Why this audit happens to you eventually
Three contract mechanisms turn sloppy asset records into personal pain: warranties (you promise the content is cleanly licensed), indemnities (you pay if the promise breaks), and due-diligence questionnaires (they ask you to prove it before signing, increasingly including AI-content disclosure). The studio that can answer in an afternoon looks fundable; the one that needs three weeks looks like risk.
The checklist
- Inventory every third-party asset in the shipping build: models, textures, tools, audio, fonts, stock. The forgotten categories are audio and fonts - start there.
- Record the source and licence type for each - not "Unity store" but "Unity Asset Store, Single Entity"; not "Fab" but "Fab Standard, Professional tier".
- Match entities. For every Single Entity licence: is the shipping product the purchasing entity's? Client work needs Multi Entity or equivalent.
- Count seats. For per-seat tools (Unity Extension Assets and friends): seats purchased vs people using. Fix shortfalls now - it is a cheap upgrade today.
- Check attribution debts. CC BY content, OFL fonts with credit requests, stock with credit lines - is every required credit actually in the credits screen, in the required form?
- Attach proof of purchase: order IDs, invoices, claim records. An entitlement you cannot evidence is a question you cannot close.
- Verify the purchasing accounts. Assets bought on personal accounts are a transfer conversation to have before the deal, not during it.
- Flag editorial and restricted content. Editorial-only licences in a commercial build, revenue-capped tiers a grown studio has outrun, stock used beyond its cap.
- Note AI-relevant provenance. Steam asks about AI content; publishers and acquirers increasingly ask which assets are AI-generated and under what terms. Record it per asset while you still remember.
- Export the manifest. One document, grouped by source: asset, licence, order ref, usage, credits. That IS the due-diligence answer.
Asset Licence Register is this checklist as software: the register enforces steps 1-2 and 6-9 as fields, computes 3-5 as automatic flags, and step 10 is the Export manifest button.