After Broadcom’s aggressive shift away from VMware perpetual licenses, the company has begun a separate, high-stakes audit push against former VMware customers who let maintenance contracts lapse and chose not to subscribe to Broadcom’s bundled VMware offerings. The move comes as customers report dramatic price increases under the new model, with some firms noting triple-digit hikes and others claiming far larger jumps. In the years since Broadcom closed its $69 billion VMware acquisition, the vendor has continued to push a bundled approach, arguing that it delivers integrated capabilities and predictable support. Yet for many users holding onto older VMware licenses, the decision to forego renewal has set off a cascade of cost concerns, security questions, and now active audits that could reshape operations, staffing, and even licensing strategies across their IT ecosystems.
Background: Broadcom, VMware licensing changes, and market impact
Broadcom’s decision to discontinue the sale of VMware perpetual licenses in November 2023 marked a deliberate and consequential pivot in how VMware software is purchased, deployed, and maintained. Rather than selling standalone licenses that grant ongoing use independent of a support agreement, Broadcom began emphasizing a tightly integrated portfolio of VMware SKUs that bundle multiple products and services into a single offering. This bundling strategy is designed to create a more cohesive package for customers, enabling Broadcom to streamline licensing, updates, and support under a unified umbrella. But for many organizations, the shift has also introduced a steep price curve, complicating budgeting processes and forcing IT leaders to reevaluate the total cost of ownership for essential virtualization and cloud infrastructure.
The consequences of Broadcom’s strategy have extended beyond the purchase price. Customers who previously relied on VMware perpetual licenses—licenses that allowed continued use of the software even after maintenance contracts expired—found themselves facing new realities. The data center landscape has grown increasingly complex, with organizations relying on VMware’s core platforms such as vSphere and VMware Cloud Foundation to support secure, scalable virtualization, hybrid cloud deployments, and multi-cloud operations. Under the bundled model, many customers report that staying current with updates, patches, and security enhancements can be significantly more expensive or otherwise constrained by contract terms. In some cases, Broadcom has been perceived as constraining access to maintenance releases, minor updates, major upgrades, extensions, enhancements, patches, bug fixes, and security patches beyond a narrow category of critical fixes. The net effect is a higher ongoing price of operating a VMware environment, heightened by the decision of a number of customers to let their support agreements lapse rather than renew under Broadcom’s terms.
The broader market context helps illuminate why these developments matter. VMware’s technology stack—particularly components like vSphere and VMware Cloud Foundation—functions not only as a virtualization layer but as a foundation for expansive cloud and data center architectures. When maintenance and updates are not available, security postures can become more brittle, exposure to vulnerabilities may rise, and integration with adjacent tools can become more challenging. Some customers have observed drastic increases in the cost of running VMware software after the licensing transition. Reported figures include claims of price hikes around 300 percent, while other stakeholders report even more dramatic increases. These perceptions are not purely about sticker price; they reflect the combined impact of licensing terms, discounting dynamics, support coverage, and what happens when organizations opt to defer or forgo renewal while continuing to rely on installed VMware functionality.
As part of Broadcom’s ongoing efforts, the company has asserted its intention to ensure that VMware usage remains within the bounds of current licensing terms, particularly as it relates to the use of maintenance releases and updates beyond the supported period. The company has asserted that there is value in maintaining a consistent, supported software stack—especially in the areas of security, interoperability, and reliability—and that the bundling approach is designed to deliver that value in a more integrated fashion. Critics, however, have argued that the model can create friction for customers who need to balance cost with risk management, particularly in environments with limited budgets, aging hardware, or complex multi-vendor strategies. The tension between cost containment and security/upkeep has become a focal point for many CIOs, IT directors, and procurement teams who are navigating the implications of Broadcom’s VMware strategy.
