IBM runs one of the most active license-audit programs in enterprise software, and most outcomes turn on two things: how Processor Value Units (PVUs) are counted and whether your sub-capacity reporting through the IBM License Metric Tool (ILMT) was complete and on time. The firms below defend IBM audits worldwide; the single most useful first move is to fix your ILMT position and re-check the PVU math before you accept any finding.
LAST REVIEWED: JUNE 2026 · REVIEWED QUARTERLY
IBM conducts software compliance reviews globally, both directly and through appointed third-party auditors, typically under the audit rights in the IBM International Passport Advantage Agreement (IPAA). It sits among the most audit-active publishers reaching enterprises in 2026, alongside Microsoft, Oracle, SAP, Red Hat and Broadcom VMware. Across the market, an estimated 62 to 63 percent of companies report being audited within any 12-month window (industry surveys, 2025 to 2026), and roughly 52 percent now bring in outside defense help rather than face a publisher review alone.
An IBM review usually opens with a formal audit notification naming an audit firm, followed by a request to deploy data-collection tooling and to produce deployment and entitlement records. The decisive question is almost always sub-capacity eligibility: IBM allows many products to be licensed for the virtual capacity actually used rather than full physical capacity, but only if the IBM License Metric Tool (ILMT) was installed, kept current, and producing quarterly reports throughout the period. Where ILMT was missing or lapsed, IBM's default position is to charge at full capacity, which can multiply the claim. Red Hat, an IBM company, is also escalating subscription-compliance reviews sharply in 2026, and IBM estates increasingly span both.
IBM's core metric for many middleware and infrastructure products is the Processor Value Unit (PVU), a per-core figure that varies by processor type, so the same workload can carry very different PVU totals depending on the hardware and how cores are mapped. Sub-capacity licensing lets you count only the cores assigned to IBM workloads in a virtualized environment, but eligibility is conditional on continuous, accurate ILMT reporting. Common findings arise from a late or incomplete ILMT deployment, virtualization or container sprawl that makes point-in-time measurement contentious, ambiguity over whether a component is licensed standalone or only as part of a bundle, and Passport Advantage terms that place the burden of proof on the customer. Gaps are frequently charged retroactively, compounding exposure.
Do not accept a full-capacity finding or hand over raw tooling output before the ILMT history and PVU mapping have been independently reviewed. A late ILMT report does not automatically forfeit sub-capacity rights in every case, and the PVU math is frequently contestable.
The recurring moves. Recognize them early and you keep leverage.
Processor Value Unit math across mixed environments is complex and easy to compute in IBM's favor when core-to-PVU mapping is not checked.
Miss the ILMT deployment or a quarterly reporting window and IBM's default is to charge at full physical capacity.
Whether a component is entitled standalone or only within a bundle is interpreted to maximize the claim.
Dynamic and containerized infrastructure makes point-in-time measurement contentious and inflates apparent deployment.
IPAA program rules shift the burden of proof onto the customer to demonstrate compliant deployment.
Reporting gaps are charged retroactively across the period, compounding exposure well beyond current usage.
The portfolios where IBM findings most often arise, described factually.
PVU-licensed application and integration middleware, where sub-capacity eligibility and core mapping drive the result.
Database and data-platform products licensed by PVU or authorized user, sensitive to virtualization assumptions.
Modern Cloud Pak entitlements use Virtual Processor Cores (VPC), and container deployments complicate measurement.
Capacity and event-based metrics that are easy to exceed as data volumes grow.
As an IBM company, Red Hat is escalating subscription-compliance reviews on RHEL and OpenShift in 2026.
Capacity-based storage software licensing where measured terabytes can drift past entitlement.
Listed alphabetically with balanced pros and cons — a directory, not a ranking. Every firm below is independent and buyer-side; none resells IBM licenses.
Zurich boutique serving regulated industries, including banking and pharma, with discretion-first engagements across Oracle, SAP, IBM and Broadcom.
Infrastructure-licensing focus with deep data-center and virtualization modeling that applies directly to IBM PVU and sub-capacity disputes.
Munich-based licensing law boutique combining German contract-law litigation with technical measurement across SAP, Oracle and IBM.
Ex-IBM PVU and sub-capacity experts who close the ILMT reporting gaps that auditors turn into full-capacity charges.
Founded by former Oracle LMS auditors; a litigation-ready advisory that also defends IBM matters and is willing to contest findings rather than only negotiate.
Independent enterprise licensing advisory covering Oracle, SAP, IBM and Microsoft. No vendor partnership, no reseller relationship and no commission.
Listed alphabetically — not a ranking.
Audit posture and local procedure differ by market. Pick yours for the firms and local guidance.
IBM defenders and local guidance →
IBM defenders and local guidance →
IBM defenders and local guidance →
IBM defenders and local guidance →
IBM defenders and local guidance →
IBM defenders and local guidance →
IBM defenders and local guidance →
IBM defenders and local guidance →
IBM defenders and local guidance →
IBM defenders and local guidance →
IBM defenders and local guidance →
Every verified firm →
Sub-capacity eligibility. IBM lets many products be licensed for the virtual capacity used rather than full physical capacity, but only where the IBM License Metric Tool (ILMT) was installed, current and producing quarterly reports. A missing or lapsed ILMT is the most common reason findings balloon to full capacity.
A Processor Value Unit is IBM's per-core licensing unit, and its value depends on the processor type. Because the same workload can carry very different PVU totals depending on hardware and core mapping, the PVU calculation is frequently where claims are overstated and where re-measurement reduces them.
Not necessarily in every case. IBM's default is to charge at full capacity, but the facts, the contract terms and any reconstructable historical data can support a sub-capacity position. This should be reviewed before any full-capacity finding is accepted. This is information, not legal advice.
Red Hat is an IBM company and is escalating its own subscription-compliance reviews on products such as RHEL and OpenShift in 2026. Estates increasingly span both, so defenders often address IBM and Red Hat exposure together.
No. This is a directory, not a ranking. We list firms with balanced pros and cons and give you what you need to choose for yourself, including whether a firm is independent or also resells the vendor's licenses.
Yes. The directory and matching are free for buyers. We are not a law firm and take no money from software publishers.