Software licensing is one of the most consistently underestimated sources of financial risk in M&A transactions. Oracle change-of-control clauses, SAP indirect access reclassification upon entity consolidation, IBM sub-capacity compliance failures, and cloud commitment obligations that survive acquisition — these are material risks that standard financial and legal due diligence routinely misses. IT Negotiations provides specialist software due diligence that quantifies licence exposure, identifies non-transferable agreements, maps change-of-control triggers, and surfaces cloud cost obligations — giving acquirers the intelligence they need to price deals accurately and protect returns post-close.
Enterprise software licensing creates financial exposure that does not appear on balance sheets, is rarely disclosed in data rooms without specialist interrogation, and regularly becomes the most significant post-close integration cost. These are the six categories we examine in every M&A software due diligence engagement.
Oracle, SAP, IBM, Microsoft, and Salesforce all embed change-of-control provisions in their enterprise licence agreements. These provisions can require immediate renegotiation, allow the vendor to reprice substantially, or in the most restrictive cases, permit contract termination. The specific trigger language and its implications vary significantly by vendor, contract vintage, and deal structure. We map every change-of-control provision and model the post-close negotiation exposure before transactions close.
The majority of enterprise software estates contain compliance gaps that have never been audited or quantified. Oracle database deployments in virtualised environments are chronically under-licensed due to misapplication of processor counting rules. SAP indirect access exposure is almost universally unquantified. IBM sub-capacity licensing is frequently non-compliant due to incorrect ILMT configuration. Post-close, acquirers inherit these gaps — and vendors frequently use acquisitions as an opportunity to initiate audits. We quantify this exposure before it becomes a post-close problem.
AWS, Azure, and Google Cloud enterprise agreements increasingly include committed spend obligations — often $5M–$100M+ over three to five years — that survive acquisition and may include significant under-utilisation penalties. These commitments are rarely visible in standard financial due diligence and are frequently discovered post-close during integration planning. We identify, quantify, and assess all cloud commitment obligations as part of standard software due diligence scope.
Some enterprise software licences are non-transferable — they cannot be legally moved to the acquiring entity without vendor consent and, typically, a renegotiation. Non-transferable licences that support critical business processes create both operational risk (disruption to key systems) and commercial risk (forced renegotiation with the vendor holding maximum leverage). We identify non-transferable agreements and assess the operational criticality and commercial exposure of each.
Enterprise software maintenance fees — typically 18–22% of original licence value per year — represent the single largest ongoing software cost category for most large enterprises. Many acquired targets are paying inflated maintenance rates, are locked into third-party maintenance contracts with unfavourable terms, or have let maintenance lapse on business-critical software creating both compliance and support risk. We assess maintenance economics and model rationalisation opportunities across the acquired estate.
Acquired entities typically carry significant shelfware — software licences that have been purchased but are not deployed, are significantly under-utilised, or support processes that will be eliminated during integration. Identifying and quantifying shelfware creates renegotiation leverage and immediate cost reduction opportunities. We map utilisation against entitlement across the major software categories and identify the highest-value rationalisation opportunities for the integration plan.
Our M&A software due diligence is structured to fit within deal timelines while delivering the depth of analysis that enterprise software complexity demands. We cover every major vendor and every material risk category — from initial data room review through to quantified findings and post-close integration recommendations.
Systematic review of all enterprise software contracts — identifying change-of-control provisions, transferability restrictions, termination rights, pricing mechanisms, and renewal obligations. We read every contract, not just the summaries.
Vendor-by-vendor assessment of licence compliance position using our benchmark data and proprietary compliance methodology. We model worst-case, expected, and mitigated exposure for each identified gap, with Oracle, SAP, and IBM receiving dedicated analysis.
Identification and quantification of all cloud committed spend obligations, enterprise discount programme terms, and CUD/RI positions across AWS, Azure, and Google Cloud. We model the cost and flexibility implications of each commitment position.
Based on our engagement history with each vendor post-acquisition, we provide negotiation strategy guidance — when to engage, what leverage exists, and what outcomes are achievable — for each material vendor relationship in the acquired estate.
Financial modelling of software integration costs — consolidation, migration, licence true-up, and rationalisation — across the combined entity's software estate. We distinguish between inevitable costs and avoidable costs based on integration strategy choices.
Recommendations for deal structure adjustments — price adjustments, escrow provisions, representations and warranties, post-close obligations — based on identified software risks. We work with deal teams and legal advisors to translate software findings into protective deal terms.
Enterprise software due diligence requires deep vendor-specific expertise. We cover every major enterprise software vendor from a single engagement — with no handoffs, no gaps, and no junior analysts filling in for senior expertise.
Change-of-control provisions, processor licensing in virtualised environments, ULA certification obligations, support pricing mechanics, and post-acquisition audit history.