The shifting licensing landscape also carries broader implications for how customers approach software asset management (SAM), license compliance, and governance. When perpetual licenses are no longer sold, and when maintenance access becomes contingent on a bundled agreement, there is a natural incentive for enterprises to audit their own deployments to ascertain compliance, usage levels, and entitlement boundaries. It is in this environment that Broadcom has observed an opportunity to formalize audits of past VMware deployments, particularly for customers who chose not to renew support or subscribe to the updated bundles. The company’s strategy appears to be aimed at ensuring that usage aligns with the current licensing model, while also creating a framework that discourages continued use of unmaintained software in ways that could undermine the value proposition of the bundled offerings.
This market backdrop helps explain why the current audit activities are attracting attention from IT and legal teams across the industry. On one hand, auditors see a pathway to confirm adherence to licensing terms, reduce potential risk exposure, and recover license revenue associated with deployments that may have exceeded entitlements. On the other hand, affected organizations raise concerns about the financial and operational impact of such audits, the potential for penalties or retroactive licensing costs, and the broader implications for security and continuity of service if certain updates are restricted or if contracts are revised retroactively. In short, the licensing transition has created a pendulum effect: while Broadcom seeks to standardize and monetize a modern, bundled VMware ecosystem, many users are seeking flexibility, predictability, and ongoing access to critical updates—especially when the costs of staying under Broadcom’s umbrella appear steep and the risk posture remains a priority.
As this dynamic unfolds, it is important to note that the broader ecosystem includes VMware’s product portfolio, customer support ecosystems, security practices, and the operations teams responsible for maintaining uptime and performance. VMware’s core platforms—vSphere for virtualization, vCenter for management, and Cloud Foundation as a unified software-defined data center solution—continue to be central to enterprise IT strategy, especially for organizations undergoing digital transformation, modernization, and cloud migration efforts. The shift to bundled licensing intersects with these strategic initiatives in meaningful ways, shaping decisions about architecture, outsourcing, multi-cloud approaches, and the pace at which organizations can adopt new capabilities or stay on a secure, supported release train. The current audit activities must be understood within this broader context: a confluence of pricing, licensing, security, governance, and operational risk that organizations must weigh as they evaluate the true value and total cost of ownership of Broadcom’s VMware portfolio.
In sum, the licensing transition from perpetual VMware licenses to Broadcom’s bundle-driven offerings has not merely altered a pricing line item for many organizations. It has redefined the way they plan upgrades, manage security patches, and allocate budgets for software maintenance across the data center and cloud environments. The decision to forgo renewal has, for some, created a legal and compliance exposure that Broadcom is now attempting to address through formal audits. The audit process, as described in the letters and communications reviewed in industry reporting, signals a more assertive approach than many customers expected, elevating concerns about the potential financial impact and the operational disruption that could accompany the pursuit of entitlement compliance in complex VMware deployments. As the market observes, the tension between Broadcom’s bundled value proposition and customers’ tolerance for higher costs and stricter stewardship remains a defining feature of VMware’s post-acquisition era.
Audit letters and process: scope, timeline, and early implications
The current wave of audit activity follows Broadcom’s earlier strategy of delivering cease-and-desist notices to VMware users who are operating beyond the terms of their expired or non-renewed support arrangements. The cease-and-desist communications instruct recipients to halt the use of maintenance releases, minor updates, major releases or upgrades, extensions, enhancements, patches, bug fixes, and even security patches—except in cases of zero-day vulnerabilities—where those updates were issued after the user’s support contract ended. This approach underscores Broadcom’s intent to reinforce the boundary between licensed, supported VMware usage and any continued use that it deems outside the scope of the current licensing model. The letters also explicitly warned recipients about possible audits, signaling an escalation from warnings to formal review and enforcement actions.
A notable development in this audit program is the appearance of a formal audit notice directed at a VMware customer in the Netherlands. The notice, dated June 20, informs the company that it has “been selected for a formal audit of its use of VMware software and support services.” The contacted entity is told that an auditing firm—Connor Consulting, headquartered in San Francisco with a global footprint—will conduct the review of the company’s VMware deployment and entitlements. The scope of this engagement is described as potentially including fieldwork or remote testing and meetings with personnel across accounting, licensing, and the management information systems function. The audit notice indicates that someone from Connor Consulting would reach out, and the recipient should respond within three business days. The letter is signed by a Broadcom executive responsible for global sales operations, underscoring the formal and organized nature of the process.
