advanta

HomeGlossaryTechnology

Risk Class

Technology

P4

Vendor lock-in

Audience

GC / CLORisk & ComplianceLegal OperationsCIO / CISO

DEFINITION

Risk class 4 of the Risk Taxonomy 2026: workflows, data, and methodology become so deeply embedded in one vendor's tooling that the switching cost to exit is disproportionate to the value extracted, whether due to technical, workflow, commercial, or regulatory entrenchment. Addressed by articulating methodology in terms of capabilities required rather than vendors deployed, and by negotiating data portability and exit-assistance terms at the Build stage.

Detailed Explanation

Summary

Vendor lock-in is a measured, managed exposure, not a binary failure state. It describes how structurally dependent a buyer becomes on a specific AI vendor such that switching is materially costly, slow, or operationally disruptive. Under Risk Taxonomy 2026, it is distinct because the core risk is dependency architecture, not vendor behaviour.

Quick Facts

Term Type

Risk Class

Category

Technology

Related Pillar

P4 · Governance

Governance

Methodology
v2026.1

Explore Glossary

← All Terms