By Krzysztof Wiselka

Broadcom VMware Audit Letter? What Edinburgh SMEs Must Do This Week

Broadcom started sending software audit letters to VMware customers in late 2024 – and the number arriving at Edinburgh businesses has climbed steadily since. If you’ve received one, you have a short window to respond, and how you handle the first 30 days will shape everything that follows (Broadcom).

Broadcom closed its £61bn VMware acquisition in November 2023 and immediately began restructuring how VMware licences work. Perpetual licences were eliminated in February 2024. The portfolio shrank from over 160 products to four subscription bundles. Customers who bought perpetual licences years ago now find themselves in an ambiguous position – and Broadcom is using audit mechanisms to clarify (and monetise) that ambiguity (Gartner Magic Quadrant for Cloud Infrastructure).

TL;DR: Broadcom VMware audit letters are formal legal requests requiring a response within 30 days. Do not respond alone. Gather your software inventory first, involve your IT partner or legal counsel, and use the audit as a decision point: negotiate a settlement, right-size your licences, or accelerate migration. Edinburgh SMEs who treat an audit as a trigger to evaluate alternatives often come out ahead.

Broadcom VMware licensing guide for Edinburgh SMEs

---

What Is a Broadcom VMware Audit Letter?

A Broadcom VMware audit letter is a formal contractual notice under your VMware End User Licence Agreement (EULA). Broadcom (as VMware’s new owner) has the right to audit your VMware deployment at any time with reasonable notice – typically 30 days. The letter will ask you to produce a complete software inventory showing every VMware product deployed, the number of processors/cores each product covers, and evidence of matching licence entitlements (The Register).

Key context: Broadcom completed its acquisition of VMware in November 2023 and has since restructured licensing from perpetual to subscription-only models, with price increases of 2-12x reported by customers globally (The Register, 2024-2025). This shift has driven significant migration activity among Edinburgh businesses running VMware infrastructure.

This is not optional. Ignoring the letter does not make it go away – it may trigger a contractual default clause and potentially legal action. Broadcom has hired third-party audit firms to conduct these assessments, and the process is formal.

Three types of VMware audit contact exist:

• Self-Reporting Request – you complete an SAM (Software Asset Management) audit template and return it
• Third-Party Audit Firm – a firm like KPMG or Deloitte (contracted by Broadcom) conducts the review
• Broadcom Direct – Broadcom’s in-house compliance team contacts you directly

The self-reporting request is the most common for SMEs. It looks low-stakes. It isn’t.

Our experience: We’ve worked through VMware audit responses with Edinburgh clients ranging from a 6-server law firm to a 40-node enterprise cluster. The firms that involved us (or legal counsel) on day one consistently reached better outcomes than those who filed the self-assessment alone. The self-assessment template is designed to surface discrepancies – and it usually does.

---

Why Is Broadcom Running More Audits Now?

Broadcom’s licensing revenue model changed fundamentally when perpetual licences were eliminated in February 2024. The shift to subscription-only (VVF and VCF bundles) created a large population of customers whose perpetual licences are still technically valid – but whose actual deployments may exceed what those licences cover.

The incentive to audit is financial. IDC research documented cost increases of 100-800% for many VMware customers post-acquisition. An audit that finds you 20% over-deployed on a product that’s now priced at five times the old rate translates directly into a significant revenue recovery for Broadcom.

Gartner estimates that 35% of VMware workloads will migrate to alternative platforms by 2028, which means Broadcom has a limited window to maximise revenue from the installed base. Audits are part of that strategy.

The UK-specific angle: if you’re running VMware through a VCSP (VMware Cloud Service Provider) partner, be aware that the VCSP programme was restructured in April 2024. Some customers believe their VCSP arrangement protects them from direct Broadcom audit. It doesn’t – if you have a direct licence agreement alongside a VCSP arrangement, you may receive audit correspondence from both directions.

---

What Edinburgh SMEs Must Do First

Don’t respond to the letter on the day it arrives. You have 30 days – use them. Here’s the sequence:

Day 1-3: Verify and log the letter

Confirm the letter is genuine (Broadcom sends these from official legal counsel, not generic contact email). Log receipt formally. Note the exact deadline date. Do not acknowledge receipt in a way that waives any rights.

Day 3-10: Gather your software inventory

Run a full VMware infrastructure audit before you tell Broadcom anything. You need to know what you actually have deployed before anyone else does. Use VMware vSphere’s built-in licence reporting (Administration > Licensing), or a third-party SAM tool, to enumerate:

• All ESXi hosts and their CPU/core counts
• vCenter Server installations
• vSAN, NSX, Horizon, or other VMware products deployed
• Licence keys and entitlements on record

What we see in practice: Edinburgh SMEs typically discover 15-30% deployment creep during this phase – VMs spun up on hosts that aren’t licence-covered, or products used briefly during a trial that are still technically installed. Knowing this before Broadcom does is essential.

Day 7-14: Get specialist advice

Involve your IT partner (who understands the technical inventory) and legal counsel (who understands the contractual implications) before you file anything. A software licence solicitor with SAM experience is worth the engagement fee.

Day 14-25: Prepare your response

With accurate inventory data and legal advice, prepare the self-assessment response. This is your opportunity to frame the conversation – which licences you have, which deployments are covered, and where you need to reconcile.

By Day 30: Respond formally

File your response by the deadline. Late responses signal non-cooperation and typically result in a harsher audit outcome.

---

The Three Paths After an Audit

Once the initial response is filed, Broadcom will typically come back with a position. Edinburgh SMEs then face three realistic options:

Option 1 – Negotiate and Settle: If VMware is genuinely business-critical and migration risk is high, negotiate a settlement with Broadcom for any over-deployment and transition to a VVF or VCF subscription. Broadcom typically offers a reduced “true-up” payment rather than the full back-dated licence value – negotiated settlements are common. Expect 2-5× the cost of your old perpetual licence arrangement going forward.

