified exposure can be negotiated into the price, held back in escrow, or covered by warranty and indemnity. After close, the same exposure is simply yours. The problem is not that the risk is unknowable. The problem is that nobody on the standard team is paid to own it.
Latent exposure rarely shows up as a line item. It hides in the mechanics of how software is licensed and how deals are structured. Four places account for most of what we find.
| Where it hides | What goes wrong | Who inherits it |
|---|---|---|
| Metric drift | Deployment has grown past the licensed metric, such as processors, named users, or sub capacity, without a matching purchase. | The buyer, at the next audit. |
| Indirect access | Third party systems read or write to a licensed application without their own entitlement. | The combined entity after integration. |
| Change of control terms | Anti assignment and change of control clauses trigger consent, termination, or repricing depending on the deal structure. | Whichever party the structure leaves holding the contract. |
| Inherited settlements | A prior audit settlement carries ongoing obligations that the new owner must keep meeting. | The acquirer, often without knowing the terms. |
The structure of the deal decides which clause bites. A stock purchase, an asset purchase, a merger, and a carve out each change whether consent is needed and whether pricing resets. We map that interaction in our software due diligence guide and quantify it inside a live deal.
Not every publisher pursues post deal compliance with equal energy. The major audit risk after a transaction comes from Oracle, SAP, Microsoft and IBM, and increasingly from Broadcom following its VMware acquisition, along with Salesforce and ServiceNow. A change of ownership is a known prompt for their compliance teams, because the combined entity is larger, freshly capitalised, and freshly worth examining.
The scale is not theoretical. As of June 2026, the public record makes the point. SAP pursued AB InBev for a figure in the region of 600 million dollars over disputed and inherited licensing, and the Diageo Great Britain Ltd v SAP UK Ltd judgment, [2017] EWHC 189 (TCC), confirmed that indirect access can require licensing. Those are the headline cases. The ones that settle quietly never make the news, which is exactly why they are easy to underestimate during diligence. For a vendor by vendor view, see our software publisher audit risk profiles and the M&A software audit risk guide.
The fix is not more legal review or another scanner. It is a buyer side workstream that measures deployed usage against entitlement for the publishers that matter, states its assumptions, and produces a defensible number the investment committee can act on. That is the whole of what we do, and it is why we are structurally independent: we hold no publisher or reseller affiliation and we are paid only by the acquirer. To see how an engagement runs across a deal, read how it works, or start with our software due diligence service.
It is the gap between what a target is deployed to use and what it is actually entitled to use under its software contracts. The gap transfers to the buyer at close and can surface as a publisher audit and a back charge in the first year after the deal.
Financial diligence maps revenue and cost. Legal reviews assignability. A scanner reviews open source. The deployed usage against entitlement for the publishers that drive audit risk falls between those workstreams, so it is rarely measured before signing.
Very large. As of June 2026, public cases show the scale: SAP pursued AB InBev for a figure in the region of 600 million dollars, and the Diageo Great Britain Ltd v SAP UK Ltd judgment, [2017] EWHC 189 (TCC), confirmed indirect access can require licensing.
Oracle, SAP, Microsoft and IBM remain the most active, and audit risk from Broadcom (VMware), Salesforce and ServiceNow is rising. A change of ownership is a known prompt for their compliance teams.
Before signing, so the number can be priced into the deal, held in escrow, or covered by warranty and indemnity. Quantifying it after close removes the leverage to do any of those things.
Request a confidential software M&A risk assessment. We map and quantify the inherited licensing exposure inside your deal.