Vendor lock-in, a situation where a customer becomes overly dependent on a single supplier’s technology or products, has emerged as a critical concern in public sector ICT procurement. As governments digitise their services, many have found themselves tied to specific vendors, facing high switching costs and limited alternatives. The European Union is acutely aware of this issue. In fact, the upcoming revision of the EU Public Procurement Directive is seen as a key opportunity to address strategic ICT purchasing challenges, from reducing environmental impacts and life-cycle costs to reducing vendor lock-in. This focus aligns with a broader shift in the EU’s agenda towards strengthening digital sovereignty and resilience, ensuring public buyers are not trapped by proprietary solutions.
What is Vendor Lock-In in Public Procurement?
Vendor lock-in describes a scenario in which a public organisation is tied to a specific provider due to proprietary technologies, standards, or contracts that make it difficult or costly to switch. In practical terms, this could mean that a government agency’s data is stored in a vendor’s proprietary format that other systems can’t easily read, or that a crucial software system can only be maintained by the original supplier. Common causes of lock-in include the use of closed file formats and incompatible interfaces, long-term contracts with heavy penalties for change, and lack of interoperability with other solutions. Often the issue is not apparent at the outset, it becomes painfully clear later when the vendor increases prices or discontinues a product, and the agency finds it almost impossible to transition without significant disruption. Notably, vendor lock-in is widespread, a European Commission survey found that at least 40% of public procurers perceived some degree of vendor lock-in, usually due to lack of system interoperability or data portability between old and new systems. In short, many public sector buyers have experienced the frustration of being “stuck” with a vendor because alternative options are technically infeasible or financially prohibitive.
Why is Vendor Lock-In a Problem?
The consequences of vendor lock-in for the public sector are multifaceted, affecting economic efficiency, innovation, and even security. Firstly, lock-in can drive up costs. When an agency is dependent on a sole supplier, that supplier holds considerable power, they can raise licensing or maintenance fees knowing the customer has limited recourse. Over time, this erodes value for money. The European Commission estimated that adopting open standards (thus avoiding proprietary lock-in) could save the EU’s public sector over €1 billion annually, essentially the cost that vendor lock-in was imposing each year. Another analysis similarly found that lack of competition and brand-specific procurement was costing EU governments around €1.1 billion per year in higher prices. Beyond direct costs, lock-in also means reduced competition in the long run and new vendors may shy away from bidding if they know an incumbent’s proprietary system is deeply entrenched, leading to a vicious cycle of limited bidders and higher prices.
Lock-in can also stifle innovation and adaptability. Public services stuck with legacy technology from a single vendor might miss out on newer, better solutions. They may be forced to continue with suboptimal systems simply because migrating to a different platform is too complex. In some cases, critical upgrades or integrations are delayed because they depend on the incumbent vendor’s roadmap. This technical inertia is detrimental in a time when public sectors need agility to meet changing citizen needs.
Perhaps less obvious but equally important are the security and sovereignty implications. Relying exclusively on foreign or proprietary providers can pose risks if geopolitical situations change or if the vendor’s interests diverge from the public good. As one analysis noted, vendor lock-in is more than an economic issue but also a matter of security and digital sovereignty, if a government’s core data and communication systems run solely on external, proprietary platforms, it raises concerns about control, compliance, and exposure. For example, data jurisdiction issues can arise if a public sector body is locked into a cloud service under foreign jurisdiction. Moreover, when vendors decide unilaterally to alter terms or features, public institutions can do little to resist, potentially compromising their strategic autonomy. In summary, vendor lock-in can lead to higher costs for taxpayers, reduced competition and innovation, and a loss of control over critical digital infrastructure.
EU Policy Response: Reducing Lock-In Through Procurement Reform
The European Union has recognised the vendor lock-in problem and is actively seeking to address it through policy and guidance. The current EU Public Procurement Directives (notably 2014/24/EU) already include tools intended to counter lock-in. For instance, the directives encourage using the “most economically advantageous tender” (MEAT) as the default award criterion instead of just the lowest price. This means contracting authorities are empowered to consider quality, innovation, and long-term costs in their evaluations. Life-cycle costing (LCC) is explicitly promoted, allowing buyers to factor in external or downstream costs. Crucially, this can include costs associated with lack of interoperability, effectively acknowledging that choosing a solution which locks you into a closed system has a future price tag. By evaluating total cost of ownership (including potential exit costs or integration costs) rather than just the upfront bid, public buyers can make more informed decisions that account for lock-in risks.
