Published on the 30/06/2026 | Written by Heather Wright
Execs report AI dependency and limited visibility…
Enterprises are reporting they’re already locked into AI, but many admit they don’t fully know how deeply.
The IBM Institute for Business Value’s Calculus of AI Sovereignty study, which surveyed 1,000 senior executives responsible for AI, data, tech or related enterprise capabilities globally, found that 71 percent of them already expressed concern that switching AI vendors or models would be difficult. At the same time, the report shows a gap in understanding of what exactly that dependency looks like, with 91 percent of respondents admitting they didn’t fully understand their dependencies across vendors, models and infrastructure.
Meanwhile, 72 percent of respondents said they’d be willing to pay a 20 percent cost increase to maintain multiple AI vendors for strategic flexibility.
IBM says its research, which was carried out in collaboration with Oxford Economics, shows the value of that flexibility and leverage. Organisations in the study who had the greatest control across their AI stack protected 55 percent more operating profit from AI-driven disruption than those with less control, the report says.
The study also highlights the operational implications of those dependencies as AI moves into core business functions. Executives reported an average of six AI-related disruptions over the past two years, largely linked to vendor services. In addition, 81 percent said a seven-day outage at a primary AI provider would cause severe or critical disruption to operations, and effectively halt operations.
“In AI, dependency extends into the model layer and the services around it, introducing new forms of volatility,” the report says. Models can change behaviour without formal release cycles and service terms and safety controls can be updated with little notice. Respondents cited unexpected changes across the AI ecosystem, from price increases and usage restrictions, to model deprecations, changes to privacy and data handling terms, performance degradation and new geographic access limitations aka the Anthropic shutdown of Fable and Mythos.
Control tightens and regulators respond
The report comes hard on the heels of warnings from Forrester that changes to SAP’s API policies, which came into force earlier this month, will restrict third-party AI agents, large-scale data extraction to non-SAP environments and workarounds through proxies, gateways, customer code or impersonation.
The changes are being enforced through platform updates and supported by SAP’s own AI and data services, which define the approved pathways for access.
The restrictions affect how organisations connect external AI systems, including third-party models and agents, to SAP data and processes. The vendor made its agentic Joule Studio 2.0 free – at least until December 31 2026, or in Forrester’s words ‘free to adopt, priced to entrench’. Agent runtime is free as is A2A interoperability – with no cap.
“This is the most aggressive commercial move SAP has made in a decade,” the Forrester analysts – Faram Medhora, Mark Moccia and Stephanie Balaouras – say.
“The 2027 pricing for Agent Gateway throughput at scale, A2A consumption, BDC egress, and Joule Studio post-promotion remains undisclosed. Most customer 2026 budgets do not model this cliff. The free-through-year-end window is SAP’s path to getting the customer on the highway, knowing that the customer will inevitably pass through a metered tollbooth down the road in 2027.”
Forrester has gone so far as to say SAP are attempting to become the gatekeeper of enterprise AI, urging CIOs to ‘push back’.
At the same time, regulators are examining whether similar dynamics are emerging across other enterprise software ecosystems.
In the United Kingdom, the Competition and Markets Authority has opened an investigation into Microsoft’s business software ecosystem as part of the digital markets competition regime. It’s accessing whether Microsoft’s licensing practices and product integration could reduce competition as AI becomes embedded in businesses.
“The UK will benefit most where customers can access the best tools in the market, and mix and match software and AI services from a broad range of competing suppliers. It is therefore important that competition in business software is working well,” the CMA said as it launched the investigation in May.
It says it has heard that UK businesses may not always be able to effectively combine Microsoft’s software with that of other providers, limiting the ability to get access to the best products at the most competitive prices. The investigation will include how AI competitors are able to integrate with Microsoft’s business software, giving customers access to AI software across suppliers to best suit their needs. The results of the investigation must be announced February 2027.
Those developments align with the dependency trends identified in the IBM study, which found organisations are already operating across multi-layered AI environments, but lack full visibility into how those dependencies are structured. Dependencies extend across vendors, models and infrastructure, creating challenges in assessing risk, managing change and responding to disruptions.
‘Selective’ AI sovereignty
The report positions ‘selective’ AI sovereignty – the ability to apply control across data, models, and AI infrastructure in proportion to business risk and strategic value – as the key to maintaining control over AI.
“In reality, enterprises don’t control AI. They control a tangled web of contracts, architectures, data flows, and operational choices spread across a complex estate,” the report notes.
Seventy-five percent of executives who have switched, or attempted to switch, AI vendors in the last two years say the process was difficult due to data portability, model revalidation, compliance requirements and technical lock-in.
“Sovereignty is not an on/off switch. It’s more like a set of dials, each tuned to a specific business impact.”
The report recommends organisations classify AI systems into tiers – mission critical or differentiating systems, important but non-differentiating capabilities, and operational or commodity services – and apply different sovereignty expectations to each.
The report says the tiered approach establishes a shared language for decision-making, enabling CIOs, COOs, CFOs and business leaders to align on how much control is required, where vendor dependency is acceptable, and where optionality must be engineered. It also creates a consistent way to coordinate decisions across the enterprise – managing policies,
dependencies, and trade-offs with shared visibility.
“Not all AI is equal, and the operating model must reflect that.”



























