The Broadcom EULA, and your rights.

A Broadcom EULA — the End User License Agreement that accompanies VMware, Symantec, CA Technologies, and Carbon Black products — is the document that ultimately determines what customers can and cannot do, what Broadcom can and cannot audit, and what financial obligations a deployment can produce. Most enterprise IT leaders have never read the EULA they are operating under. The audit team always has. This is one of the most consequential information asymmetries in the customer-vendor relationship, and it is the foundation of much of the avoidable financial exposure we see in Broadcom audits.

This pillar-length analysis walks through the structure of the Broadcom EULA as it exists in 2026, the clauses that matter most to customers, the rights customers have that they routinely fail to invoke, and the obligations customers should understand before they reach the point of negotiation or audit. It is not legal advice; it is operational analysis of the EULA framework that informs the commercial decisions customers make every day.

How Broadcom EULAs are structured in 2026

Broadcom EULAs since the VMware acquisition have evolved into a layered document structure. The base EULA establishes the core licensing terms. Product-specific terms attach to the base EULA for each product family. Order-specific terms in the customer's contract or order form attach further customisations. Service descriptions for managed components add additional terms.

This layered structure means there is no single document that governs the customer's position. The customer's actual rights and obligations are the composite of all the layers, and clauses in lower layers can modify or override clauses in higher layers. Customers who treat the base EULA as the controlling document routinely miss material terms that are buried in product-specific or order-specific layers.

The structure also evolves over time. The EULA that applies to a customer's perpetual entitlement purchased in 2019 is different from the EULA that applies to the subscription renewal signed in 2025. Customers with multi-vintage estate are operating under multiple EULA frameworks simultaneously, and the differences between them matter for audit defence.

The clauses that matter most

Across the EULA framework, certain clauses recur as the high-impact provisions that shape customer outcomes. Understanding these clauses — what they typically say, what variation exists, and how they interact — is the foundation of strategic EULA analysis.

The audit clause

The audit clause is the most consequential single provision in the EULA. It defines whether Broadcom can audit at all, what they can audit, how often, with what notice, and under what process. The clause varies meaningfully across Broadcom product families and across contract vintages.

Typical audit clauses give Broadcom the right to audit customer deployment of the licensed products with reasonable notice (typically 30 days), during business hours, at the customer's expense if material non-compliance is found, no more than once per twelve-month period, and subject to confidentiality obligations on the audit findings. The variations matter: some clauses cap audit frequency at once per twenty-four months, some require self-certification before formal audit, some require third-party auditor selection from a list both parties can approve.

The customer's first analytical step in audit defence is to read the specific audit clause in the controlling contract and identify any variations from the standard. The variations are sources of leverage that the audit team is not obliged to highlight. Customers who do not perform this analysis routinely accept audit scope that exceeds their contractual obligations.

The licence grant clause

The licence grant clause defines what the customer is actually authorised to do with the software. This sounds obvious but is frequently mis-understood. The licence grant specifies the licensed entity (the contracting customer, sometimes affiliates), the licensed scope (production use, development, test, disaster recovery), the licensed environment (specific geographies, specific cloud providers, specific hardware), and any restrictions (no public-facing service provision, no multi-tenant deployment, no benchmark publication).

Customers regularly deploy software in ways that exceed the licence grant — running production loads in environments licensed only for development, allowing affiliates to use entitlement licensed to the parent, deploying in geographies not covered by the licence. These deployments produce audit exposure that customers do not recognise until the audit team flags them.

The transferability and assignment clauses

Transferability and assignment clauses determine whether the customer's licences move with the entity in M&A scenarios, whether the customer can transfer licences between affiliates, and whether the customer needs Broadcom consent for changes of control. These clauses become consequential at acquisition, divestiture, and corporate restructuring events.

Broadcom's typical position is that licences are not transferable without consent, and change of control triggers a consent requirement. The variations matter: some contracts include automatic transfer to acquirers, some include affiliate-broadening language, some require notice without consent. Customers contemplating M&A activity need to know what their EULA actually says before the M&A activity is announced.

The compliance and reporting clauses

Compliance and reporting clauses specify the customer's obligations to track and report deployment. Some EULAs require active deployment reporting (typically annual); some require record-keeping only. The clauses also specify the records that must be maintained, the period for which they must be retained, and the format in which they must be producible.

Customers who comply formally with the reporting requirements have a stronger audit-defence position than customers who treat the reporting as ceremonial. Active, accurate self-reporting reduces audit-team latitude to use unfavourable inferences during audit; passive or sloppy reporting expands that latitude.

