Two years ago the conversation in most boardrooms was about access. Could we get a capable model, on acceptable terms, without joining a waitlist. That problem is gone. Today there are hundreds of capable models. Many are open-weight and free to download. Several open models now match or beat the proprietary leaders on the benchmarks that matter for real work, and the frontier moves so fast that the best open model in March is rarely the best one in May. In a recent thirty-day stretch, several frontier-class open-weight models shipped from different labs. By the time a procurement committee has agreed on a shortlist, the shortlist is out of date.

This looks like good news, and in most respects it is. But abundance is not the same as simplicity. When everything is a choice, choosing badly becomes easier, and the failure modes are quieter than they used to be. The risk is no longer that you cannot get a model. It is that you commit to the wrong relationship with one, or several, and discover the cost only later.

So the useful question for management is not which model. It is what should we be worried about, and what posture protects us regardless of which model wins this month.

The concerns

Churn is now a permanent condition. Commercial models retire on a schedule. A typical model has a working life of twelve to eighteen months, and notice periods before retirement are short, often around sixty days. Whatever you standardise on today, you will be migrating off within two years, whether you planned to or not. Any architecture that assumes the current model is permanent is already obsolete.

Lock-in hides in the integration, not the contract. The switching cost of a model is rarely the licence. It is the prompts tuned to one model's quirks, the fine-tunes trained on it, the workflows built around its specific behaviour, the team's accumulated intuition. A business can be agnostic on paper and deeply captured in practice. The question to ask is not "are we free to leave" but "what would leaving actually take."

"Open" is not one thing, and it is not free. Most models people call open source are open-weight: you can download and run the weights, but the training data and full pipeline are not public. More importantly, the licences vary enormously. Some are genuinely permissive, clean MIT or Apache 2.0 terms with no usage clauses. Others are custom licences with real restrictions, including caps on monthly users and, in at least one widely used case, specific limitations affecting European use. Treating a downloadable model as a no-strings asset is a legal mistake. The licence is a contract, and the permissive-looking ones still deserve to be read like one.

Open source can swap one dependency for another. This is the point European management most often misses. The open-weight frontier today is led overwhelmingly by Chinese labs such as DeepSeek, Alibaba's Qwen, Moonshot's Kimi and Z.ai's GLM, with Mistral, the main European open-weight provider, trailing the top tier on the neutral benchmarks. Adopting an open model "for sovereignty" can quietly move your dependency from one foreign jurisdiction to another. Open weights you host yourself genuinely reduce some exposure, because the data and the inference stay on infrastructure you control. But the provenance, the maintenance, and the security of those weights still rest with a team you do not employ, in a country whose policy you do not influence. Independence is a stronger claim than most open-source strategies actually deliver.

Where the model runs can matter more than where the data sits. A model hosted on infrastructure controlled by a foreign parent can remain reachable by that country's law even when the data is stored inside the EU. "Our data is in a European region" is not the same as "our data is beyond foreign reach." For regulated workloads, the relevant question is jurisdiction over execution, not just storage location.

Self-hosting is not automatically cheaper. The instinct that running an open model in-house saves money is often wrong. At low and moderate volume, per-token API pricing usually wins, because serious open models need serious hardware and the operational burden of running them is real. Self-hosting tends to pay off only above a meaningful usage threshold, and even then only once you account for GPU cost, utilisation, and the engineering time to keep it running. The economics are a calculation, not an assumption.

Behaviour drifts, and so does reproducibility. Adjacent versions of the same model can behave differently. Outputs you validated against one version may change under its successor, and a deprecated model cannot be brought back to reproduce a past result. For anything that needs to be defensible later, an audit, a regulatory file, a customer dispute, this is a governance problem, not a technical footnote.

Governance is becoming a legal obligation, not a nicety. As the EU AI Act's obligations come into force, high-risk uses will require auditability and traceability: being able to show which system made a decision, on what basis, and with what controls. A business that cannot say which model processed which data, and when, is not merely disorganised. It is increasingly non-compliant.

What management should consider

The throughline of all of this is that the model is the wrong unit to commit to. The unit to invest in is the organisation's ability to choose, govern, and switch.

Treat models as a portfolio, not a marriage. Assume from the start that you will run more than one and replace each of them, and design so that swapping a model is a configuration decision rather than a re-engineering project. Put the model behind an internal layer your teams control, so business logic never speaks to a provider directly.

Match the model to the workload and its risk class, rather than picking one model for everything. The cheap, fast, hosted option may be perfectly appropriate for low-sensitivity tasks, while a model you fully control is warranted where the data is sensitive or the jurisdiction matters. Routing by sensitivity gives you cost efficiency where it is safe and control where it is required.

Keep a fallback you genuinely control. At least one open-weight model you could self-host, tested and ready, is cheap insurance against both commercial retirement and access disruption, even if it is not your first choice on quality.

Read the licence before you build on it, especially the open ones, and especially for anything with European users or commercial scale. Verify usage caps, geographic clauses, and commercial terms as a procurement step, not an afterthought.

Evaluate continuously rather than once. Keep a small standing test of your real use cases running against the next candidate model, so the cost of switching is a known quantity weeks before you need to act, not a discovery made under deadline pressure.

Write portability into your contracts. Data return, export, and exit terms turn a stated intention to stay flexible into an enforceable one.

And resist two comforting confusions: that more choice means more independence, and that "open" means "free" or "sovereign." Neither is true. Both lead to decisions that feel safe and are not.

The leadership frame

It is tempting to read this as a checklist for the technology function, but the core decision is a leadership one, and it is almost the opposite of what people expect. The job is not to pick the winning model. In a market that reshuffles monthly, betting the organisation on a single winner is the one move almost guaranteed to look foolish within a year.

The job is to build a business that can adopt the best available model at any moment and walk away from any of them without flinching. That capability, optionality held as a deliberate asset, is what abundance actually rewards. The organisations that treat model choice as a permanent decision will spend the next few years migrating in a panic. The ones that treat it as a managed, recurring choice will simply keep moving, and will negotiate from strength because everyone can see they are free to leave.

Abundance has not made the decision easier. It has moved it up a level. The question is no longer which model is best. It is whether your organisation is built to keep changing its mind.

Where to look

The frontier moves monthly, so any single ranking dates quickly. The better habit is to watch a neutral, continuously updated comparison rather than trust one snapshot: Artificial Analysis for capability rankings, and Hugging Face, where the open weights themselves live.

The leading open-weight families, most of them now from Chinese labs:

And the proprietary frontier, closed but still setting the pace: