Technological Lock-In as an Underestimated Risk in IT Governance and Mitigation Strategies

Technological lock-in is identified as an underestimated risk in IT governance, becoming costly and urgent only when it materializes. The article outlines four forms of lock-in and introduces the Vendor Dependency Index as a measurement tool to assess dependency levels. Strategies for exit planning are proposed to safeguard operational continuity in enterprise environments. The discussion is framed within broader regulatory and compliance contexts, including the NIS 2 Directive and DORA, as well as privacy considerations from the Garante Privacy. No specific technical details, dates, or numerical data are provided beyond the conceptual framework. The focus is on mitigating supply chain and vendor-related risks in cloud and infrastructure solutions.