The internal business operations restriction in the Oracle Master Agreement is a short clause that produces large audit findings. The clause permits the buyer to use Oracle software for the buyer internal business operations. The clause excludes use that supports third party operations, use that is resold or embedded in commercial offerings, and use that supports shared services delivered outside the buyer corporate group. The exclusions are broad and Oracle applies them broadly during audits. Buyers that are surprised by the clause typically face the largest individual audit findings. This article describes the clause, the audit application, and the buyer defence position.
The clause as drafted.
The internal business operations clause appears in the customer agreement standard terms. The drafting language defines the permitted use as the use of the programs for the buyer internal business operations including processing data of customers, suppliers, and business partners. The clause excludes provision of the programs as a service to third parties, hosting the programs for the use of a third party, and rental or lease of the programs.
The clause has been interpreted by Oracle to mean that any use that has a commercial element outside the buyer group requires a separate licence arrangement. The interpretation is broad. It captures shared services centres that bill affiliates inside the group. It captures hosting arrangements where the buyer hosts software for a customer. It captures embedded use where the buyer sells a product that includes Oracle software components. Each interpretation has been tested in audits over the past several years.
Shared services centres.
A shared services centre is an entity inside the buyer corporate group that provides services to other entities inside the group. The centre uses Oracle software to run those services. The question is whether the use is internal business operations or whether the use is provision of services to third parties. The Oracle position depends on the contract between the shared services centre and the recipient entities. If the contract is an internal services agreement that does not generate external revenue the use is typically within the internal restriction. If the contract is structured as an arm length transaction with external pricing the use can fall outside the restriction.
The audit position is sensitive to the legal entity structure. A shared services centre that is structured as a separate legal entity from the operating entities can be treated as a third party for the purposes of the clause even if it is wholly owned by the same parent. Buyers should examine the legal structure of shared services arrangements before any audit is opened.
Hosting arrangements.
A hosting arrangement places Oracle software in an infrastructure operated by the buyer for the use of a third party. The arrangement is typically a commercial offering of the buyer to its customers. The Oracle position is that hosting arrangements fall outside the internal use restriction and require a separate licence model. The relevant Oracle model is the Application Specific Full Use licence or the Oracle Partner Network member licence.
Buyers that provide hosted services to customers should examine the Oracle software stack underpinning the service and confirm the licence model for each component. A component that is licensed under the standard customer agreement is not licensed for hosting. The audit finding for a hosted service that uses standard licences can be substantial and can cover several years of use.
Embedded use.
Embedded use is the inclusion of Oracle software components inside a buyer product that is sold or distributed to customers. The typical example is a software product that bundles an Oracle database for the storage layer. The embedded use is not internal business operations even if the buyer uses the same software internally for its own operations. The embedded use requires an Oracle Embedded Software Licence or an OEM licence agreement.
The audit position on embedded use is straightforward. Embedded use without an embedded licence is an audit finding. The finding is calculated on the deployed base of the buyer product across the customer base. The finding can be very large for buyers that have sold the product for several years before the embedded use was identified.
Cloud deployments.
Cloud deployments raise a separate version of the same question. A deployment in a public cloud is treated as a deployment in an infrastructure operated by a third party. The question is whether the third party operates the infrastructure or whether the third party operates the workload. The Oracle position is that the buyer operates the workload and that the use is therefore internal business operations subject to the standard cloud deployment guidance.
The cloud deployment question is resolved by the Oracle authorised cloud environment policy and by the contract terms in force at the time of the deployment. Buyers should confirm that each cloud deployment falls within the authorised cloud environment policy and that the deployment is consistent with the contract. See the soft partitioning analysis for the virtualisation considerations.
The defence position.
The buyer defence position on internal use questions begins with the legal entity mapping. The mapping identifies each entity that uses Oracle software and the corporate relationship between the entity and the buyer. The mapping is the source document for the internal use position. The second component of the defence position is the workload analysis. The analysis identifies whether each workload supports internal operations only or whether the workload supports external services.
The third component is the contract review. The contract review identifies which workloads are covered by which licence arrangements and which workloads fall outside any existing arrangement. The fourth component is the remediation plan. The plan identifies the steps required to bring each workload into compliance with the contract. The remediation plan can include relicensing, restructuring of the workload, or discontinuation of the use.
See the processor licence audit issues note for the metric considerations.
Engaging an independent advisor.
The internal use defence position benefits from external expertise on the Oracle contract language, on the audit application of the clause, and on the typical settlement structures. An independent advisor brings the experience of running multiple internal use defences and can build the legal entity mapping, the workload analysis, and the contract review on a compressed timeline.
For the wider cluster see Audit Defense. For the service see Audit Defense. For the deal structure see the Database licensing page. For the Oracle product see the Oracle Database product page. For the full research read the Oracle Negotiation Playbook white paper.
The contract drafting options.
Buyers that anticipate a use case that approaches the internal restriction can negotiate clarifying language into the customer agreement. The clarifying language can identify specific shared services arrangements as internal use, can identify specific hosting arrangements as authorised, and can identify embedded use scenarios that are within the existing licences. The clarifying language is typically negotiated at the time of a new licence purchase or at the time of a renewal.
The clarifying language should be specific to the buyer use case rather than abstract. A specific clarification has a definite meaning that survives interpretation. An abstract clarification can be reinterpreted by Oracle during a future audit. The buyer should also consider whether the clarifying language is best placed in the customer agreement, in an ordering document, or in a side letter. Each location has different effects on the legal status of the language and on the visibility of the language to future Oracle staff.
A worked example.
A global manufacturing buyer operated a shared services centre in Eastern Europe that provided finance and human resources services to operating entities across multiple regions. The centre used Oracle Database and Oracle E Business Suite for the financial systems. The Oracle audit team identified the shared services centre and proposed an audit finding based on the position that the centre was a third party services arrangement.
The buyer position was that the shared services centre was wholly owned by the same parent as the operating entities and that the services were internal services priced on an internal cost recovery basis. The audit conversation produced a settlement that recognised the internal services position with the support of a specific clarifying paragraph in the renewed customer agreement. The clarifying paragraph identified the shared services centre by name and confirmed that the internal services arrangement was within the internal business operations restriction.
The settlement avoided the audit finding and produced a contract position that protected the arrangement for future audits. The clarifying language was negotiated during the renewal that closed the audit and produced a durable position that the buyer carried forward.