Organisations in China facing a software audit operate under a civil-law regime and one of the world’s strictest data frameworks, with Microsoft, Oracle, SAP, IBM, Adobe and Autodesk concentrating most audit and renewal pressure across a vast enterprise and state-owned-enterprise base. This page covers the Chinese legal and procurement reality, the most-audited vendors locally, and the firms serving the market — listed alphabetically with balanced pros and cons, not ranked.
Published 30 March 2026 · Last reviewed 7 May 2026 · Reviewed quarterly · A directory, not a ranking
Across global surveys, roughly 62–63% of organisations report a software audit within any twelve-month period, and China’s enormous manufacturing, financial-services, technology and state-owned-enterprise base sits firmly inside that pattern as licensed deployments of Microsoft, Oracle, SAP, IBM, Adobe and Autodesk deepen. Around 52% of audited organisations now bring outside defense help, delivered into China largely by global and APAC-focused independents working with local counsel rather than by dedicated mainland boutiques.
China is a civil-law jurisdiction. Contract is governed by the Civil Code of the People’s Republic of China (in force 2021), which sets a general three-year limitation period for most civil claims, though how far a publisher can reach depends on the specific agreement and its choice-of-law and dispute-resolution clauses — enterprise software is usually licensed under global or APAC master agreements, frequently governed by non-Chinese law with arbitration (for example before CIETAC or offshore). Software is protected under the Copyright Law and the Computer Software Protection Regulations.
Data handover is exceptionally consequential in China: the Personal Information Protection Law (PIPL), the Data Security Law and the Cybersecurity Law together impose strict data-localisation and cross-border-transfer controls, including security assessments for certain transfers out of the mainland. Transferring deployment or employee-linked data to an overseas auditor can therefore be tightly constrained — a significant procedural factor in scoping and timing any audit response. Public-sector and SOE buyers procure under the Government Procurement Law and Tendering and Bidding Law.
The legal points above are general information about the China environment, not legal advice. Local law and your specific contract govern any situation — take qualified China legal advice before acting.
Where audit and renewal pressure concentrates locally, in rough priority order. Vendors are described factually, never disparaged.
Volume licensing across enterprise and the public sector →
Database, options and the Java per-employee subscription →
Licence measurement (LAW/USMM) and indirect access →
PVU and the ILMT sub-capacity trap →
Named-user subscription and prior-version use →
Named-user deployment beyond entitlement →
Local specialists and global independents covering this market, in neutral alphabetical order with balanced pros and cons.
ServiceNow-centric licensing and estate-reconciliation practice that also covers Salesforce, Oracle, Microsoft, SAP, IBM and Adobe. Reconciles entitlement against actual consumption ahead of renewals and reviews.
Buyer-side independent licensing advisory with one of the broadest multi-vendor footprints, covering Oracle, Microsoft, SAP, IBM, Broadcom, Salesforce, ServiceNow and Workday.
India-native independent licensing boutique with a strong Oracle pedigree, covering Oracle and Microsoft audit defense and SAM, with its own SAM tooling and no Oracle partner or reseller status.
DEMO — listings are compiled from public information and labelled demo until the verified registry is live. Firms are listed alphabetically, never ranked. Independence is shown as a pro; a reseller, Big-Four or vendor-side audit relationship is shown as a con — each a factual trade-off for you to weigh.
The vendor hubs — descriptive links to each publisher's audit operation.
LMS, Java per-employee and the firms →
SAM Engagements, ELP and the firms →
LAW, indirect/digital access and the firms →
PVU, ILMT sub-capacity and the firms →
Licence-type and usage reviews →
Role right-sizing and renewal uplift →
Neighbouring country hubs and the cross-vendor service hubs.
Direct answers for buyers facing an audit or renewal in China.
Often only with difficulty. The PIPL, Data Security Law and Cybersecurity Law impose strict data-localisation and cross-border-transfer controls, including security assessments for certain transfers out of the mainland. Transferring deployment or employee-linked data abroad can be tightly constrained, which is a major factor in scoping and timing an audit response. This is information, not legal advice.
Dedicated mainland boutiques are not yet listed in this directory. China is served mainly by global and APAC-focused independents working alongside local counsel. Each firm’s stated HQ and regions are shown on its row; confirm Mandarin-language support and on-the-ground presence when matched.
The Civil Code sets a general three-year limitation period for most civil claims, but the audited period and any back-charges ultimately depend on your agreement and its choice-of-law and dispute-resolution clauses — many enterprise deals here are governed by non-Chinese law with arbitration. Confirm the position for your specific contract with qualified PRC counsel.
No. This is a directory, not a ranking. Firms serving China are listed in neutral alphabetical order with balanced pros and cons. Independence is shown as a pro; a reseller or vendor-side audit tie as a con — each a factual trade-off.
Yes. The directory and the matching service are free for buyers. We publish no prices or fees and take no money from software publishers.
Tell us your situation and we route your brief to firms serving the Chinese market. The directory and matching are free for buyers, no vendor ever sees your brief, and no firm is recommended over another.
Our weekly dispatch on vendor audit programs, regional developments and one buyer move. Subscribe to The Licensing Radar.