Andreas Timm

Tag: Policy

  • Model deprecation is the new continuity risk

    Model deprecation is the new continuity risk

    Four rectangles in a row with the leftmost ghosted, simple connecting arrows
    A — model lifecycle row.

    OpenAI announced the discontinuation of the Sora web and app experiences on April 26, with the Sora API following on September 24. The first deprecation triggers in two weeks. Enterprises that built workflows on Sora since launch are not facing a model upgrade — they are facing a workflow rebuild on a four-month timeline. This is the first prominent enterprise-facing AI deprecation event of the cycle, and the precedent it sets matters more than the specific product involved.

    Model deprecation is no longer a developer-tier concern. It is an enterprise governance question that deserves a place on the risk committee agenda. The real shift is happening here: AI dependency without continuity is becoming a board-level risk in 2026.

    The shift: dependency without continuity guarantees

    The pattern of the past two years has been to build agent workflows on whichever foundation model was demonstrably best at the time, with little contractual commitment from the model provider about how long that model would remain available. Provider terms have improved — Azure OpenAI’s twelve-plus-six-month commitment for generally available models is the strongest standard in market — but most enterprises have not negotiated equivalent terms with their chosen providers. They built on capability, not on continuity.

    When the provider sunsets the model, the enterprise’s options are bad. Migrate to a successor model that may behave differently in subtle ways — requiring re-validation of every governed use case. Renegotiate at the eleventh hour for extended access at unfavorable terms. Or absorb the operational disruption of the workflow simply not working until rebuilt.

    The Sora event is small in dollar terms but large in precedent. The next deprecation will involve a more enterprise-critical model, and the enterprises that did not see this one coming are not going to see that one coming either.

    A single thread connecting a workflow box to a model box, the thread visibly fraying near the model with a clock above
    Built on capability. Not on continuity.

    The role change is the addition of an AI continuity discipline

    Inside enterprises that take this seriously, a discipline is emerging that did not exist in 2024 — AI continuity management. The work overlaps with vendor management, with disaster recovery, with model risk management, and with regulatory compliance, but it is structurally distinct from all of them. The discipline involves maintaining an inventory of model dependencies by workflow, negotiating continuity commitments at procurement, running successor-model regression tests on a regular cadence, and ensuring that the documentation chain meets the rebuild-readiness standard.

    Most enterprises have not staffed this discipline. The accountabilities are scattered across teams that do not coordinate. The procurement team negotiated the model contract a year ago without a continuity clause. The deployment team is building production dependencies on the model without thinking about migration cost. The risk team has not flagged model deprecation as a category. When the deprecation announcement lands, the company finds out it has no plan.

    The fix is straightforward in concept and slow in practice. Add continuity commitments to the procurement template. Build a model-dependency inventory. Designate an owner for AI continuity at the executive level. Run quarterly successor-model tests. None of this is hard. It is just unglamorous work that does not get done unless someone owns it.

    The strategic consequence is renewed buy-versus-build math

    Continuity risk changes the calculus of where to deploy AI capability. For workflows where the cost of unplanned migration is high — regulated workflows, mission-critical operations, customer-facing experiences with high switching costs — the case for either fine-tuning a frontier model into a controlled deployment, partnering with a vendor offering enterprise-grade continuity commitments, or building on open-weight models the enterprise can host indefinitely is stronger than it was in 2024. The case for relying on whichever model is best on a benchmark this quarter is weaker.

    The math is not simple. Open-weight models lag the frontier, sometimes meaningfully. Self-hosting carries operational cost that the proprietary providers absorb. The vendor lock-in to a single proprietary provider, even with the best continuity terms, is a different kind of risk than open-weight self-hosting carries. Each enterprise has to make this trade-off based on the workflow’s tolerance for capability lag versus its tolerance for continuity disruption.

    What is no longer defensible in 2026 is treating model continuity as someone else’s problem. The Sora sunset is small. The next one will not be.

