The Fine Print Decides: Governance and Procurement as Infrastructure Policy

The decisions that get made before anyone writes code

The most consequential choices about public digital infrastructure are often made not by engineers but in contracts, procurement rules, and governance charters, the documents almost no one reads. Whether a public system will be open or locked in, whether the public will own its own data, whether a vendor can be replaced or holds the institution captive: these are decided in the fine print, long before the first line of code is written. This primer is about taking governance and procurement seriously as infrastructure policy, because the terms set at the start quietly determine everything that follows.

The argument is that vendor lock-in is largely a governance failure rather than a technical one, that it is widespread and expensive, and that the tools to prevent it are contractual and institutional, available to any organization willing to do the harder work upfront.

Lock-in is written, not coded

Vendor lock-in describes a situation where an institution is tied to a particular provider because proprietary technology, closed data formats, or contract terms make leaving difficult or ruinously expensive. It is easy to imagine this as a technical trap, but it is more accurately a governance one. The lock-in is created by decisions: to accept a proprietary data format instead of requiring an open one, to sign a long contract with heavy exit penalties, to procure a point solution without insisting it interoperate with anything else.

The scale is significant and well documented. Surveys of public-sector procurers have found that a large share, on the order of forty percent in one European Commission survey, perceive some degree of vendor lock-in, usually because systems cannot interoperate or data cannot be moved between old and new providers. The cost is rarely visible at signing. It surfaces later, when the vendor raises prices, when a needed change is impossible without the original supplier, or when migrating away would mean abandoning data trapped in a proprietary format. By then the leverage is gone, because it was given away in the fine print at the start.

Governance is the lever, upfront

Because lock-in is created by decisions, it can be prevented by decisions, and the levers are governance and procurement. The practices are well understood even if they are unevenly applied. Procurement can require genuine open standards and open data formats, so information remains portable. It can demand interoperability and open interfaces, so systems connect rather than weld together. It can include explicit exit strategies and data-portability rights, so leaving is possible by design rather than by litigation. And it can favor modular, standards-based products over monolithic ones, so components can be replaced individually.

The catch, and the reason this is genuinely hard, is that it takes more effort at the front end. Drafting detailed standards-based requirements and evaluating long-term implications is more work than accepting a vendor's turnkey proposal and the lowest sticker price today. Good procurement is not about the cheapest bid now but about safeguarding the public interest over the life of the system, which means spending effort and discipline at the moment of least apparent urgency. Recent moves in several jurisdictions to revise procurement rules with lock-in explicitly in mind reflect a growing recognition that the contract is where the public interest is won or lost.

Governance beyond the contract

Procurement is the entry point, but the governance question continues for the life of the asset. Who is accountable for a public system once it is running? Who decides how it changes, and on whose behalf? How does authority transfer when a vendor, an administration, or a key person moves on? Public-interest digital infrastructure needs custodians that are clearly chartered and empowered to govern in the public interest over time, not just a clean contract at the outset. A well-negotiated procurement that is never followed by ongoing governance still drifts toward capture and decay.

This is where governance and stewardship meet. The contract prevents the obvious traps at the start; ongoing governance keeps the asset open, accountable, and serving its public over the years that follow. Both are required, and both are about the unglamorous documents and decisions rather than the technology itself.

What this means for public-interest infrastructure

Treating governance and procurement as infrastructure policy changes who needs to be in the room and when. The measure is not only whether a system performs but whether the terms governing it keep it open, portable, accountable, and replaceable over its full life. That favors investing real effort in the contract and the governance charter upfront, requiring open standards, portability, exit rights, and chartered custodians, over accepting the convenient proposal and discovering the trap years later.

This is the Foundation's stewardship concern at the level of policy and the fine print. The most important decisions about public digital infrastructure are governance decisions, made before the technology exists and revisited throughout its life. Get the governance and the procurement right, do the harder work at the start, and the public keeps control of what it pays for. Get them wrong, and the fine print decides against the public long before anyone notices.

References

1. Keystone Procurement. Vendor Lock-In in Public Sector ICT Procurement: Risks, Costs, and Strategies (2026). Lock-in from closed formats, exit penalties, and lack of interoperability; ~40% of public procurers perceive lock-in; good procurement safeguards long-term public interest. https://keystoneprocurement.eu/vendor-lock-in-in-public-sector-ict-procurement-risks-costs-and-strategies/

2. SpruceID. Interoperability Without Lock-In: Why Standards Matter (2026). Point solutions create dependencies that are costly to unwind; open standards make interoperability durable and protect public investment. https://blog.spruceid.com/interoperability-without-lock-in-why-standards-matter/

3. Chatham House. The case for expanding digital public infrastructure (2025). Open APIs, open documentation, open licensing, and open-source codebases reduce lock-in and support future adaptation. https://www.chathamhouse.org/2025/10/case-expanding-digital-public-infrastructure/08-conclusion-and-recommendations

4. Public Digital. Digital public goods. The need for custodians clearly chartered and legally empowered to govern in the public interest. https://public.digital/pd-insights/signals/signals-5/digital-public-goods

5. Nextgov/FCW. Interoperability and modernization: Competition drives progress (2025). Interoperability requirements and modular, open standards-based procurement drive competition, efficiency, and resilience. https://www.nextgov.com/sponsors/2025/11/interoperability-and-modernization-competition-drives-progress/408499/