The payment and pricing clauses

Payment and pricing clauses specify the licence fees, the maintenance and support fees, the payment terms, and the price-increase mechanisms. The price-increase mechanism is particularly important: some EULAs allow Broadcom to increase prices at renewal subject to caps; some allow increases tied to specific indices; some require negotiation at each renewal.

The renewal-price-increase mechanism in the customer's contract is one of the most important provisions to understand ahead of renewal. Customers who do not know what their contract says about price increases routinely accept renewal pricing that exceeds the contractual constraints.

The warranty and limitation clauses

Warranty and limitation-of-liability clauses constrain the financial exposure both parties carry. Broadcom's standard warranty clauses are minimal — typically a 90-day warranty against material defects, with everything else as-is. Liability limitations cap damages, often at the licence fees paid in the prior 12 months.

The liability limitations matter most in dispute scenarios. Customers facing aggressive audit settlements should know what the contractual cap on Broadcom's claim actually is; this cap is sometimes the highest commercially defensible settlement number.

The dispute resolution clauses

Dispute resolution clauses specify how disputes are resolved — typically through negotiation, then mediation, then arbitration or litigation. The clauses also specify the governing law (frequently US-based regardless of customer location) and the venue. These clauses become consequential when the audit settlement does not converge on agreed terms.

Customers in unfavourable dispute-resolution positions — non-US customers with US governing-law clauses, customers with arbitration in unfavourable jurisdictions — should understand this position before reaching the dispute stage. The understanding shapes the negotiation posture.

Rights customers routinely fail to invoke

Beyond understanding what the EULA says, customers should understand what the EULA gives them — and what they routinely fail to use. Several rights are commonly under-invoked.

The scope-limitation right

The audit clause typically limits audit scope to the licensed products, the customer's deployment of those products, and the audit period defined in the clause. Broadcom audit teams frequently propose audit scope that exceeds these constraints — covering additional products, affiliate entities, longer periods. The customer's right to insist that the audit operate within the contractual scope is real and consequential. Invoking it precisely changes the audit reach materially.

The notice-and-process right

The audit clause typically specifies a notice period and a process for conducting the audit. Audits that depart from the contractual process — short-notice on-site requests, demanded access without the standard notice period, third-party auditors not approved through the contractual mechanism — can be objected to. Customers who object precisely to procedural departures often produce better-disciplined audits than customers who acquiesce.

The mediation and stepped-resolution right

Dispute resolution clauses typically include stepped resolution — negotiation, then mediation, then arbitration or litigation. The mediation step is frequently skipped by both parties in the rush to conclude the audit. Customers who invoke the mediation step — bringing in a neutral mediator to facilitate the settlement discussion — often produce better commercial outcomes than customers who go directly from negotiation to settlement.

The confidentiality right

EULAs typically include confidentiality provisions covering both directions — the customer's confidential information and Broadcom's. The customer's right to require confidentiality of audit findings is rarely invoked, but it can constrain Broadcom's ability to use the audit-derived information in adjacent commercial conversations.

The cap-on-claim right

The liability-limitation clause often establishes a cap on Broadcom's claim. Customers facing large audit findings should know what the cap is and consider whether settlement above the cap is appropriate. Settlements above the contractual cap should require explicit customer decision rather than default acceptance.

Obligations customers should understand

The EULA also imposes obligations on the customer that are worth understanding before they become enforcement issues.

The deployment tracking obligation

Most Broadcom EULAs require the customer to maintain accurate records of deployment sufficient to support audit. Customers who do not maintain these records are technically in breach of the EULA, and the breach weakens their position in any subsequent audit. Even outside formal audit, the tracking obligation is one customers should meet because the cost of meeting it is low and the cost of breaching it is high.

The cooperation obligation

Audit clauses typically require customer cooperation with the audit process. The scope of cooperation is constrained by the broader audit clause — cooperation within the contractual audit scope, not unlimited cooperation. Customers who interpret cooperation broadly produce wider audit exposure; customers who interpret cooperation precisely to the contractual scope produce better defended outcomes.

The compliance representation

EULAs typically require the customer to represent that their deployment is in compliance with the licensed terms. This representation matters in dispute scenarios; customers should be careful about formal compliance representations they cannot actually defend. The discipline is to comply with the licensed terms, not to assert broader compliance than is actually true.

The vintage problem

A specific challenge with Broadcom EULAs in 2026 is that most enterprises hold entitlement across multiple EULA vintages — pre-Broadcom VMware EULAs, post-acquisition transition EULAs, current Broadcom subscription EULAs. Each vintage governs the entitlement purchased under it, and the rights and obligations differ across vintages.

