Ten structural parallels between the 2015–2024 cloud ERP wave and the 2023–2026 introduction of AI into packaged software. Each with implication, risk and a 30-day board action.
The cloud ERP wave (2015–2024) and the AI-in-COTS wave (2023–2026) share three deep structural parallels: both deliver transformation only when the operating model is redesigned around the technology; both contain a Year-3 cost trap that diverges sharply from the original business case; and both create vendor dependency that compounds and becomes progressively harder to escape.
The three places the analogy breaks down matter more. Failure mode is different: cloud ERP fails slowly through process rigidity; AI-in-COTS fails fast through hallucination and governance gaps that can produce audit-material errors in days. Lock-in is categorically new: workflow muscle memory is replaced by cognitive lock-in — the vendor's semantic index becomes your institutional memory, and that memory cannot be exported. Competitive threat is asymmetric: no one built a credible ERP from scratch during the cloud wave; the post-LLM disruptor building custom workflows on foundation-model APIs is a live threat today.
The single strongest implication for boards: do not sign multi-year AI-embedded-ERP commitments until you have ring-fenced your organisational data graph in infrastructure you control. Cognitive lock-in is the sharpest strategic risk in enterprise technology today — and it is not yet priced into renewal decisions.
Both waves deliver the technology faster than the organisation can absorb it. Operating-model redesign is the binding constraint.
74% of companies cannot show measurable AI ROI; fewer than 10% have fully scaled AI in any single business function.
Readiness audit across the top three AI-embedded apps. Score data quality, process governance and training. Gate licence expansion on readiness, not vendor timelines.
Structurally identical economics: low initial deployment cost, aggressive Year-3 escalation, switching cost that makes renegotiation one-sided.
78% of IT leaders report unexpected AI charges; 85% misestimate AI costs by >10%. Cloud ERP escalation is predictable; AI escalation is stochastic and decentralised.
Model Year-3 and Year-5 TCO across embedded AI. Negotiate three clauses into every contract: consumption ceiling with overage cap, CPI-linked escalation limit (2%), and model-substitution rights.
Fourth-generation lock-in: the vendor's semantic index, agent configurations and accumulated context become the institutional memory of the finance function.
Cognitive lock-in is invisible and non-negotiable. Switching cost is no longer data migration — it is intelligence loss, which is non-exportable.
Mandate a multi-model policy: no single LLM provider may exceed 60% of enterprise AI workloads. Ring-fence the data graph in a layer you control (Databricks, Snowflake, self-hosted vector store).
Standardise where you are average, differentiate where you compete. The trade-off is identical — but ERP customisation is deterministic, AI customisation is probabilistic.
"Clean core" restrictions under RISE limit the workaround. AI confidence intervals around customised behaviour are wider — and harder to test.
Map all AI-embedded workflows by criticality. For high-stakes processes (financial close, audit, regulatory reporting), mandate human-in-the-loop and deterministic rules engines alongside AI assistance.
Both waves create a talent asymmetry where early adopters pull away and laggards lose the ability to catch up. The skill gap is the binding constraint on value capture.
ERP change management had a defined endpoint. AI capabilities evolve continuously — model updates, new agent capabilities, shifting interfaces. Reskilling never finishes.
Allocate ≥20% of AI programme budget to training and role redesign. Create an "AI fluency" competency framework for finance with quarterly skill assessments.
Both waves are data-governance projects wearing a technology coat. Both are systematically underinvesting in the prerequisite.
ERP data quality problems are discoverable. AI data quality problems are probabilistic and may surface only as subtle output degradation that passes human review.
Before expanding AI deployment, run a data-quality audit on every source feeding AI models. Establish a data stewardship function with explicit accountability for AI input quality.
Fast system, slow governance. The magnitude is larger with AI because the speed differential is orders of magnitude greater.
An AI agent generates a forecast in seconds; validating it against audit standards takes days. Without a golden-source policy, internal arguments about "the truth" follow.
Define a golden-source policy for AI-assisted outputs: which require human sign-off before external reporting, which can flow through with automated validation. Publish to all budget holders.
Both waves push enterprise data and logic into US-headquartered vendor infrastructure, creating identical jurisdictional exposure. AI expands the surface area substantially.
The EU AI Act (Aug 2025) imposes obligations on high-risk AI systems that most COTS vendors have not yet operationalised. Cross-border inference flows are largely unmapped.
Require every AI vendor to provide a data-processing map: where inference occurs, where training data resides, which model weights are shared across tenants. Flag cross-border inference for legal review under EU AI Act.
