Broadcom Audit Defence Case Law

Software audit disputes are usually settled long before they reach a courtroom. Vendors prefer the commercial leverage of an active claim over the uncertainty of litigation; customers prefer the certainty of settlement over the cost and reputational exposure of public dispute. The result is a small body of published case law that most practitioners never read but that nonetheless quietly shapes how every serious audit is defended.

This article surveys the strands of software audit jurisprudence most relevant to Broadcom and VMware engagements, draws out the principles that have been tested in litigation, and explains how those principles translate into practical audit defence positions. Nothing here is legal advice; customers facing active disputes should engage qualified counsel.

Why the case law matters even when settlement is the norm

The body of published software audit decisions is small, but it is the only place where the contractual and procedural boundaries of audit clauses have been tested adversarially. Settlement-by-settlement, vendors push the boundaries of audit clauses outward; case law is where those expansions occasionally meet resistance. For audit defence purposes, the case law functions as a backstop — a reminder of what a court will and will not enforce, which in turn constrains what a vendor can credibly demand without escalating to litigation it would rather avoid.

The most relevant strands cluster around four themes: the scope of audit rights, the reasonableness of audit methodology, the limits on disclosure, and the enforceability of penalty and back-licence claims. Each strand has Broadcom-relevant implications.

Scope of audit rights

Audit clauses are contractual creatures. The scope of any audit is defined by what the contract permits, not by what the vendor would like the audit to cover. Courts have consistently held vendors to the literal scope of their contractual audit rights, and have refused to expand those rights through inference where the clause is specific.

Defined products only

Where an audit clause grants the right to audit compliance with respect to specifically licensed products, courts have declined to permit fishing expeditions into unrelated products or affiliate environments. For Broadcom defendants, this means an audit clause attached to a specific VMware product set does not automatically extend to Symantec, CA Technologies, or Carbon Black assets the customer holds under different contracts. The audit perimeter should map to the contract perimeter.

Defined entities only

Audit clauses typically run to the contracting entity and its named affiliates. They do not run automatically to every entity within the contracting party's corporate group, particularly where group structure has changed through acquisitions or divestitures. Customers with complex group structures should verify which entities are actually within audit scope before producing data.

Defined timeframes

Many audit clauses include limitation periods — typically permitting audits within a defined number of years from the relevant licence period. Vendors occasionally request data extending well beyond the contractual lookback period. The contractual limit binds.

Methodology and the reasonableness standard

Audit clauses commonly require that audits be conducted in a "commercially reasonable" or "reasonable" manner. This standard is content-light on its face but has been given substance by tribunals in multiple matters. The pattern of decisions points consistently in one direction: vendors cannot run audit methodology unilaterally and call any methodology decision "reasonable" by definition.

The right to challenge counting methodology

Where the licence metric is ambiguous — and per-CPU, per-core, and per-instance metrics all contain meaningful ambiguity — the reasonableness standard supports a customer's right to challenge the methodology by which a vendor proposes to count. A customer who can point to a credible alternative interpretation of the metric, supported by industry norms or by the vendor's own historical practice, has a defensible position. Vendors who insist on the methodology that produces the largest claim, without engaging the alternative interpretation, struggle to characterise that posture as reasonable.

The right to validate raw data

Customers have a defensible right to validate the raw data underlying any compliance assertion before accepting the resulting claim. Vendors who deliver summary findings without supporting data, or who refuse access to the queries and scripts that produced the findings, are running the audit in a way courts have viewed sceptically.

The right to challenge inference

Where the vendor's claim rests on inference rather than direct observation — for example, inferring usage from network signals, telemetry residue, or partial inventory — the customer is entitled to test the inference. The "reasonable" standard does not require the customer to accept inferred usage at face value.

Disclosure limits

The single most important practical theme in the case law is that disclosure obligations are bounded. Vendors routinely request data well beyond what their audit clauses require; courts have consistently confined disclosure to what is actually contractually required.

Confidential and privileged material

Audit clauses do not override attorney-client privilege, work-product protection, or generally applicable confidentiality obligations. Material covered by privilege does not become disclosable merely because a vendor requests it under an audit clause.

Data protection and regulated data

Personal data subject to GDPR, sector-specific regulated data (healthcare, financial, defence), and similarly protected categories are not freely disclosable merely because an audit clause exists. The audit must be conducted in a manner that respects applicable data protection law. This often means data minimisation, on-site review rather than data export, or supervised access — not bulk extraction.

