When we are talking about AC/URLF, it is not a license but a subscription contract. 

You are supposed to have a valid contract in place, but in case it expires and is not renewed in time, you will see policy installation warnings, see positions 8 to 13 from this SK.

After a short grace period, the blade will be disabled, and you will not be able to use it unless the contract is renewed, and the new contract file is applied to the GW.

Specifically, sk56300 says the following:

What happens when there is no Application Control contract

You must have an Application Control Software Blade contract to use the Application Control Software Blade functionality on a gateway. If a valid Application Control contract is not associated with a gateway, the blade will be disabled.

When this change in functionality occurs, customers will be notified by:

• A pop-up warning message that appears on the screen, during policy installation.
• An audit log that is sent periodically, notifying that the Application Control Blade is disabled.

Once you purchase a valid contract, the blade is enabled again.

Important: When an Application Control Blade is disabled due to insufficient contract, all Application Control settings in SmartDashboard do not change. The blade will appear to be active in SmartDashboard; however it will not be active on the gateway.

In lamen terms, AC/URLF rules will not be matched. Would it be AV or IPS, your GW could use the last downloaded data without the possibility of getting the latest updates, but in the case of AC/URLF, gateways are using Threat Cloud in real-time to get the latest categorization for specific URLs and applications, with only limited cache possibilities.