In addition to tweaking the rules on award criteria, the EU has issued practical guidance to help public authorities avoid ICT lock-in. Under Action 23 of the EU Digital Agenda, the Commission developed a detailed guide on using open standards in ICT procurement to “promote efficiency and reduce lock-in”. One of the key recommendations is to avoid referencing proprietary brands or specifications in tenders unless absolutely necessary. In fact, EU law already warns against naming a specific make or technology in tender specs (to prevent favoring one supplier), except in exceptional cases where it must be accompanied by “or equivalent” alternatives. The guidance urges that public buyers specify needs in functional terms and require adherence to open technical standards wherever possible. The rationale is simple: open standards create competition, lead to innovation and save money. As EU Digital Agenda Commissioner Neelie Kroes once observed, open standards are meant to help national authorities seize opportunities for innovation and efficiency. The Commission has argued that adopting this approach encourages wider market participation and better value bids, instead of locking public bodies into proprietary solutions.
Now, with a major revision of the Public Procurement Directive underway (expected in 2026), the EU is poised to strengthen these measures. Early discussions highlight the need for procurement rules that support strategic ICT purchasing and explicitly tackle vendor lock-in. The revision comes at a time when the EU’s priorities include digital sovereignty and boosting EU-based tech capabilities. We can expect new provisions or guidelines that further incentivise interoperability, require exit strategies in contracts, and enhance the professionalisation of public procurement so that buyers have the skills to avoid unwittingly locking themselves in. In short, EU policy is moving toward a future where avoiding vendor lock-in is not just an option but a standard part of procurement best practices.
Real-World Examples of Vendor Lock-In Impact
To understand the gravity of vendor lock-in, consider some real public sector experiences:
Danish municipalities and dependence on Microsoft: A prominent recent example comes from Denmark, where municipalities have become heavily reliant on a single software provider, Microsoft, for core office and collaboration tools. Over the late 2010s and early 2020s, reported municipal expenditure linked to Microsoft licensing and related services rose sharply. Danish media and public reports indicate that annual spending increased substantially between 2018 and 2023, fuelling concern about escalating costs in the absence of realistic alternatives. This situation prompted national political attention. The Danish Minister for Digitalisation publicly described the level of dependency as fundamentally problematic, noting that when a dominant technology provider can raise prices without public bodies having viable exit options, taxpayers ultimately pay more without receiving corresponding additional value. In response, the Danish government allocated funding to examine and promote open source and alternative solutions within the public sector and convened expert groups to advise on reducing structural dependency on single vendors. The episode illustrates how vendor lock-in can evolve from a technical procurement issue into a broader question of public value and democratic control over critical digital infrastructure.
French Gendarmerie’s Open Source Migration: By contrast, the French Gendarmerie is frequently cited as an example of how long-term lock-in can be avoided. Beginning in the early 2000s, the Gendarmerie undertook a gradual transition away from proprietary software, notably Microsoft Windows and Office, towards open-source alternatives such as Linux-based desktops and OpenOffice, alongside open web standards. The organisation reported substantial savings over several years, largely from avoided software licensing costs, alongside increased control over its IT environment. While precise figures vary by source, the Gendarmerie consistently highlighted that the move delivered savings running into tens of millions of euros over time, without compromising operational effectiveness. Importantly, the strategy was not solely financial. By insisting on strict adherence to open standards, the Gendarmerie ensured that systems remained interoperable and that suppliers could be replaced if necessary. Even large enterprise vendors were required to adapt to browser-based, standards-compliant solutions, preserving the organisation’s freedom to switch providers in the future. The case is widely regarded as demonstrating how open standards and careful procurement design can restore control to public bodies and reduce long-term dependency on single vendors.
Other Cases and Global Perspective: Across Europe, similar concerns have shaped public sector IT policy. The city of Munich famously migrated its administration to Linux through the LiMux project in the 2000s, explicitly aiming to reduce dependence on Microsoft and increase autonomy. While the initiative later faced political reversal and mixed assessments, it highlighted how procurement decisions in ICT can be influenced as much by governance and strategy as by technology itself. Several European countries, including Spain, Italy, and France, have introduced policies encouraging the use of open document formats and open-source software in government, partly to avoid long-term dependency on proprietary ecosystems. The UK Government, for example, mandated the use of open standard document formats such as ODF for official communications in 2014, with the explicit aim of preventing a single vendor’s format from dominating public sector workflows. Beyond Europe, the challenge is similar. In the United States, public agencies frequently operate under long-term ICT contracts with incumbent suppliers, and research has highlighted how such arrangements can entrench market power, restrict competition, and inflate costs over time. The underlying pattern is consistent internationally: where public authorities do not actively manage interoperability, data portability, and exit options, vendor lock-in can become both costly and difficult to unwind.