From the perspective of the audit process, several elements stand out. First, the involvement of a specialized third-party firm suggests that Broadcom intends to standardize, document, and formalize the audit methodology, moving beyond informal inquiries to a structured engagement. The inclusion of fieldwork implies that auditors may request on-site visits to verify deployment footprints, licensing counts, and entitlements across multiple VMware components, potentially touching on data center inventories, virtualization stacks, and cloud-based VMware services. Remote testing, as well as interviews with finance, licensing, and IT personnel, point to a comprehensive review that could intersect with billing records, software usage data, and contract terms. The three-business-day response window amplifies the urgency, pressuring organizations to prepare and coordinate interdepartmental responses across IT, finance, and procurement.
The broad language of the audit notice also emphasizes the objective of efficiency and minimized disruption. The letter quotes the Broadcom official as stating that the time will be used “as efficiently and productively as possible to minimize disruption.” In practice, this assurance can be taken as a statement that the audit plan will be designed to surface entitlement discrepancies while attempting to avoid major service interruptions or operational downtime. However, the practical implications for the audited organizations can be substantial. The prospect of fieldwork or remote testing—especially in complex environments with sprawling VMware deployments—poses the risk of operational disruptions, data handling considerations, and potential exposure of sensitive deployment details to third-party auditors. The reality for many IT teams is that audit engagements can require substantial coordination, data collection, and validation exercises, potentially diverting resources from ongoing projects.
Another aspect of the process concerns the perceived alignment—or misalignment—between license entitlements and actual usage. The audit aims to confirm that organizations are operating within the current licensing framework, including the allowances for usage of VMware software and the scope of supported updates. If a company is found to have deployed more instances, more cores, or higher consumption than what is authorized by the license entitlements, Broadcom could argue for remedial measures, including potential licensing purchases, back payments, or adjusted terms going forward. The stakes can be substantial; for organizations operating large virtualization environments with extensive vSphere implementations and VMware Cloud Foundation deployments, even a modest discrepancy could translate into a significant financial exposure.
The Dutch case, as described through the reporting, reveals the human element behind the audit activity. A security professional associated with the company who has requested anonymity described a decade-long VMware relationship that ended with a decision not to extend the support contract because of rising costs. The individual indicated that the lack of ongoing updates has security implications, noting that updates would not be available unless the CVSS score of a vulnerability was deemed critical. This line of reasoning—linking support renewal to timely security updates—highlights a core risk argument used by customers in dispute with Broadcom: the trade-off between immediate cost savings and the broader security and reliability posture of an enterprise IT environment. The interviewee suggested that the absence of regular updates could leave the organization more exposed to vulnerabilities, a concern that resonates with IT security teams tasked with safeguarding critical infrastructure.
In connection with the Dutch case, the audit plan described in the notice anticipates that Connor Consulting, the auditing firm, would review the VMware deployment’s technical footprint and licensing entitlements, potentially engaging with personnel across several organizational functions. The process is framed as collaborative yet authoritative, with expectations that the recipient would respond quickly and engage with the auditors in a structured manner. The “three business days” deadline creates a compressed timeline that can add pressure to gather the necessary information, validate records, and prepare for potential follow-up inquiries or interviews.
At the same time, the communications in question show that Broadcom is aware of the potential for a wide range of outcomes. While the stated goal is to ensure compliance and protect the integrity of the licensing system, there is recognition that audits can have cascading effects on a company’s finances and operations. The possibility of significant financial penalties or retroactive charges could influence strategic decisions, including whether to pursue renewal offers, adjust licensing footprints, or renegotiate contractual terms. The emphasis on efficiency and minimal disruption is a signal to both customers and auditors that Broadcom intends to keep the process orderly and predictable, but the precise impact on any given organization will depend on the audit findings, existing entitlements, and the broader contractual framework that governs the VMware deployment.
