Summary
Vendor lock-in is a measured, managed exposure, not a binary failure state. It describes how structurally dependent a buyer becomes on a specific AI vendor such that switching is materially costly, slow, or operationally disruptive. Under Risk Taxonomy 2026, it is distinct because the core risk is dependency architecture, not vendor behaviour.