Taken together, these cases show that vendor lock-in is neither hypothetical nor inevitable. While unmanaged dependency can lead to rising costs and reduced control, conscious procurement strategies that prioritise open standards, competition, and long-term flexibility can materially change outcomes. Encouragingly, awareness of these risks is growing, and many public sector leaders are now seeking to build exit strategies and alternatives into ICT contracts before dependencies become entrenched.
Strategies to Avoid or Mitigate Vendor Lock-In
Preventing vendor lock-in requires a proactive, strategic approach at the procurement stage and throughout the technology life cycle. Here are several key strategies public sector professionals should consider:
Specify Open Standards and Interoperability Requirements: Perhaps the most powerful tool against lock-in is to insist on open, standardised formats and protocols in procurement specifications. By requiring that software and systems adhere to widely accepted standards (for data formats, interfaces, etc.), public buyers can ensure that multiple vendors could potentially support or replace the system. Open standards enable interoperability, different systems can “talk to each other”, which in turn makes it easier to plug in a new vendor’s solution without starting from scratch. This practice is actively encouraged by the European Commission, it has provided guidance to help authorities use open standards in procurement to promote efficiency and reduce lock-in. Concretely, tenders should avoid phrasing like “must be Product X or Y” and instead describe the required functionality or performance in neutral terms (with any reference to a specific product accompanied by “or equivalent”). By doing so, buyers invite any supplier that meets the standard to compete, rather than unintentionally locking the tender to one proprietary product. Interoperability requirements can also be built into contracts, for example, mandating that a system provide data export in a standard format, so that data can be migrated if needed.
Emphasise Life-Cycle Value over Up-Front Price: A recurring theme in procurement reform is the need to move beyond choosing winners based solely on the lowest initial bid. Instead, evaluation should factor in life-cycle costs and value, including the potential cost of being locked in. The EU’s promotion of MEAT criteria and LCC analysis is aimed at this. Practically, this means when comparing bids, a public authority might give weight to things like: the cost of licensing over 5–10 years, the cost of future upgrades or expansions, and the cost of exit (e.g. how easily can we switch after the contract?). A slightly higher initial bid for a more open solution could be justified if it avoids expensive lock-in later. By quantifying the “external” costs of lack of interoperability (such as needing middleware or being stuck with a single maintenance provider), procurers can make the case to budget holders that the cheapest offer is not always the best deal. In essence, procurement should reward flexibility and openness as an element of value.
Include Exit Clauses and Knowledge Transfer: One practical step is to build in contractual safeguards. Contracts for ICT goods or services should include clear exit provisions, for example, requiring the vendor to assist in data migration at the end of the contract, or to provide documentation and training to whoever takes over. The goal is to prevent the scenario where, at contract’s end, the public body has no choice but to extend with the same vendor because no one else can run the system. The European Commission’s 2013 guide on ICT procurement explicitly advises providing for knowledge handover at the end of the contract period. This might involve obligating the supplier to train staff or a successor, or deliver all technical documentation and source code (if custom development is involved) to the client. By ensuring the agency retains the knowledge and assets needed to operate the system, the dependence on the vendor is reduced. Shorter contract durations or phased implementations can also help, they create natural break points where alternatives can be considered, rather than 10+ year engagements that cement a monopoly.
Strengthen In-House Capacity and Market Awareness: Sometimes, lock-in happens because public sector buyers feel they lack alternatives or expertise to use anything other than the market-leading vendor. Investing in professional development for procurement and IT staff can mitigate this. If the team understands open source options, emerging vendors, and the technical aspects of interoperability, they are more likely to design procurements that avoid vendor traps. The EU is urging greater professionalisation and capacity-building in public procurement for this reason. Additionally, engaging with the market through pre-tender consultations can reveal that there are multiple solutions out there (including smaller SMEs or open source communities) rather than just the well-known incumbent. By actively scouting and encouraging diverse suppliers, public entities can reduce the risk of a single company’s technology becoming the only viable choice.