Both are vendor-initiated pricing transitions that transfer risk to customers under the guise of "flexibility". Subscription was predictable; consumption is genuinely unpredictable.
85% of organisations misestimate AI costs by >10%; nearly a quarter are off by 50%+. IDC: by 2028, 70% of software vendors will refactor pricing around consumption or outcome metrics.
For every AI product on consumption pricing, implement a spend cap with alerts at 80% utilisation. Negotiate a contractual overage ceiling (e.g. 120% of estimate) with clawback rights if model accuracy degrades.
The ERP precedent suggests incumbents are safe. The AI reality is that workflow and intelligence layers above the system of record are now contestable by entrants that did not exist two years ago.
Post-LLM, a well-resourced team builds a domain-specific workflow replacement in months using foundation-model APIs. The barrier to entry has collapsed for the surrounding stack.
Audit the surrounding stack (point solutions, niche planning tools, AP automation, expense workflows). For each: is this a system of record with a defensible data moat, or a workflow tool a well-prompted agent could replace? Pilot replacements for the weakest links.
Three places to discard the analogy entirely.
The ERP analogy implies that problems surface slowly and can be fixed during stabilisation. A misconfigured ERP allocation rule propagates silently across a group for a quarter. An AI hallucination in a financial close package can produce a plausible-sounding but fictitious number that passes human review because it "looks right". The 2024 finding that LLMs hallucinate in up to 41% of finance-related queries is not a rounding error — it is a structural risk with no ERP precedent. The correct mental model is operational risk with non-deterministic systems, closer to model risk management in banking than to IT project management.
The ERP analogy implies that lock-in stabilises once migration is complete. Cognitive lock-in does not stabilise — it compounds. Every meeting summarised by the vendor's AI, every document indexed, every agent action executed widens the incumbent's knowledge advantage. The switching cost grows daily without any deliberate decision to deepen the dependency. The correct mental model is not "contract lock-in" but knowledge compound interest: the longer you wait, the more expensive it becomes to leave, and the rate accelerates rather than decelerates.
The ERP analogy implies incumbent vendors have structural moats. For systems of record, they do. For workflow and intelligence layers, the moat has been breached. The post-LLM disruptor can build a domain-specific workflow in months, not years, using foundation-model APIs. ERP vendors betting on AI agents working flawlessly inside their suite by mid-2026 are betting against the consensus of the people building the stack. The correct mental model is platform-versus-API competition. History — from IBM mainframes to Salesforce's rise to the current LLM wave — does not favour the bundled incumbent once the API layer matures.
Ten board-level decisions, one per parallel. No ambiguity.
| # | Action | Owner | Window |
|---|---|---|---|
| 01 | Readiness audit on top three AI-embedded applications. Gate licence expansion on score. | CIO / COO | Wk 1–2 |
| 02 | Year-3 / Year-5 AI TCO model. Lock consumption cap, CPI ceiling, model-substitution rights into every contract. | CFO / Procurement | Wk 2–4 |
| 03 | Multi-model policy (60% cap). Ring-fence the organisational data graph in a layer you control. | CIO / CDO | Wk 1–4 |
| 04 | Map AI workflows by criticality. Mandatory HITL + deterministic rules on close, audit, regulatory reporting. | CFO / Risk | Wk 2–3 |
| 05 | Allocate ≥20% of AI budget to training and role redesign. Publish AI fluency framework for finance. | CHRO / CFO | Wk 1–4 |
| 06 | Data-quality audit on every source feeding AI models. Stand up a data stewardship function. | CDO | Wk 2–4 |
| 07 | Publish a golden-source policy for AI-assisted outputs. Define HITL gates for external reporting. | CFO / Audit | Wk 2 |
| 08 | Request data-processing maps from every AI vendor. Legal review of all cross-border inference flows. | GC / DPO | Wk 1–3 |
| 09 | Spend caps with 80% alerts on all consumption-priced AI. Negotiate 120% overage ceiling + accuracy clawback. | CFO / Procurement | Immediate |
| 10 | Audit the surrounding stack vs. post-LLM disruptors. Pilot replacements where no data moat exists. | CIO / Strategy | Wk 3–4 |
The cost of waiting is asymmetric. Subscription savings missed on RISE renegotiation are recoverable in the next cycle. Cognitive lock-in is not — every quarter without a ring-fenced data graph deepens the dependency at a compounding rate. The boards that move in 2026 set the terms; the boards that wait until 2027 renew under the terms others set for them.