Indirect access exposure, user reclassification upon entity consolidation, S/4HANA migration obligations, and maintenance contract terms.
EA transferability and renegotiation obligations, seat count obligations, Azure committed spend, and M365 licence consolidation economics.
Sub-capacity PVU compliance, ILMT configuration validation, Passport Advantage contract terms, and post-acquisition renegotiation dynamics.
User licence obligations, shelfware quantification, renewal rate lock-in provisions, and platform consolidation opportunities.
Committed spend obligations, reserved instance and CUD positions, enterprise discount programme terms, and marketplace agreement portability across AWS, Azure, and GCP.
We work within your deal timeline to quantify software licence liabilities, map change-of-control risks, and provide the intelligence your deal team needs. Most engagements complete within 2–4 weeks of data room access.
Start M&A Due Diligence Engagement →A PE fund acquiring a $800M revenue manufacturing business engaged us for software due diligence. We identified $47M in Oracle licence compliance exposure — driven by virtualisation policy violations across the production database estate — that was not visible in the data room. The finding informed a $22M purchase price adjustment and a structured Oracle renegotiation plan executed post-close.
A Fortune 500 acquirer engaged us during due diligence for a $1.2B software company acquisition. We identified $18M in SAP indirect access exposure driven by undocumented API integrations with third-party platforms. The finding was incorporated into deal representations and warranties and a post-close SAP renegotiation was executed at a fraction of the gross exposure.
A PE firm integrating three portfolio companies engaged us to assess combined cloud commitment positions across AWS, Azure, and GCP. We identified $31M in committed spend obligations across the portfolio — several of which included change-of-control clauses that would require renegotiation. The findings informed integration sequencing and cloud consolidation strategy, ultimately reducing committed spend by 28%.
Due diligence identifies the risk. Our post-close advisory services address it — from vendor renegotiations and audit defence through SAM programme design and multi-vendor optimisation.
Defend against Oracle, SAP, and IBM audits that frequently follow acquisitions. Senior-led response strategies that reduce exposure and control the timeline.
Rationalise and renegotiate across the combined software estate post-close. We manage multiple vendor conversations simultaneously with a unified commercial strategy.
Build the software asset management foundation for the combined entity. Tooling strategy, vendor-specific compliance programmes, and ongoing governance.
Software licence liabilities are among the most frequently missed and materially significant risks in M&A transactions. Oracle, SAP, IBM, Microsoft, and Salesforce all embed change-of-control clauses, licence metric definitions, and use restriction provisions in their agreements that create substantial financial exposure upon acquisition. Without specialist software due diligence, acquirers routinely discover post-close that they have inherited audit exposure, non-transferable licences, unfavourable contract terms, or obligations to immediately renegotiate at significantly higher rates. We quantify these risks before deals close — enabling price adjustments, escrows, or targeted remediation.
Oracle consistently represents the highest M&A software risk due to the complexity of its licensing model, aggressive use of change-of-control clauses, and post-acquisition audit history. SAP creates significant risk around indirect access and user licence reclassification upon entity consolidation. IBM's sub-capacity licensing rules in virtualised environments are frequently non-compliant in acquired targets. Cloud contracts — AWS, Azure, Google Cloud — carry committed spend obligations and change-of-control provisions that may trigger renegotiation or penalties.
A typical engagement for a mid-market acquisition takes two to four weeks from data room access to delivery of findings. For larger enterprise transactions with complex multi-vendor estates, six to eight weeks is more representative. We work within deal timelines and can produce interim findings to inform critical decision points.
Yes — financial quantification is the central output of our work. For each identified risk we provide a range estimate distinguishing worst-case, likely outcome, and mitigated outcome. This enables deal pricing adjustments, representations and warranties structuring, and post-close integration planning. We have quantified over $4B in aggregate software liability exposure across our M&A due diligence engagements.
Our senior advisors have executed software due diligence on transactions ranging from $50M bolt-on acquisitions to multi-billion-dollar enterprise deals. Contact us to discuss your timeline and scope.
Is This Right For You?
Timing matters: Vendor renewals typically close faster than procurement teams expect. Start your negotiation strategy early to maximise savings.
Choose how you'd like to engage:
Best for immediate needs
Speak directly with a senior advisor. No junior consultants, no sales pitch.
Book Free Call →Research first
Get our tactical guide before your next vendor discussion.
Get IT Vendor Negotiation Playbook →Stay informed
Monthly briefings on vendor pricing changes and negotiation tactics.
Subscribe Free →Buyer-side only · Fixed-fee and gain-share · 500+ engagements · Gartner recognised
Client Results
“During our acquisition, IT Negotiations identified $18M in software liability the target company had failed to disclose. That finding changed the deal structure completely.”
Head of M&A Integration
Private Equity Firm