    So what boards should do this quarter

    Add model deprecation to the risk committee agenda. The first deprecation event lands in two weeks. The board should at minimum understand which workflows are exposed and what the migration plans are.

    Demand a model-dependency inventory. Which workflows depend on which models from which providers, with which contractual continuity commitments. If this inventory does not exist, building it is the priority.

    Reconsider the buy-versus-build posture for mission-critical AI workflows. The 2024 default — use whichever proprietary model is best — was rational at the time. In 2026, with the deprecation precedent now visible, that default deserves an explicit reconsideration. Continuity is becoming a form of resilience. The boards that price it in this quarter will not be the ones rebuilding workflows under deadline.

    References and links

  • Davos 2026 made AI sovereignty the policy line — and the corporate one

    Davos 2026 made AI sovereignty the policy line — and the corporate one

    What was announced

    The World Economic Forum 2026 met in Davos January 19–23 with AI as the dominant agenda item. The conversation converged on three themes: risk-proportionate governance, runtime governance for multi-agent systems, and what Microsoft CEO Satya Nadella framed as “corporate AI sovereignty” — firms owning the intelligence layer that encodes their distinctive capabilities. Anthropic CEO Dario Amodei warned the forum that frontier AI is uniquely well-suited to autocracy, calling for targeted chip-export controls. A WEF press release on the same week reported leading organizations are shifting from “potential” to “performance” — measuring AI by realized output rather than pilot count.

    What it means

    The vocabulary shift is the substantive event. For two years, AI policy discussion at this forum was framed as risk management — what to restrict, what to monitor, what to ban. The 2026 framing is different. It treats AI as critical infrastructure where the governance question is who owns it, not whether it should exist. “Sovereignty” applied to AI is a deliberate echo of “data sovereignty” — a recognition that the layer of intelligence inside an organization is becoming as load-bearing as its data layer was a decade ago.

    For governments, this redirects policy from rule-writing to capability-building: domestic compute, domestic foundation models, controlled exports. For corporations, it redirects strategy from procurement to capability ownership: which models do you fine-tune yourself, which workflows encode your tacit knowledge, and which partners do you let inside the trust boundary. Both translations point to the same architectural question: where does the irreducible cognitive core of your organization live, and who can take it from you.

    Andreas’s view

    My read on this: Davos is a leading indicator of where C-suite vocabulary moves over the next 12 months. “Corporate AI sovereignty” is not a slogan — it is a framing that makes specific decisions easier to defend in a board meeting. Building your own model fine-tunes is sovereignty. Choosing not to send your customer interactions through a third-party model API is sovereignty. Maintaining a private inference cluster is sovereignty. The vocabulary justifies budgets that previously read as duplicative or paranoid.

    I don’t think the sovereignty framing is purely defensive. There is a competitive argument inside it: organizations that operate as pure consumers of frontier models are paying rent on the cognitive layer of their own business. Organizations that operate as owner-operators of a fine-tuned, workflow-embedded intelligence layer pay less rent and accumulate a moat that compounds with their data. The Davos talking points are starting to reflect that distinction.

    The way I see it, the question that matters this quarter is not “what is our AI strategy” but “what would it take to lose access to our primary model provider, and what would happen to the business if we did.” If the answer is catastrophic, the sovereignty argument is operational, not philosophical, and it has a budget implication.

    Three things I’m watching

    1. I’ll be watching whether companies run model-dependency stress tests — simulating the operational impact of losing their primary frontier-model provider for 30, 90, and 180 days. The result is the size of their sovereignty problem, and whether they even know that number tells me a lot.
    2. The companies that preserve strategic optionality will be the ones that draw a clear line between work requiring owned cognition (fine-tuned, embedded, internal) and work that can run on rented cognition (API-served frontier models) — and treat that boundary as a capital decision, not a procurement decision.
    3. I’ll be watching how the policy direction develops across major operating jurisdictions. Sovereignty framing in Davos has a consistent track record of translating into sovereignty requirements in regulated industries within 12–24 months.

    References and related signals