AI Software in Energy and Grid Management: Who Manages the Code If the Supplier Disappears?

The energy industry is undergoing an unprecedented transformation. While wind turbines spin, solar panels generate power, and electric vehicles charge, an increasingly complex digital ecosystem is operating behind the scenes. AI-driven software optimizes grid management, predicts demand peaks, and balances renewable energy volatility in real time.

But what happens if the supplier of that critical software suddenly disappears?

This is not a theoretical scenario. Grid operators and energy providers rely on specialized applications — from SCADA systems to energy management platforms — often delivered by relatively small, highly specialized software vendors. As AI becomes more deeply embedded in operational processes, dependency on these providers continues to grow.

The Expanding Role of AI in Energy and Grid Management

Artificial intelligence has transformed the energy sector from a relatively unpredictable system into a dynamic, data-driven environment. AI algorithms support congestion management, predict maintenance needs, and optimize the deployment of assets such as battery storage. These systems process massive volumes of data and inform decisions that directly impact reliability of supply and grid stability.

With new opportunities come new vulnerabilities. What if a software supplier files for bankruptcy? Is acquired by a company with no strategic focus on the Benelux market? Or decides to declare the product end-of-life?

Vendor Lock-In Risks in Critical Infrastructure

Grid operators operate in an environment where downtime is simply unacceptable. The energy sector is part of critical infrastructure, and disruptions can have significant societal consequences.

At the same time, many organizations are heavily dependent on external software providers — a situation commonly known as vendor lock-in.

This dependency manifests at multiple levels:

• Technical lock-in: Use of proprietary formats, custom integrations, or specialized interfaces
• Commercial lock-in: Contractual terms that make switching costly or complex
• Operational lock-in: Processes and personnel fully aligned with a single system

For AI applications, the risk is often even greater. These systems are typically deeply integrated into existing infrastructure and depend on specific models, configurations, and datasets. When a supplier disappears, the issue is not merely contractual — it becomes a continuity challenge.

Why Continuity Is Not Optional

The Dutch and Belgian energy sectors face increasing regulatory pressure. The NIS2 Directive and the Critical Entities Resilience Act impose stricter requirements regarding cybersecurity, risk management, and business continuity.

Under NIS2, executives have explicit duty-of-care obligations related to risk oversight and critical supplier relationships. Regulators expect organizations to demonstrate that they have taken concrete measures to manage software supply chain dependencies.

The question increasingly raised in boardrooms and audit committees is clear:

What happens to our critical applications if the supplier ceases to exist tomorrow?

Software Escrow: Securing Access When It Matters Most

Software escrow is both a legal and technical mechanism designed to safeguard access to essential software components when predefined conditions occur.

Under a source code escrow arrangement, the supplier periodically deposits source code, technical documentation, and relevant configurations with an independent escrow agent. If a contractually defined release event occurs — such as bankruptcy or prolonged failure to meet maintenance obligations — the customer may gain access to the deposited materials.

For AI software, the scope may be broader. Depending on contractual terms and rights structures, an escrow arrangement may include:

• Source code
• Configurations
• API documentation
• Dependency documentation
• Information required to reproduce models

Depositing training data depends on ownership rights, data licenses, and privacy regulations. Escrow arrangements must therefore be carefully aligned with the specific AI architecture.

A well-structured escrow agreement enables an organization to continue operating, maintaining, or rebuilding the software independently or through a third party if necessary. Escrow does not eliminate vendor lock-in, but it prevents dependency from leading to operational paralysis.

SaaS Escrow: Ensuring Continuity in the Cloud

An increasing number of energy applications — including trading platforms, analytics solutions, and AI-driven optimization software — are delivered as SaaS services in the cloud. In this model, continuity depends not only on the software itself but also on uninterrupted access to the web application and user data. Traditional source code escrow alone often provides insufficient protection because SaaS continuity primarily depends on availability, hosting, and access control.

Our SaaS Escrow solution focuses on safeguarding access and uptime. In addition to the SaaS Escrow Agreement, Escrow4All enters into a separate agreement with the hosting provider to ensure that services continue under all circumstances. If the SaaS supplier fails to meet its obligations, Escrow4All bridges the financial commitments toward the hosting provider to keep the service operational. At the same time, critical technical elements — including access credentials, infrastructure information, and agreed verification levels — are securely collected and validated.

For organizations such as grid operators that depend on cloud-based AI and data solutions, SaaS Escrow forms a crucial component of their continuity strategy: assurance that both the application and the data remain available, even if the supplier fails.

How to Structure an Effective Escrow Arrangement

An escrow agreement is not a paper formality. Effective escrow requires:

Clearly defined release events
Objectively verifiable situations such as bankruptcy or demonstrable prolonged non-performance.

Technical due diligence
Identification of the components essential for operational continuity.

Periodic updates
Ensuring deposited materials reflect the current production environment.

Verification
Testing whether deposited materials are complete and technically usable.

Escrow4All is an ISO 27001-certified escrow provider in the Benelux, supporting organizations in implementing escrow arrangements aligned with their risk profile and governance requirements.

From Dependency to Control

The energy transition requires innovation. AI plays a pivotal role. But innovation without continuity safeguards increases the vulnerability of critical infrastructure.

Software escrow is not an obstacle to digital transformation; it is a mechanism for making technological dependency manageable. It provides organizations with the assurance that, even if a supplier disappears, they retain the means to support their critical systems.

In a sector where reliability of supply and resilience are paramount, that assurance is not a luxury — it is a prerequisite.

To be sure!