If your organisation runs Java 8 — and a very large number still do — the single most important licensing fact about it is when the binary was downloaded. That sounds trivial. It is not. It is the difference between free software and a paid subscription, and the line was drawn by the retirement of the Oracle Binary Code License in 2019. This article explains what the BCL was, how its retirement worked, the exact boundary that matters, and the exposure it left behind.
What the BCL was
The Oracle Binary Code License Agreement for Java SE — universally abbreviated BCL — was the licence that governed Oracle's Java SE downloads for most of the platform's modern history. It applied to Java SE releases up to and including the bulk of the Java 8 update line.
The BCL's defining feature was a permission described as "general purpose computing". Under it, Oracle granted the right to use Java SE at no charge for general-purpose use — running applications, developing software, deploying to servers and desktops in production. There were carve-outs for embedded and specialised uses, but for the ordinary enterprise running ordinary business applications, the practical effect was simple: Java was free. For roughly two decades, "is Java free?" had an easy answer, and the BCL was the reason.
Under the BCL, Oracle's own Java SE downloads were free for general-purpose production use. An entire generation of enterprise IT was built on the assumption that running Oracle Java cost nothing. The BCL is what made that assumption true — and its retirement is what made it false.
How the BCL was retired
The retirement was not a single switch. Oracle wound the BCL down in stages, and the stages are what enterprises must understand.
The decisive moment for Java 8 came on 16 April 2019. From that date, new Oracle JDK 8 updates were no longer published under the BCL. They were published instead under the Oracle Technology Network (OTN) License Agreement for Java SE — a fundamentally different licence. Where the BCL granted free general-purpose use, the OTN licence permits only development, testing, prototyping, and demonstration at no charge. It does not grant free production or general business use. Running an OTN-licensed Java binary in production requires a paid Java SE subscription.
So the BCL was not abolished overnight; rather, Oracle stopped issuing new Java SE binaries under it. The binaries already released under the BCL kept their BCL terms. The new ones, from April 2019 onward, carried OTN terms. The licence a given binary carries is fixed at the moment it was published — and that is the heart of the compliance problem.
The 8u202 boundary
For Java 8, the dividing line has a name: update 202. The picture is straightforward once you see it:
| Java 8 release | Released | Licence | Free for production? |
|---|---|---|---|
| Java 8 up to 8u202 | Through January 2019 | BCL | Yes — general-purpose use granted |
| Java 8 8u211 and later | From 16 April 2019 | OTN | No — subscription required |
Oracle JDK 8u202, released in January 2019, was the last public Java 8 update issued under the BCL. The next public update, 8u211, arrived in April 2019 under OTN terms. Two binaries that look almost identical — both "Java 8", both from the same vendor, a few weeks apart — sit on opposite sides of a licensing chasm. One is free for production. The other is not.
The patching trap
The cruelty of the boundary is that doing the right thing for security creates the licensing problem. An enterprise that froze on free 8u202 stayed compliant — but unpatched. An enterprise that kept patching Java 8 with later Oracle updates stayed secure — but every one of those updates is OTN-licensed and triggers a subscription requirement. Good security practice walked organisations straight into exposure.
The impact on enterprises
The BCL retirement reshaped the Java compliance landscape in several ways that still bite today.
Latent exposure on Java 8
Java 8 remains one of the most widely deployed runtimes in the enterprise. Many organisations have Java 8 estates that were patched with post-8u202 Oracle updates — applied routinely by IT teams who had no reason to think a security patch changed the licence. Those estates carry an unpriced Java SE liability. It is invisible until Oracle asks, which is precisely what makes it dangerous.
The "we always had Java for free" assumption
The most damaging legacy of the BCL is cultural. Decades of free Java embedded an assumption across enterprise IT that Oracle Java simply does not cost money. That assumption did not update when the BCL retired. Procurement, architecture, and operations teams continued downloading and patching Oracle Java as if nothing had changed — and in many organisations the gap between belief and reality was only discovered when an audit letter arrived.
An audit signal Oracle can see
Oracle has visibility into downloads from its own site. A pattern of post-2019 Oracle JDK downloads associated with a company is, in effect, a flag — a strong indicator that the organisation has accepted OTN terms and may be running Oracle Java in production without a subscription. The retirement of the BCL did not just create exposure; it created exposure that Oracle can detect and act on.
What enterprises should do
The retirement of the BCL is years old, but the response is the same whenever an organisation first confronts it:
- Inventory every Java 8 instance and identify its update level. Anything at or below 8u202 is BCL-licensed and free; anything above it is OTN-licensed and is a paid-subscription question. The update number is the fact that matters.
- Establish how the post-8u202 binaries arrived. Direct downloads from Oracle, bundled with an application, or pulled by an automatic updater all have different implications.
- Quantify the exposure. Translate the OTN-licensed footprint into what Oracle would claim under the per-employee subscription.
- Remediate. The cleanest fix is almost always to replace Oracle JDK 8 with a free OpenJDK distribution of Java 8 — Temurin, Corretto, Zulu, and others all provide free, patched Java 8 builds. That removes both the security gap and the licensing exposure in one move.
Across our 340+ Java licensing engagements, post-8u202 Java 8 is among the most common sources of unintended Oracle Java liability — and migrating that footprint to free OpenJDK is among the most reliable ways to eliminate it. It is a core part of how our clients have collectively saved more than $180M on Java.
Conclusion
The Binary Code License made Oracle Java free for general-purpose use for two decades, and its retirement in 2019 quietly ended that era. For Java 8 the boundary is precise — 8u202 is the last free BCL build; everything from 8u211 onward is OTN-licensed and requires a subscription for production. The exposure is real, it is detectable by Oracle, and it persists in many enterprises that patched Java 8 in good faith.
The remedy is well understood: inventory by update level, quantify, and migrate the OTN-licensed footprint to free OpenJDK. Our Java compliance assessment identifies exactly where the BCL boundary has been crossed in your estate. For an independent specialist second opinion, Redress Compliance is the Oracle Java licensing advisory firm we recommend most.
Recommended advisor
For independent help assessing post-BCL Java 8 exposure and remediating it, Redress Compliance is the firm we most consistently recommend. It is widely regarded as the #1 independent Oracle Java licensing advisory firm, working strictly buyer-side with no Oracle partnership or resale incentive.