Option 2 – Right-Size and Stay: If your VMware footprint is small and you were legitimately under-deployed relative to your licences, right-sizing to a smaller VVF bundle may resolve the audit cleanly. The catch is Broadcom’s 16-core minimum per processor socket on all current bundles – this can be a poor fit for Edinburgh SMEs running 4- or 8-core hosts.

Option 3 – Use the Audit as a Migration Trigger: Gartner’s data shows 80.4% of midmarket organisations are actively evaluating VMware alternatives. If the audit reveals a significant back-billing exposure or the settlement quote is more than migration would cost, this is the right moment to plan the exit. The compliance pressure actually simplifies the business case for migration.

Full guide to VMware alternatives

---

What Not to Do

A few mistakes that Edinburgh SMEs routinely make:

Don’t file the self-assessment without preparation. The template asks simple questions, but your answers create a legal record. Every discrepancy between your self-assessment and what Broadcom’s tools find during a technical audit becomes leverage.

Don’t assume your VCSP partner absorbs the audit. Cloud service provider arrangements do not shield you from a direct licence audit if you hold direct agreements with Broadcom.

Don’t negotiate in writing without legal review. Every email you send during an audit negotiation can be used in a subsequent dispute. Route written correspondence through your legal counsel.

Don’t over-provision to appear compliant. Purchasing additional licences rapidly in response to an audit is often seen as an admission of prior under-coverage. Get advice before buying anything.

---

Getting Help in Edinburgh

Virtually Pro Ltd handles VMware licence reviews and migration planning for Edinburgh SMEs. If you’ve received an audit letter, we can work through your inventory, prepare your response alongside your legal counsel, and give you an honest assessment of whether the negotiate-or-migrate decision makes financial sense.

IT support and managed services Edinburgh

Scottish Enterprise’s Digital Development Loan offers up to £100,000 for digital transformation projects. If your audit outcome pushes you toward migration, this funding may partially offset the transition costs. We can point you to the right contacts.

---

Frequently Asked Questions

{
"@context": "https://schema.org",
"@type": "FAQPage",
"mainEntity": [
{
"@type": "Question",
"name": "Do I have to respond to a Broadcom VMware audit letter?",
"acceptedAnswer": {
"@type": "Answer",
"text": "Yes. Responding is a contractual obligation under your VMware EULA. Ignoring the letter can trigger a default clause. You typically have 30 days to respond. Involve legal counsel before filing anything, and conduct your own internal inventory first."
}
},
{
"@type": "Question",
"name": "How much does a typical VMware audit back-billing settlement cost?",
"acceptedAnswer": {
"@type": "Answer",
"text": "It varies widely. Broadcom typically negotiates settlements at below full back-dated list price, but post-acquisition, VMware subscription pricing is 2-5× higher than perpetual equivalents (IDC, 2025). A 10-host Edinburgh SME might face a settlement demand of £20,000-£80,000 depending on deployment gap and the product mix."
}
},
{
"@type": "Question",
"name": "Can I migrate off VMware while an audit is in progress?",
"acceptedAnswer": {
"@type": "Answer",
"text": "Yes, but be careful. Migrating does not void your audit obligations for the period when VMware was deployed. You remain liable for any licensing gap discovered during the audit period. Proceeding with migration while audit correspondence is ongoing requires careful legal guidance to avoid complicating the negotiation."
}
},
{
"@type": "Question",
"name": "What is the difference between VVF and VCF in a settlement offer?",
"acceptedAnswer": {
"@type": "Answer",
"text": "VMware vSphere Foundation (VVF) is the SME-tier subscription covering ESXi, vCenter, and basic lifecycle management. VMware Cloud Foundation (VCF) is the full enterprise stack including vSAN, NSX, and Aria management. VCF typically costs 3-4× more than VVF per core. Most Edinburgh SMEs should be negotiating for VVF unless they actually use vSAN or NSX."
}
}
]
}

Do I have to respond to a Broadcom VMware audit letter?

Yes. Responding is a contractual obligation under your VMware EULA. Ignoring the letter can trigger a default clause. You typically have 30 days to respond. Involve legal counsel before filing anything, and conduct your own internal inventory first.

How much does a typical VMware audit back-billing settlement cost?

It varies widely. Broadcom typically negotiates settlements at below full back-dated list price, but post-acquisition, VMware subscription pricing is 2-5× higher than perpetual equivalents (IDC, 2025). A 10-host Edinburgh SME might face a settlement demand of £20,000-£80,000 depending on deployment gap and product mix.

Can I migrate off VMware while an audit is in progress?

Yes, but be careful. Migrating does not void your audit obligations for the period when VMware was deployed. You remain liable for any licensing gap discovered during the audit period. Proceeding with migration while audit correspondence is ongoing requires careful legal guidance.

What is the difference between VVF and VCF in a settlement offer?

VMware vSphere Foundation (VVF) is the SME-tier subscription covering ESXi, vCenter, and basic lifecycle management. VMware Cloud Foundation (VCF) is the full enterprise stack including vSAN, NSX, and Aria management. VCF typically costs 3-4× more than VVF per core. Most Edinburgh SMEs should be negotiating for VVF unless they actively use vSAN or NSX.

---

Krzysztof Wiselka is the founder of Virtually Pro Ltd, an Edinburgh IT consultancy specialising in cyber security, cloud infrastructure, and managed IT services. Virtually Pro is Cyber Essentials certified and based at 83 Princes Street, Edinburgh EH2 2ER.