Vendor Lock-In Risk Scoring Framework: How to Quantify Exit Costs Before You Sign
Every enterprise software contract creates lock-in. The question is not whether you are getting locked in โ you are โ but whether you have correctly estimated the cost of that lock-in before you commit, and whether you have negotiated appropriate commercial protections in exchange for accepting it. Most enterprises do neither. They sign multi-year agreements, discover the exit costs are 3โ5x their annual licence spend when they try to renegotiate, and accept unfavourable renewal terms because the switching cost has become prohibitive.
This framework gives procurement teams a structured, quantified approach to vendor lock-in risk โ one that can be applied consistently across Oracle, Microsoft, SAP, Salesforce, ServiceNow, Workday, Broadcom/VMware, and emerging AI vendors before signature, not after. It pairs with our Enterprise Software Renewal Calendar, our SAM Tool Market Guide, and our AI-specific analysis in Is OpenAI Lock-In Inevitable?
The Five Dimensions of Vendor Lock-In
Vendor lock-in is not a single risk โ it is the aggregate of five distinct dimensions, each of which can be scored independently. Together they produce a total lock-in score that enables meaningful comparison across vendors and over time.
Dimension 1: Data Portability (0โ20 points)
Data portability measures how easy it is to extract your data from the vendor's system and import it into an alternative platform in a usable format. Score each factor:
- Export format: Open standard (CSV, JSON, standard SQL) = 0 points. Proprietary format requiring vendor tools to read = 5 points. No bulk export available = 10 points.
- Export completeness: Full data export including historical records, metadata, and audit trails = 0 points. Partial export only (e.g. last 12 months, no audit trails) = 5 points. No export of certain data categories = 10 points.
High-risk examples: Salesforce's standard export covers most CRM data but requires additional effort for custom object relationships and activity history. Oracle Database exports are technically complete but require Oracle tooling. SaaS platforms like ServiceNow store complex relational data that is difficult to reconstruct in another platform even after export.
Dimension 2: Switching Cost โ Technical (0โ25 points)
Technical switching costs are the direct IT costs of migrating from the vendor's platform to an alternative. Estimate each category:
- Data migration cost: Estimate the cost of extracting, transforming, and loading your data into an alternative platform. For large ERP or CRM migrations, this typically costs $500,000โ$5,000,000. Score: (estimated migration cost / $1,000,000) ร 5 points, capped at 15 points.
- Integration re-work cost: Count the number of integrations connected to the platform and estimate the re-work cost per integration at $10,000โ$50,000 per integration. Score: (total re-work cost / $500,000) ร 5 points, capped at 10 points.
High-risk examples: Workday HCM typically has 50โ150 integrations in a large enterprise deployment, making technical switching costs $2,500,000โ$7,500,000 even before considering the core migration. Oracle ERP migrations to SAP S/4HANA or Microsoft Dynamics are multi-year, $10M+ programmes. These technical barriers are real โ the scoring is designed to make them explicit, not to suggest they should prevent investment in the platform.
Want a Lock-In Risk Score for Your Current Vendor Portfolio?
Our advisory team applies this framework across your full software estate โ quantifying exit costs, identifying where lock-in has made you commercially vulnerable, and recommending the contractual protections that change the dynamic at renewal.
Book a Vendor Risk AssessmentDimension 3: Switching Cost โ Organisational (0โ20 points)
Organisational switching costs are often larger than technical costs and are more commonly underestimated. They include:
- User retraining cost: Estimate the cost of retraining all affected users on a new platform. For enterprise-wide systems like ERP, HCM, or ITSM, this is typically $500โ$2,000 per user. Score: (retraining cost / $1,000,000) ร 5 points, capped at 10 points.
- Process re-design cost: Workflows, approval processes, and reporting structures built around the current platform require re-design. Estimate 20โ40% of the technical migration cost as a baseline. Score: (process re-design cost / $500,000) ร 5 points, capped at 10 points.
High-risk example: An enterprise running SAP S/4HANA as its ERP with 10,000 users, considering migration to Oracle Fusion, faces $10Mโ$20M in retraining and process re-design costs independent of the technical migration โ a figure that rarely appears in switch cost analyses but consistently dominates the actual project spend.
Dimension 4: Contractual Exit Barriers (0โ20 points)
Contractual exit barriers are provisions in your current agreement that make exit more expensive or more difficult. Score each:
- Auto-renewal provisions: No auto-renewal = 0 points. Auto-renewal with 90+ days notice to cancel = 3 points. Auto-renewal with 30 days or less = 7 points.
- Multi-year lock-in without break clause: Annual agreement = 0 points. 2โ3 year with break clause = 3 points. 3+ year without break clause = 7 points.
- Exit penalties: No exit penalties = 0 points. Penalties up to 25% of remaining contract value = 3 points. Penalties above 25% = 6 points.