Finally, the broader context for these audits includes ongoing disputes about the ethics and legalities of Broadcom’s enforcement approach. Critics describe the measures as aggressive, punitive, or overly aggressive, raising questions about whether a vendor should rely on audit leverage in consumer markets where the incentives to upgrade and conform may be strong yet the costs can be prohibitive for some organizations. Supporters argue that robust license enforcement is necessary to sustain a fair market, protect intellectual property, and ensure that customers receive legitimate value from a modern, integrated VMware stack. The reality is that this audit program sits at the intersection of technology, licensing economics, and corporate governance, shaping how enterprises plan, deploy, and maintain essential virtualization infrastructure in a landscape that continues to evolve rapidly. As these audits unfold, organizations are watching closely for practical guidance on how to navigate the process, manage risk, and determine whether continued participation in Broadcom’s VMware bundles remains the most prudent path forward.
Customer experiences and early impressions: costs, security, and operational impact
For many IT teams and executives, the initial reaction to Broadcom’s licensing strategy and subsequent audits has been a mix of concern, skepticism, and strategic recalibration. The cost dimension is front and center. Organizations that previously managed a stable cost profile under VMware’s older maintenance-and-renewal model now confront the reality of higher annual expenditures tied to Broadcom’s bundled offerings. The perceived price sensitivity is heightened by anecdotal reports of substantial price increases, in some cases reaching triple-digit percentages, as users weigh the benefits of ongoing updates, premium support, and integrated features against the realities of tightened budgets and competing IT priorities. In this context, the audits are seen by some as a mechanism to recapture value and ensure compliance, but they also amplify the financial exposure that these organizations face, particularly if usage exceeds entitlements or if retroactive licensing charges are applied.
Beyond cost, there is a pronounced concern about security and patching in environments where support and updates are no longer readily accessible. The Netherlands-based security professional quoted in coverage expressed anxiety about security posture deterioration, noting that vulnerability fixes would only be available if the CVSS score was considered critical. This perspective underscores a critical tension: enterprises rely on timely security updates to protect systems that host sensitive data, manage regulatory compliance, and support mission-critical workloads. When access to updates is constrained or delayed, the risk footprint can grow, potentially affecting not only the IT department but the broader business operations that depend on VMware-based infrastructure. For many organizations, the ability to maintain an escalated patching cadence and to stay aligned with security best practices is a central reason to consider renewing maintenance or seeking equilibrium within Broadcom’s bundled offerings. The audit process, therefore, is not just a licensing exercise; it intersects with governance, risk management, and the organization’s capacity to manage security risk effectively.
The human dimension of these developments cannot be understated. The security professional interviewed described real-world implications for staff morale and resource allocation. They painted a picture of a team under financial pressure, with IT managers and legal department colleagues experiencing heightened stress due to the financial and procedural implications of audits and potential licensing adjustments. The suggestion that costs could influence salary negotiations or even trigger layoffs reveals the broader organizational impact of the licensing shift—an impact that extends beyond IT budgets and into broader workforce planning and talent retention. In addition, there is a sense among affected teams that the audit process is a formidable, external pressure that must be navigated with care, ensuring that operational continuity remains intact while addressing compliance concerns.
Another dimension concerns the practical realities of auditing in complex VMware environments. The possibility of fieldwork implies on-site visits, inventory checks, and direct verification of hardware, software, and licensing assets. Auditors may seek access to software usage data, licensing databases, deployment diagrams, and records of entitlements across multiple VMware components. The involvement of a third-party firm like Connor Consulting suggests a formal, documented process designed to minimize ambiguity and yield auditable evidence. Organizations must prepare to demonstrate compliance across a broad array of assets, including not only the core VMware hypervisor platforms but also related products and services that comprise the deployed VMware stack. This level of scrutiny can require cross-functional collaboration among IT operations, licensing teams, and financial controllers, with careful coordination to avoid disruption during the audit window. The practical reality is that these engagements can become a catalyst for process improvements, as organizations reassess asset management practices, refine licensing inventories, and implement more robust controls to reduce risk going forward.