Consider Open Source Solutions: Adopting open source software (OSS) is an increasingly popular strategy to escape lock-in, as it often comes with community standards and multiple providers. Open source doesn’t necessarily mean “do it yourself”, many commercial providers offer support for open source platforms, which means a government agency could swap support vendors without changing the software itself. The key advantage of OSS is transparency and freedom: the code can be inspected, modified, and hosted anywhere, which prevents a single vendor from having exclusive control. For example, an open-source content management system for government websites could be supported by numerous IT firms, not just the one that installed it. Governments from Brazil to India have launched “open source first” policies to reduce costs and increase self-reliance. Of course, open source must be evaluated for security and suitability like any other option, but it inherently carries less risk of lock-in since, if one service provider fails, another can step in using the same open technology. As the Danish case above indicates, even where proprietary solutions are currently dominant, governments are now funding open source development to create viable alternatives. Open source is thus both a short-term tactic (to negotiate better deals by having an alternative) and a long-term strategy (to build sovereign technological ecosystems).
Multi-Vendor and Modular Architectures: When possible, designing ICT systems in a modular way can avoid putting all eggs in one basket. Rather than awarding one giant contract for an all-in-one system, a public agency might procure interoperable modules (for example, separate contracts for database, application layer, and support services) that conform to common standards. This way, if one module’s vendor underperforms or overcharges, it can be replaced without scrapping the entire system. Similarly, in cloud services, a multi-cloud strategy, using more than one cloud provider, can prevent dependency on a single platform. Many European governments are exploring multi-cloud or hybrid cloud approaches to retain leverage in negotiations and ensure continuity of service even if one provider has issues. The underlying principle is portability: ensure data and workloads can be ported from one environment to another with minimal friction. Techniques like containerisation and adherence to open APIs (Application Programming Interfaces) help in this regard.
Implementing these strategies requires foresight and sometimes a change of mindset. It may involve a bit more effort during the procurement phase, such as drafting detailed standards-based requirements or evaluating long-term implications. However, the payoff is a public sector that remains agile, cost-effective, and in control of its digital destiny.
Vendor lock-in is a challenge that public sector professionals can no longer afford to ignore. As the digital transformation of government accelerates, ensuring flexibility and competition in ICT procurement is paramount. The EU’s current push to revise procurement rules with an eye on reducing lock-in reflects a recognition that good procurement is not just about getting the lowest price today, but about safeguarding the public interest in the long run. By learning from past experiences, the cautionary tales of spiraling costs in locked-in contracts, and the encouraging successes of open approaches, public organisations can chart a smarter path forward. This means baking in interoperability, openness, and exit strategies from the start of every tech project. It means treating digital solutions as components that must ultimately serve the public mission, not shackle it to a vendor. With robust strategies and supportive policies now emerging, the public sector can turn the tide against vendor lock-in. The result will be more innovation, better value for taxpayers, and greater sovereignty over the technologies that increasingly underpin public services. In the end, freeing public procurement from lock-in is about ensuring that technology serves the government and citizens on their terms, not the other way around.
Background Reading and Additional Sources:
European Commission Public Buyers Community – Revision of the Public Procurement Directive: What role for ICT procurement? https://public-buyers-community.ec.europa.eu/communities/sustainability-ict-digital/news/revision-pp-directive-what-role-ict-procurement
Interoperable Europe – Interoperability and vendor lock-in (ICT Standards for Procurement) https://interoperable-europe.ec.europa.eu/collection/ict-standards-procurement/interoperability-and-vendor-lock
European Commission (Digital Agenda) – Guidance on using open standards to reduce ICT lock-in https://www.computerworld.com/article/1404855/eu-guide-helps-governments-avoid-vendor-lock-in.html
Arman Borghem, Cleura Perspectives – “How Vendor Lock-In Bleeds Public Resources…” https://cleura.com/cloudguide/perspectives/how-vendor-lock-in-bleeds-public-resources-sparking-danish-investigation-into-promoting-open-source-alternatives
OpenCloud Blog – “Avoid vendor lock-in: Open source as risk minimisation” https://opencloud.eu/en/avoid-vendor-lock-in
Interoperable Europe (Joinup) – Case study: French Gendarmerie saves millions with open source https://interoperable-europe.ec.europa.eu/collection/egovernment/news/fr-gendarmerie-saves-million
