What it means
Over-reliance on a single AI provider, model, or platform creates systemic vulnerability. If the vendor changes terms, suffers an outage, is acquired, or exits the market, the organisation’s AI capability collapses. Where AI is embedded in operations, this creates existential operational risk.
Why it matters
AI vendor relationships carry a different risk profile from traditional software procurement. Model capability, pricing, data handling terms, and availability can change at the vendor’s discretion. Lock-in may not be visible until an exit is needed.
Board governance implications
AI procurement strategy must account for vendor dependency. The board must know which operational functions would be disrupted by loss of any AI provider, and confirm that contingency arrangements exist for high-dependency use cases.
Governance failure timeline
Pre-deployment
Failure to assess which operational functions would be disrupted by loss of any AI provider, and to confirm contingency arrangements exist for high-dependency use cases, before procurement decisions are finalised.
Deployment
Vendor lock-in becomes visible the first time switching costs are encountered.
Pricing or terms changes affect operational budget mid-deployment with no alternative in place.
Where a contingency arrangement does not exist, a single vendor outage creates immediate operational exposure.
Post-deployment
The vulnerability is structural: if the vendor changes terms, withdraws capability, or exits the market, AI-embedded operations cannot be maintained.
The organisation has built a dependency it cannot unwind quickly.