Industry observers and professionals tracking the Broadcom–VMware relationship have noted that the company’s enforcement posture has potential consequences for customer sentiment and market perception. Descriptions of Broadcom’s approach as “litigious” reflect the perception among some customers and partners that the vendor is leveraging aggressive enforcement as a business strategy. The tension between the desire to maximize monetization and the need to maintain customer trust is a delicate balance for Broadcom, particularly given the enterprise software market’s emphasis on reliability, long-term partnerships, and risk management. As the VMware portfolio continues to evolve under Broadcom, organizations may be compelled to reconsider adoption timelines for new features or capabilities, re-evaluate vendor risk, and explore alternative approaches to virtualization and cloud management in light of the cost and audit considerations. The industry’s response to these developments—ranging from regulatory scrutiny to boardroom risk assessments—will shape the way enterprises negotiate terms, plan migrations, and structure licensing for the long term.
Customers who maintain VMware environments may also face practical considerations regarding support coverage, access to new features, and compatibility with other vendor ecosystems. For instance, those who opt to remain in Broadcom’s bundled ecosystem could potentially benefit from a more integrated roadmap and unified support experience, but at the cost of higher pricing and constrained update access for non-renewed deployments. Conversely, organizations that choose to operate with expired maintenance in the hope of avoiding bundling costs may confront a more challenging risk profile, including limited access to updates, potential exposure to known vulnerabilities, and increased reliance on manual patching or workaround strategies. The tension between these choices reflects a larger strategic calculation that IT leaders must undertake when evaluating the total cost of ownership, risk exposure, and alignment with business goals.
Despite the uncertainty surrounding audit outcomes and the full financial implications of Broadcom’s enforcement approach, some organizations may find room to negotiate terms, pursue renewed partnerships, or adjust their licensing footprints in ways that balance cost with security and operational continuity. The current environment encourages a careful assessment of licensing entitlements, deployment inventories, and the actual usage of VMware software across data centers and cloud environments. Enterprises may also explore alternative strategies for modernization, such as migrating workloads to supported VMware configurations under Broadcom’s bundled offerings, reallocating resources to other virtualization or cloud management platforms, or adopting hybrid approaches that optimize licensing costs while maintaining essential security and performance standards. In any case, the ongoing audits will likely catalyze a broader conversation about how licensing models should adapt to the realities of modern IT operations, the value of integrated software stacks, and the role of regulatory and market dynamics in shaping enterprise software strategies.
As this situation continues to unfold, IT buyers and procurement teams should approach Broadcom’s audit program with diligence, clear governance, and a robust understanding of their own entitlement posture. Comprehensive documentation, transparent data sharing where appropriate, and proactive engagement with auditors can help organizations navigate the process more smoothly. It is also wise to prepare for the possibility of future licensing revisions, ensuring that internal processes for asset management, license utilization reporting, and compliance monitoring are continuously improved to reduce risk. The evolving story of Broadcom’s VMware audits thus serves as a practical case study for how enterprises approach software licensing, governance, and security in a world where the line between licensing and utilization is increasingly—and deliberately—enforced through formal audits and third-party oversight.
Reactions from stakeholders and the broader regulatory conversation
The broader reaction to Broadcom’s audit strategy has been mixed, reflecting varied perspectives about licensing, enforcement, and the ethics of how software vendors manage compliance in a high-stakes enterprise environment. On one side, there are stakeholders who argue that rigorous licensing enforcement is essential to maintain a level playing field, ensure fair compensation for technology investments, and sustain the continued development and support of critical software ecosystems. They contend that without robust enforcement, license terms could be overlooked, leading to underpayment or misuse, and ultimately undermining the value delivered by vendors and the reliability of the software landscape.
On the other side, critics have voiced concerns about the aggressive posture, the potential chilling effect on customer confidence, and the ways in which audits could be used as leverage in ways that may seem disproportionate to observed usage. They point to potential gaps between license terms and real-world usage patterns, especially for organizations with legacy deployments or complex multi-vendor environments where visibility into entitlements can be challenging. Some customers argue that the combination of price increases, bundled licensing, and enforcement actions creates a scenario in which the business case for modernization and cloud adoption becomes more arduous, potentially slowing innovation or delaying strategic technology initiatives.