This produces audit-defence complexity. The customer's defensible position varies by which entitlement is being audited and which EULA vintage applies. The audit team frequently applies current-EULA terms to historical entitlement, which is contractually incorrect but is often not challenged by customers who do not realise the issue.

The defensive response is to map entitlement to controlling EULA, identify the specific contractual terms applicable to each tranche of entitlement, and challenge audit-team applications of newer EULA terms to older entitlement. This work is non-trivial but produces material defensive ground that customers without this discipline simply do not access.

Cross-product EULA differences

The Broadcom product families — VMware, Symantec, CA Technologies, Carbon Black — have historically had different EULA frameworks reflecting their independent vendor heritage. Broadcom has worked toward harmonisation, but in 2026 differences remain.

VMware EULAs typically have stronger transferability and weaker audit-frequency limits. Symantec EULAs typically have stronger compliance-reporting obligations and stronger confidentiality. CA Technologies EULAs typically have more complex licence-grant scoping. Carbon Black EULAs typically have stronger data-handling obligations.

Customers with entitlement across multiple Broadcom families need to recognise these differences. The audit defence on Symantec entitlement is structurally different from the audit defence on VMware entitlement, even when both audits are run by the same Broadcom audit team. The differences are sources of leverage and constraint that customer responses should reflect.

EULA changes since the acquisition

Broadcom has actively evolved the EULA framework since the VMware acquisition. The shifts that customers should be aware of include tightening on metering and reporting, expansion of audit-clause language to cover affiliated entities and additional products, shift to subscription with corresponding changes in renewal-price-increase mechanisms, and harmonisation of certain provisions across the legacy product families.

The implication for customers is that the EULA they operated under five years ago is not the EULA that governs their current entitlement or their next renewal. Customers who have not reviewed the EULA framework against current commercial behaviour are operating with stale understanding of their own position.

The negotiation opportunity at renewal

Renewal is the moment customers can negotiate EULA terms. Broadcom's standard position is to renew on the current EULA framework with minimal customer-side modification. Customers who push back specifically — on audit clause terms, on price-increase mechanisms, on transferability — sometimes secure material modifications, particularly on large renewals.

The negotiating positions that work best are specific, contractually grounded, and proportionate to the renewal scale. Negotiation that asks for broad EULA rewrites typically produces no movement; negotiation that asks for specific, defensible modifications on high-impact clauses produces measurable improvement.

What to do now

The practical steps a customer should take to strengthen their EULA position are bounded and concrete.

Inventory the EULA framework. Identify every Broadcom contract in force, the EULA vintage that governs each, and the customer's entitlement under each. This inventory takes work but pays back as the foundation for all subsequent analysis.

Identify the high-impact clauses. For each EULA in the inventory, identify the audit clause, the licence grant, the transferability provision, the payment terms, the liability limitation, and the dispute resolution mechanism. These are the clauses that shape commercial outcomes.

Compare against current practice. Cross-reference the contractual position against Broadcom's current commercial behaviour. Where Broadcom is taking positions that exceed the contractual basis, those are sources of defensive leverage.

Engage specialist review. Independent specialist review of the EULA framework, particularly for customers with material Broadcom exposure, produces insights that internal review consistently misses. The review cost is bounded and the value is durable.

Use the analysis in commercial conversations. The EULA analysis informs audit defence, renewal negotiation, and strategic decisions. Customers who maintain current EULA understanding and use it actively in commercial conversations produce materially better outcomes than customers who treat the EULA as a one-time legal document.

The strategic bottom line

A Broadcom EULA is one of the most commercially consequential documents in the enterprise IT estate. The customers who understand it deeply, invoke their rights precisely, and meet their obligations accurately produce materially better outcomes across audit defence, renewal negotiation, and strategic decision-making.

The asymmetry between Broadcom's understanding of the EULA framework and the customer's understanding is structural; closing the asymmetry is bounded work with durable payoff. The customers who do this well are not the ones with the largest IT budgets or the most sophisticated procurement functions; they are the ones who treat EULA analysis as a serious operational capability rather than a one-time legal exercise.

For most enterprises with material Broadcom exposure in 2026, the right posture is to invest in EULA understanding, refresh it at appropriate intervals, integrate it with audit and renewal preparation, and use it actively in commercial conversations. The work to do this well is bounded; the payoff compounds across multiple commercial events. The customer who establishes this posture produces durable advantage in one of the most consequential vendor relationships in the modern enterprise IT estate. The customer who does not, surrenders that advantage and continues paying for it across each audit and each renewal until the posture changes.