Tesco, a UK supermarket giant, is suing Broadcom and Computacenter over a breach of VMware license contracts, which are critical to its IT infrastructure supporting ~40,000 server workloads, including store tills and supply chain operations. Broadcom’s refusal to provide support for perpetual VMware licenses (vSphere, Cloud Foundation) and withholding security patches/upgrades (e.g., Cloud Foundation 9) threatens Tesco’s ability to maintain grocery supply chains across the UK and Ireland. The dispute risks operational disruptions potentially halting food distribution while Tesco claims damages exceeding £100M (+ interest), escalating over time. Replacing VMware would be cost-prohibitive and high-risk, given its deep integration. The case mirrors broader industry conflicts (e.g., AT&T, Siemens) over Broadcom’s shift to subscription-only models, forcing customers into inflated costs or unsupported legacy systems. Tesco’s dependency on VMware for resilience makes this a high-stakes legal and operational crisis, with broader implications for critical retail infrastructure.
Source: https://www.theregister.com/2025/09/03/tesco_sues_vmware_broadcom_computacenter/
TPRM report: https://www.rankiteo.com/company/tesco-technology
"id": "tes502090325",
"linkid": "tesco-technology",
"type": "Breach",
"date": "9/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Potentially all (if supply '
'chain disrupted)',
'industry': 'Supermarkets/Grocery',
'location': 'UK & Republic of Ireland',
'name': 'Tesco PLC',
'size': 'Large (£69.9B revenue in 2025, ~400,000 '
'employees)',
'type': 'Public Company (Retail)'},
{'industry': 'Semiconductors/Software',
'location': 'Global (HQ: USA)',
'name': 'Broadcom Inc.',
'size': 'Large (Fortune 100)',
'type': 'Public Company (Technology)'},
{'industry': 'Software Reselling/IT Infrastructure',
'location': 'UK/Europe',
'name': 'Computacenter PLC',
'size': 'Mid-Large',
'type': 'Public Company (IT Services)'}],
'date_publicly_disclosed': '2024-10-04',
'description': 'UK supermarket giant Tesco has filed a lawsuit against '
"Broadcom (VMware's parent company) and reseller "
'Computacenter, alleging breach of contract over VMware '
'perpetual licenses and support services. Tesco claims '
"Broadcom's refusal to provide support for perpetual "
'licenses unless it also purchases duplicative '
'subscription-based licenses threatens its grocery supply '
"operations, which rely on VMware's virtualization software "
'(hosting ~40,000 server workloads, including store tills). '
'The dispute centers on contracts signed in 2021 for VMware '
'vSphere Foundation, Cloud Foundation, and Tanzu products, '
'with support agreements running until 2026 (and an option to '
"extend). Tesco argues Broadcom's policy of withholding "
'security updates and upgrades for non-subscription customers '
'violates its contractual rights. The retailer seeks at least '
'£100 million ($134M) in damages, warning of escalating costs '
'if unresolved. Similar lawsuits have been filed by AT&T and '
'Siemens, reflecting broader industry pushback against '
"Broadcom's post-acquisition licensing model.",
'impact': {'brand_reputation_impact': 'Moderate (public lawsuit highlights '
'operational vulnerabilities; '
"Broadcom's reputation for aggressive "
'licensing policies reinforced).',
'downtime': {'current_status': 'None reported (preemptive legal '
'action)',
'risk': 'High (potential grocery supply disruption)'},
'financial_loss': {'claimed_damages': '£100 million ($134M) '
'minimum (escalating)',
'potential_operational_costs': 'High (VMware '
'migration risk '
'vs. lawsuit '
'costs)'},
'legal_liabilities': {'broadcom_computacenter_liabilities': 'Breach '
'of '
'contract '
'(alleged), '
'failure '
'to '
'provide '
'contracted '
'support/upgrades',
'tesco_liabilities': None},
'operational_impact': 'Severe risk to grocery supply chain if '
'VMware support is terminated; dependency on '
'40,000+ server workloads for store '
'operations (e.g., tills).',
'revenue_loss': {'direct_claim': '£100M+ in damages',