Within the regulatory sphere, calls for scrutiny of Broadcom’s practices—particularly regarding the acquisition of VMware and the subsequent licensing strategy—have gained attention from policy makers, industry groups, and advocacy voices concerned about market competition, antitrust considerations, and the ethics of aggressive enforcement in enterprise software markets. While regulatory actions may not be imminent in every jurisdiction, the visibility of such audits and the associated narratives about price, access to updates, and corporate governance signals to broader stakeholders that governance and oversight are important considerations for both the vendor and its customers. The questions being asked include whether licensing terms adequately reflect the realities of modern data center operations, whether enforcement practices align with consumer protection expectations, and how market dynamics might respond to ongoing consolidation and evolving licensing strategies in enterprise software ecosystems.
For VMware customers and broader enterprise IT communities, the current episode is a reminder of several practical imperatives. First, it underscores the importance of rigorous asset management and license compliance processes, especially for organizations that have relied on perpetual licenses in the past but are now navigating renewed or bundled terms. Second, it highlights the need for clear, proactive engagement with software vendors when encountering unexpected enforcement actions, including understanding entitlements, deployment footprints, and the exact scope of the audit. Third, it emphasizes the critical role of risk assessment in IT strategy, including evaluating the security implications of limited access to updates and the potential impact on the organization’s security posture, regulatory compliance obligations, and incident response readiness. Finally, it reinforces the value of governance structures that can coordinate cross-functional responses to license compliance, security considerations, and procurement decisions in a way that minimizes business disruption while protecting the organization’s strategic interests.
Industry observers expect that the coming quarters will witness a combination of continued audit activity, possible licensing negotiations, and continued public debate about the balance between vendor monetization and customer flexibility. In this landscape, VMware customers—especially those with legacy deployments and tight budgets—will be watching closely for how Broadcom refines its enforcement approach, whether there are adjustments to the terms of bundled offerings, and what protections or exemptions might exist for organizations with genuine security and operational concerns about upgrades and patches. The narrative moving forward is likely to focus on practical outcomes: the extent to which audits uncover entitlement gaps, the financial impact of any remediation requirements, and the broader implications for the way enterprise software licensing is structured in a market shaped by large-scale acquisitions and rapid technological evolution.
Conclusion
The Broadcom–VMware licensing and audit saga presents a complex mix of pricing strategy, enforcement, and enterprise risk management. As Broadcom pushes a bundled license model and steps up formal audits of former VMware customers, organizations are compelled to reexamine their deployment footprints, entitlements, and governance practices with renewed vigilance. The cost dynamics, combined with concerns about access to updates and security patches after support ends, underscore the critical trade-offs that IT leadership must weigh when deciding whether to renew, renegotiate, or restructure licensing for VMware technology.
In this environment, the audit process itself becomes a focal point for many enterprises. Beyond potential financial ramifications, audits raise questions about operational continuity, data access, and the ability of internal teams to coordinate with external assessors without compromising performance. The involvement of third-party auditors and the clear line of communications with Broadcom’s global sales leadership indicate a formal, ongoing program designed to establish compliance while managing disruption. Organizations should anticipate a need for rigorous documentation, transparent reporting, and proactive collaboration with auditors to navigate these reviews effectively.
As the market absorbs these developments, stakeholders will be looking for clarity on several fronts: how Broadcom intends to balance the benefits of bundled VMware offerings with customer cost concerns; what adjustments might be made to licensing terms or renewal options to address legitimate security and operational needs; and whether there will be regulatory or industry responses designed to ensure fair, transparent, and predictable licensing practices in a rapidly consolidating enterprise software ecosystem. The outcome of these audits and the broader licensing strategy will likely influence IT decision-making for years to come, shaping how enterprises plan virtualization, modernization, and cloud adoption in a landscape where licensing, security, and strategic technology investments are inextricably linked.