For years, regulators have focused on consumer-facing giants like Microsoft and Google. Meanwhile, the business-to-business side of technology, where the largest operational and financial decisions get made, has mostly flown under the radar. That’s changing. In 2025, regulators in the European Union and elsewhere began probing practices inside the enterprise stack that look a lot like monopoly behavior. If you buy or implement large systems, this shift matters: it could reshape contracts, integration options, support models, and ultimately your leverage.
Below is a plain-English look at three flashpoints, and practical moves to protect your organisation.
1) SAP and Enterprise Support Choice: The Third-Party Maintenance Fight
What’s happening
Legacy SAP customers running ECC and related products often rely on third-party maintenance for lower cost and a longer runway. Regulators are investigating claims that SAP’s contracts and practices make it unreasonably hard to choose those alternatives by blocking or penalising moves away from SAP support and by back-charging customers who later return.
Why it matters
If true, these tactics reduce your negotiating power and can force you into higher costs or premature migrations. They also limit your ability to stage a thoughtful roadmap (for example, stabilise ECC while modernising data, analytics, and integration around it).
What to do now
- Contract discipline: insist on the right to use third-party maintenance without punitive back-charges. Make renewal, termination, and re-entry terms explicit.
- Roadmap optionality: separate your “system of record” (ERP) from data, analytics, workflow, and AI layers so you can modernise without a risky core rip-and-replace.
- Benchmark support value: price out third-party support vs. vendor support over a three- to five-year horizon, including service levels, security patches, compliance coverage, and upgrade paths.
2) Epic vs. Ambient Data: Enterprise Healthcare Interoperability at Risk
What’s happening
Epic, a dominant electronic medical record provider, is under scrutiny for allegedly blocking third-party “ambient” technologies, tools that capture and analyse patient data outside the core record (for example, wearables, room sensors, clinical note capture), from integrating through open interfaces, while promoting its own forthcoming alternatives.
Why it matters
If a platform can decide which innovations reach clinicians and which do not, patient outcomes and provider productivity can suffer. A closed integration stance also weakens your ability to pilot best-in-class solutions.
What to do now
- Demand open interfaces: require documented, supported interfaces for any certified third-party technology that meets security and privacy standards.
- Pilot with evidence: run controlled trials of ambient tools and measure outcomes (clinician time saved, documentation accuracy, patient throughput). Make adoption conditional on results, not vendor roadmaps.
- Governance over brand: create a cross-functional review board (clinical, security, data, legal) that approves integrations based on risk and value, not on whether they are “native.”
3) Large System Integrators: The Soft Monopoly
What’s happening
While not yet a formal regulatory case, many large system integrators work to keep independent advisors and niche specialists off programmes, insisting they alone should design, build, test, and govern. The result can be limited transparency on staffing quality, change control, and value for money, plus fewer dissenting views when projects go sideways.
Why it matters
A single-firm delivery model concentrates risk. It can also lead to one-sided plans that favor long timelines, heavy customization, and costly change orders.
What to do now
- Separate roles: retain an independent advisor for program governance, architecture, and benefits tracking. Let the integrator build, but do not let them mark their own homework.
- Multi-vendor by design: carve the work into packages (integration, testing, data, change) and allow at least one competitive provider per package.
- Visibility clauses: require time-phased staffing plans, named key personnel, measurable deliverables, and financial guardrails (for example, caps on change orders without executive approval).
How to keep your leverage (regardless of the regulator)
- Architect for choice
Keep ERP as the system of record, but move data, analytics, workflow, and AI to platforms that are cloud-agnostic and integration-friendly. This makes vendor swaps less traumatic and reduces lock-in. - Write contracts for exit
Bake in rights to export data and configurations in human-readable formats; require continued access to logs and audit trails; define fair re-entry terms if you leave vendor support. Make service-level agreements and escalation paths explicit. - Make pilots earn autonomy
Run “suggest-first” pilots for automation and AI. Only grant hands-off execution after hitting accuracy, control, and audit thresholds twice. - Fund governance, not just licenses
Create a small centre of excellence for security, data, integration, and change management. Most overruns trace back to weak governance, not bad technology. - Benchmark everything
Support fees, implementation rates, cloud consumption, managed services, and get at least two external benchmarks, and a total cost view over three to five years.
The bigger picture
Regulatory action will take time. Even if rulings land, they may not rewrite contracts you have today. But you do not need to wait to protect your position. The strategic move is the same either way: design for interoperability, negotiate for optionality, and govern for outcomes. When you engage in monopolistic behaviors, real or perceived, you lose power over your roadmap.
If you want a second set of eyes on your contracts, vendor strategy, or programme structure, Third Stage Consulting works independently across vendors and industries. We can help you diversify risk, sharpen value, and keep control of your digital future.