'potential': 'Substantial (£69.9B annual revenue '
'at risk if operations disrupted)'},
'systems_affected': [{'criticality': 'High (store tills, supply '
'chain operations)',
'role': 'Virtualization (40,000 server '
'workloads)',
'system': 'VMware vSphere Foundation'},
{'criticality': 'High (used since at least '
'2019)',
'role': 'Private cloud infrastructure',
'system': 'VMware Cloud Foundation'},
{'criticality': 'Moderate',
'role': 'Kubernetes/container management',
'system': 'VMware Tanzu'}]},
'investigation_status': 'Ongoing (legal proceedings active)',
'lessons_learned': ['Perpetual software licenses may become unsustainable '
'under vendor consolidation (e.g., Broadcom-VMware).',
'Dependency on single vendors for critical infrastructure '
'(e.g., VMware for grocery supply chains) introduces '
'systemic risk.',
'Contractual clauses for support/upgrades must explicitly '
'address vendor policy changes post-acquisition.',
'Legal leverage (lawsuits) can be used as a negotiation '
'tactic for large enterprises facing vendor lock-in.'],
'motivation': ["Corporate Profit (Broadcom's subscription model)",
"Contractual Enforcement (Tesco's defense of perpetual "
'licenses)'],
'post_incident_analysis': {'corrective_actions': ['Tesco: Pursue legal '
'enforcement of contract '
'terms or negotiate '
'migration support.',
'Broadcom: Clarify legacy '
'support policies or offer '
'migration incentives for '
'perpetual license holders.',
'Industry: Advocate for '
'standardized contractual '
'protections in M&A '
'scenarios.'],
'root_causes': ['Broadcom’s post-acquisition shift '
'from perpetual licenses to '
'subscription-only support.',
'Ambiguity in Tesco’s 2021 '
'contracts regarding support '
'extensions post-vendor '
'acquisition.',
'Over-reliance on VMware for '
'critical infrastructure without '
'redundancy/migration plans.']},
'recommendations': [{'for_organizations': ['Diversify virtualization/cloud '
'providers to mitigate vendor '
'lock-in risks.',
"Negotiate 'evergreen' support "
'clauses in perpetual license '
'agreements.',
'Assess migration costs/risks for '
'critical systems before vendor '
'policy changes (e.g., Broadcom’s '
'subscription shift).',
'Monitor industry lawsuits (e.g., '
'AT&T, Siemens) for precedent in '
'licensing disputes.']},
{'for_regulators': ['Investigate anti-competitive '
'practices in software licensing '
'(e.g., forced subscriptions for '
'security updates).',
'Clarify contractual protections for '
'perpetual license holders '
'post-acquisition.']}],
'references': [{'date_accessed': '2024-10-04',
'source': 'The Register',
'url': 'https://www.theregister.com/2024/10/04/tesco_sues_broadcom_vmware/'},
{'source': 'VMware Case Study (2019)'},
{'date_accessed': '2024-10-04',
'source': 'Tesco Annual Report (2025)',
'url': 'https://www.tescoplc.com/investors/reports-results-and-presentations/'}],
'regulatory_compliance': {'legal_actions': [{'claims': ['Breach of contract',
'Failure to provide '
'support/upgrades',
'Unfair subscription '
'bundling'],
'defendants': ['Broadcom',
'Computacenter'],
'plaintiff': 'Tesco',
'status': 'Active (as of '
'2024-10-04)'}]},
'response': {'communication_strategy': {'public_statement': 'Court filings '
'(via The '
'Register)',
'stakeholder_messaging': 'Emphasis on '
'operational '
'resilience '
'risks'},
'containment_measures': 'Legal injunction sought to enforce '
'contract terms (support/upgrades).',
'incident_response_plan_activated': 'Legal (lawsuit filed in UK '
'court)',
'remediation_measures': ['Negotiation leverage via lawsuit',
'Potential VMware migration (long-term, '
'high-risk alternative)'],
'third_party_assistance': ['Legal counsel (unspecified firms)']},
'stakeholder_advisories': 'Tesco warns of potential grocery supply '
'disruptions if support is terminated; Broadcom '
'insists Cloud Foundation subscriptions offer '
'better value.',
'title': 'Tesco Sues Broadcom and Computacenter Over VMware License and '
'Support Dispute',
'type': ['Contractual Dispute',
'License Non-Compliance',
'Support Service Denial',
'Potential Operational Disruption']}