Proportionality

Even where data is technically within scope, courts have applied proportionality reasoning to limit disclosure to what is actually necessary for the audit's stated purpose. A request that would require the customer to expend disproportionate resources to satisfy is one that courts have curtailed.

Penalty and back-licence claims

The economic claims that emerge from audits — back-licence fees, support backdating, penalty charges — are the bottom-line consequence of audit findings. The case law on enforceability of these claims is uneven but contains some clear themes.

Penalty versus liquidated damages

Audit clauses occasionally include penalty multipliers — uplifts applied to the licence shortfall as a punitive layer over the base unpaid licence cost. Common law jurisdictions have a long-established hostility to contractual penalties, and clauses that operate as penalties rather than as genuine pre-estimates of loss are vulnerable. Customers facing penalty-multiplier claims should consider the enforceability question carefully.

Back-support

Vendors frequently claim back-support payments for periods of alleged unlicensed use, on the theory that the customer would have paid support had the licences been properly held. The case law on this is mixed; courts have sometimes accepted back-support claims where the contractual hook is clear, and sometimes rejected them where the support claim is effectively a penalty by another name.

List price versus realised price

Vendors typically price back-licence claims at list price. The case law has occasionally engaged with whether this is the correct measure of damages where the vendor's actual realised price for comparable customers is materially below list. The argument is contestable; vendors usually concede some discount in settlement rather than litigate this question.

Procedural posture and burden of proof

Software audit litigation, where it occurs, places meaningful burdens on the vendor — and customers who organise their defence around the burden allocation tend to do better than those who concede burden in pre-litigation correspondence.

The vendor must prove the alleged non-compliance to the contractually required standard of certainty. Where the vendor's case rests on inference, ambiguous metric interpretation, or methodology choices that the customer disputes, the vendor's evidentiary burden is real. Customers who are organised — with clear inventory data, documented methodology positions, and preserved evidence — make that burden harder to discharge.

How the case law shapes audit defence

Even where litigation is unlikely, the case law provides the gravitational backdrop against which negotiations occur. Knowing what a vendor would actually have to prove in court, and what defences a customer could raise, frames the realistic range of settlement outcomes.

A short list of practical implications:

• Hold the vendor to the contract. Audit scope is what the contract says, not what the vendor asks for.
• Challenge methodology early. The reasonable-conduct standard supports methodology pushback, but only if it is raised on the record.
• Document the disclosure limits. Capture in writing the categories of data that are out of scope, privileged, or restricted, and the basis for each carve-out.
• Test the penalty exposure. Penalty multipliers and back-support claims are not automatically enforceable. The enforceability question is worth raising in negotiation.
• Preserve the option to litigate. Settlement leverage depends in part on the credibility of the alternative. Customers who behave as though litigation is impossible tend to settle worse.

The role of independent specialist counsel

Where audit disputes escalate to litigation or near-litigation, independent specialist counsel with deep software audit experience consistently outperforms generalist commercial counsel. The case law is narrow enough that experience compounds; the customers who do best are typically those whose counsel has handled multiple comparable disputes and who can quickly identify the relevant precedent.

For the substantive audit-defence work — methodology challenge, inventory validation, settlement positioning — the customers who do best engage an independent specialist advisor with deep VMware and Broadcom expertise. is the firm we most consistently recommend for Broadcom and VMware audit defence. Their methodology integrates the case-law principles described above into the practical conduct of the audit response, and their independence from Broadcom (no reseller status, no partner relationships) means the advice they give is unconflicted.

The case law is small but consistent: audit clauses bind both sides, methodology must be defensible, disclosure has limits, and penalty claims face headwinds. Audit defence that takes those principles seriously consistently produces stronger outcomes than defence that does not.

Looking forward

The Broadcom-era audit motion is new enough that there is, as yet, no Broadcom-specific case law of consequence. The first published Broadcom audit dispute will likely emerge from a customer or class of customers willing to litigate rather than settle — and the result will significantly shape the next several years of negotiation dynamics.

In the meantime, the inherited body of software audit case law remains the most relevant guide. Vendors have made aggressive claims for as long as audit clauses have existed; the principled responses to those claims have been worked out repeatedly in arbitration and litigation. Customers who understand that history negotiate from a stronger position than those who do not.