Contractual exit barriers are the most directly negotiable dimension. A short auto-renewal notice period, a missing break clause, or an exit penalty provision can all be addressed in contract negotiation โ if you identify them before signature. After signature, they become fixed costs of exit. Our Workday Renewal Trap analysis covers how contractual exit barriers compound over multi-year deals โ a pattern visible across most major enterprise software vendors.
Dimension 5: Market Alternative Depth (0โ15 points)
Lock-in risk is relative to the availability of viable alternatives. Score the alternative market:
- 3+ credible alternatives with demonstrated migration paths: 0 points.
- 1โ2 credible alternatives: 5 points.
- No credible alternatives at comparable capability: 10โ15 points.
This dimension changes significantly for emerging technology categories. Oracle Database has credible alternatives (PostgreSQL, Microsoft SQL Server, AWS Aurora) for most workloads โ but Oracle Exadata for mission-critical financial transaction processing has few true equivalents, making the alternative depth score high. Salesforce CRM has genuine alternatives (Microsoft Dynamics, HubSpot Enterprise) โ but Salesforce Financial Services Cloud or Health Cloud implementations have fewer migration-tested alternatives. Score at the actual product level, not the category level.
Apply the Lock-In Framework to Your Portfolio
Use our multi-vendor assessment tools to score your current software estate and identify where lock-in has accumulated beyond acceptable commercial risk thresholds.
Access Multi-Vendor Assessment Tools โInterpreting the Total Lock-In Score
The maximum score is 100. Use the following bands to interpret results:
| Score Range | Risk Level | Recommended Action |
|---|---|---|
| 0โ25 | Low lock-in | Standard renewal negotiation. No structural concerns. |
| 26โ50 | Moderate lock-in | Negotiate contractual protections at next renewal. Maintain alternative evaluation programme. |
| 51โ70 | High lock-in | Formal exit cost analysis required before renewal. Independent advisory support recommended. Negotiate break clauses, price caps, and data portability commitments. |
| 71โ100 | Critical lock-in | Vendor has significant commercial leverage. Multi-year exit programme may be required. Do not renew without independent strategic advisory. Consider partial migration to alternatives to reduce dependency. |
Lock-In Scores by Major Vendor: Reference Estimates
These scores are illustrative reference estimates for a typical large enterprise deployment. Your actual score will differ based on integration depth, contract terms, and the specific product suite.
| Vendor / Product | Typical Score Range | Dominant Lock-In Dimension |
|---|---|---|
| Oracle Database (with Exadata) | 70โ85 | Technical switching cost + alternative depth |
| SAP S/4HANA | 75โ90 | Organisational switching cost + data portability |
| Salesforce (core CRM) | 50โ65 | Organisational switching cost + integration re-work |
| Salesforce (vertical clouds) | 65โ80 | Alternative depth + technical switching cost |
| Microsoft 365 / Azure | 60โ75 | Data portability + organisational switching |
| ServiceNow | 65โ80 | Integration re-work + organisational switching |
| Workday HCM | 70โ85 | Technical switching cost + contractual exit barriers |
| Broadcom VMware (VCF) | 75โ90 | Technical switching cost + alternative depth |
| OpenAI / Anthropic (fine-tuned) | 55โ75 | Data portability + organisational re-training |
| Meta Llama (self-hosted) | 20โ35 | Open weights โ lowest lock-in in AI market |
Contractual Protections That Reduce Lock-In Risk
The right time to address lock-in risk is before contract signature. Six provisions materially reduce the score across all dimensions:
- Data export rights: Negotiate explicit data export rights in open, documented formats within 30 days of termination. Without this clause, data export at scale typically requires vendor cooperation โ cooperation that is often slow and sometimes withheld.
- Break clauses: In multi-year agreements, negotiate break clauses at 12 or 24-month intervals with 90-day notice. The commercial trade-off (slightly higher base price or fewer freebies) is almost always worth the optionality.
- Price caps: Negotiate maximum annual price escalation (3โ5% CPI cap is achievable with most vendors). Without this, multi-year lock-in plus uncapped pricing gives the vendor both the captive customer and the ability to extract maximum value from that captivity.
- Migration assistance commitment: Negotiate a post-termination transition period (90โ180 days) where the vendor provides reasonable assistance to support migration. This provision is rarely offered proactively but is frequently accepted when asked.
- API continuity: For integration-heavy deployments, negotiate API continuity commitments โ preventing the vendor from deprecating APIs your integrations rely on without minimum 12-month notice and a migration path.
- Termination for convenience: Negotiate the right to terminate for convenience with 90-day notice in agreements of 2 years or less. Longer agreements may require 6-month notice โ which is still substantially better than no termination right at all.
For help applying this framework to your upcoming renewals and structuring the contractual protections that reduce your lock-in risk, book a confidential call with our advisory team. For AI-specific lock-in analysis, see our guide on Enterprise AI Procurement and the Enterprise AI Governance Contracts framework.