The proposal arrives with everything bundled together. Document processing, meeting summarisation, CRM integration, a reporting layer on top. The pricing looks better than sourcing each capability separately. The vendor’s pilot ran smoothly. Nothing in the deck covers what it costs to leave in three years.
That gap between the signing conversation and the leaving conversation is where vendor lock-in lives. None of its mechanisms are listed in the pricing supplement. They build through technical decisions made early that feel like efficiencies at the time, and they only become visible when the business needs to move.
What is AI vendor lock-in?
Vendor lock-in happens when switching away from a supplier becomes so costly, technically complex, or disruptive that you stop being a free buyer. In AI, the dependency builds through proprietary data formats that don’t export cleanly, tokenised pricing that scales with your usage, integration depth that ties your workflows to a single platform’s API, and migration paths that were never genuinely stress-tested.
Proprietary AI platforms, Microsoft Copilot, Google Gemini, OpenAI’s enterprise offering, deliver genuine capability. Each one also creates switching costs that weren’t on the agenda in the demo. Your documents get processed through the vendor’s schema. Your integrations are built against their API endpoints. Your team learns their interface and their quirks.
By month twelve, the platform is infrastructure. Your workflows run through it, your data sits inside its formats, and your team has adapted to its controls. Moving away at that point means remapping workflows, migrating data, retraining people, and rebuilding integrations from scratch.
For a delegate who has built the firm’s AI workflows on one stack, the commercial calculation changes fast. The dynamics that trap businesses in legacy cloud platforms apply equally to AI platforms. Depending on a single provider limits access to better technology as the market moves, creates exposure when the vendor changes its pricing structure, and gives the vendor the upper hand in renewal conversations.
Why does vendor lock-in matter for your business?
Lock-in has two separate impact windows. In the short term, it shapes your running costs. Tokenised pricing models charge per unit of use, so as your team’s AI usage grows, the bill grows with it and your ability to negotiate against a competitor’s rate disappears. In the longer term, lock-in directly affects what a buyer sees during due diligence.
The due diligence angle is the one that catches delegates off guard. A capability welded to one vendor’s infrastructure reads differently in a deal room than a capability the business owns and can run independently. If an acquirer sees that core AI workflows can only function inside one supplier’s stack, they are looking at a dependency, and dependencies adjust valuation.
This is the pattern behind what due diligence specialists call AI due diligence, the emerging layer of acquisition scrutiny where buyers assess whether a target’s AI systems are sustainable assets or technical liabilities. A well-run AI stack with documented portability and clear ownership reads as an asset. One that grew organically around a single vendor, without exit planning, can complicate or reduce a deal.
The running-cost impact matters on its own timeline too. Tokenised pricing charges per unit of use. As AI usage grows across the team, the bill grows with it, and the ability to benchmark against alternatives weakens the longer you stay inside one platform.
Where does lock-in actually hide?
Lock-in rarely announces itself in AI procurement. Proprietary data formats mean your outputs and training data sit in structures that don’t export cleanly into a rival system. Tokenised pricing compounds as your usage grows. Sub-processors you haven’t audited hold data you can’t inspect. And migration paths, when they exist at all, have typically never been tested under real operating conditions.
The sub-processor point surprises many delegates during procurement. When you sign with a major AI platform, you are often signing an agreement that lists downstream data processors in an appendix few people read closely. Those sub-processors may be based in different legal jurisdictions, may change over the contract term, or may be acquired themselves. Your data obligations change with them, and your visibility over where the data actually sits is limited.
The Humane AI pin case illustrates what vendor dependency looks like when it fails at the service level. A $699 device became unusable when the company sold its operating system assets to HP. HP had no obligation to continue the service, because asset sales can transfer intellectual property without inheriting support commitments. That outcome is unusual in enterprise AI, but the legal mechanism applies across the vendor landscape.
The more common version is slower. Pricing increases after the introductory rate expires, capability gaps emerge when the vendor’s product roadmap diverges from your use case, and a migration cost that compounds with every month you leave it.
When does the lock-in risk matter, and when can you leave it alone?
The decision comes down to what the capability does for the firm. For administrative uses where switching platforms would be a nuisance rather than a rebuild, the convenience of a well-funded proprietary platform is worth accepting. For capabilities that form part of the firm’s enduring value, where clients pay for the output or where accuracy matters commercially, the risk calculation is different.
The comparison between open-source and proprietary AI platforms frames this as a strategic choice between out-of-box performance and long-term control. Proprietary platforms, the major offerings from Microsoft, Google, and OpenAI, provide faster time to value and responsive support structures. Open-source models and modular builds using standards-based technology offer more control and lower dependency over time, but they need internal technical resources that many owner-managed businesses don’t currently maintain.
A workable hybrid strategy draws on both. Use proprietary platforms for scheduling assistants, meeting summaries, first-draft generation, and similar administrative tasks where vendor risk is low and switching costs are minimal. Apply more scrutiny to the capabilities that form part of what the firm delivers, where clients interact with the output, or where rebuilding would be genuinely painful.
That boundary, between low-stakes convenience and mission-critical dependency, is the line worth drawing deliberately. Many businesses end up on the wrong side of it not through bad choices but through defaulting to the most convenient bundle available at the time of purchase.
What should you ask before you sign?
Contract terms are where this becomes concrete. A delegate reviewing an AI vendor agreement should ask whether data can be exported in a standard format on termination, whether a defined exit process exists with reasonable timelines, and whether the agreement includes service-level clauses that don’t leave the business exposed if the vendor is acquired or changes its pricing model.
Beyond the portability clause, ask what happens to your data if the vendor is acquired. Asset sales, where a buyer purchases intellectual property without inheriting service obligations, are a known risk in the technology sector. HP’s purchase of Humane’s AI assets for $116 million left customers without continued service support, because the buyer was under no legal obligation to honour it. That same structure applies to enterprise software vendors.
Mitigation strategies documented in the vendor dependency literature include adopting standards-based technologies that move between platforms, ensuring documented migration services exist before you commit, structuring integrations so that components can be swapped, and including SLA provisions that specify exit terms alongside performance terms. Regulators in both the UK and EU are increasingly expecting organisations to demonstrate control over the data they process through third-party AI systems, which adds a compliance dimension to what was already a commercial one.
One practical question worth putting to any vendor in a procurement conversation. Has a client ever moved data out of your platform, and can you show us how that worked? If the answer is vague or the documentation is thin, that is the answer.
These clauses do not require a specialist procurement team. A delegate with an AI mandate can make them a standard expectation in any vendor conversation.
Lock-in that nobody priced at the point of purchase becomes a cost that somebody pays later, through a higher licence bill, a painful migration, or a softened acquisition price. Building exit terms into the agreement on day one protects both the running cost and the eventual valuation. A delegate handed an AI mandate earns the confidence of the founders they work with by thinking three years ahead, not just twelve months.
