The blind spot of AI governance in 2026.
In 2014, the great cloud migration began. Organisations moved en masse from on-premise infrastructure to AWS, Azure and Google Cloud — drawn by scalability, cost reduction and technological progress. What they understood less clearly were the contract structures they were signing: data migration costs, API dependencies and proprietary services that made departure economically unattractive after three years.
Ten years on, many of those organisations are still paying the price of decisions that in 2014 were treated as technical choices — when they were strategic choices. With AI, you are at precisely the same inflection point.
The AI market of 2025–2026 is consolidating at speed. Microsoft is integrating Copilot deeply into the entire Microsoft 365 suite. Google is anchoring Gemini in Workspace, Cloud and Android. Amazon is serving the enterprise market via AWS Bedrock. OpenAI is building direct enterprise relationships through ChatGPT Enterprise.
The contracts organisations are signing now — for AI licences, training data agreements, API access and implementation services — contain clauses that will create economic dependencies over three to five years that are difficult to break.
Proprietary data formats Training data and fine-tuning carried out on a vendor platform is often not fully portable to a competitor. You train on their infrastructure, and the output — the optimised model — cannot be fully separated from them, contractually or technically.
API dependency When your products and processes are built on specific API calls to a single vendor, switching is not merely a technical challenge — it is a rebuild operation. That rebuild costs time and money that most business cases have not factored in.
Pricing after lock-in The most concerning parallel with the cloud era: initially attractive pricing that rises after two to three years, once switching has become economically unattractive. This is not cynicism — it is a logical revenue model for any platform provider.
Regulatory dependency If your AI vendor encounters a compliance problem — under the EU AI Act, on data privacy, or due to geopolitical restrictions — you are jointly exposed. The recent restrictions on Chinese AI models in certain sectors are a foretaste of what may come.
AI vendor selection is a strategic decision, not an IT procurement. The board that delegates this without a framework loses control for the next five years. Not because the vendor is poor — but because the decision-making structure needed to course-correct in time is absent.
Vendor-agnostic governance framework Your AI governance must be independent of the choice of a specific vendor. That means: criteria for vendor selection, risk mitigation and exit conditions must be established at board level before IT signs the contracts.
Explicit exit clauses as a negotiating requirement Every AI contract of strategic significance must contain data portability, API independence guarantees and reasonable exit costs. This is negotiable — but only before signing.
Multi-vendor strategy where possible Not for every application — but for your strategically most critical AI capabilities, it is worth evaluating two vendors and distributing the dependency.
Not only insight — but a plan your board can execute.