Most organisations spend far more time trying to stop bad things happening than thinking about what they’ll do when they happen anyway. Invite me along to any project or programme board (but only hypothetically, please – you’ve got too many people around that table already) and I will definitely pop up for the risk register agenda item and ask why there’s a column for mitigation strategies but not for contingency. Even though nearly everything is flashing red for ‘likelihood.’ You know the risk register I mean, right? You’re picturing it now.
We write the risk registers, we colour-code likelihood and impact, and folks spend hours discussing mitigations. We ask ourselves: can we reduce the chance of this occurring? If we’re lucky, we get as far as: what controls can we put in place? Who owns the risk?
All sensible questions. But occasionally something happens that nobody expected, or that nobody expected to happen quite like that. A supplier goes bust. A pandemic hits. A cloud service goes down. And when that happens, the question is no longer whether the risk was foreseeable, the question is whether you can still buy food or get to work on Monday.
That’s the thought that struck me this week as we watched organisations trying to make sense of reports that access to some AI models could be affected by decisions around US export controls and national security. For now, the politics are not really the point. What caught my attention was something else entirely.
Organisations thousands of miles away suddenly found themselves paying attention to decisions being made in Washington because those decisions might affect tools they use every day. Not because their systems had failed or because they had broken any rules, but because software, cloud infrastructure, regulation and geopolitics have become more and more intertwined. And it’s getting harder to… untwine them.
We understand this for transport. We don’t yet understand it for AI.
One of the enduring images of the Brexit aftermath wasn’t the endless parliamentary bickering or that campaign bus, it was watching Kent slowly turning into a lorry park.
The problem was never that Dover stopped working. Dover is one of the most efficient ports in the world precisely because things keep moving. Lorries arrive, roll on, roll off and continue their journeys. The system is designed around flow, not storage. What logistics experts warned repeatedly was that even small amounts of additional friction could have outsized consequences. When thousands of vehicles move through a system every day, a few extra minutes do not stay neatly contained at the port; they spill backwards onto roads, motorways and supply chains. Suddenly, something that looks like a local operational issue becomes a national one.
A similar lesson emerged at St Pancras after Brexit. More passport processing requirements added only seconds per passenger, but because St Pancras is a physically constrained system with fixed queues, security lanes and border booths, those extra seconds dramatically reduced overall throughput. Eurostar’s CEO said that additional post-Brexit passport checks were adding at least 15 seconds per passenger, reducing processing capacity at St Pancras from about 2,200 passengers per hour to 1,500 per hour — roughly a one-third reduction.
The consequence was less visible than the parked-up lorries or the queues at airports because people never made it as far as the station, but it meant trains running with empty seats because the station could not process passengers quickly enough. In early 2023, Eurostar reported that peak-time trains were routinely leaving with around 350 of 900 seats unsold because border controls could not process people fast enough to fill them.
Nobody was arguing that passport checks were impossible. The issue was that they took a little longer. Just enough to fundamentally change the economics of the whole operation.
AI is beginning to look rather similar. Most organisations focus on the model itself: its capabilities, costs and features. Increasingly, however, the constraints are often elsewhere: regulation, data residency requirements, hosting arrangements, procurement decisions and geopolitical events can all introduce friction into a system that previously felt seamless.
Most of the time we barely notice those dependencies and we prefer not to think about what happens after we’ve plugged a cable into the wall. Then something does happen and we discover that what looked like a small issue in one part of the system has become a critical bottleneck for everyone else. Sure, most of us know where the Strait of Hormuz is now.
The invisible geography of AI
For organisations operating in the UK and Europe, questions about data sovereignty, hosting arrangements and international dependencies are becoming more important, not less. Where is inference* actually taking place? Does data remain within the UK or EU? Is information used to train future models? What contractual protections exist if services change? How quickly could you switch providers if circumstances required it?
These are not reasons to avoid AI, nor are they arguments against American tech companies. Most of the leading models remain American and many are excellent. The point is that governance is no longer just about privacy policies and procurement boards. It is about understanding dependencies.
Put bluntly, where does the thing actually live?
For the last couple of years, AI buying decisions have largely focused on features (when they’re not distracted by sales pitches that over-promise). Which model is smartest? Which one produces the best reports? Which one has the newest capabilities?
Those things matter, but last week was a harsh lesson in how much resilience matters too. The strongest AI strategy may not be the one built around the most capable model. It may be the one that can adapt most easily when circumstances change.
That doesn’t necessarily mean using multiple models for everything, any more than business continuity requires duplicate offices or duplicate teams. But it does mean understanding your points of failure. If a model became unavailable tomorrow, how much of your organisation would stop functioning? How quickly could you switch? Would you know where your data was? Do you know what alternatives existed?
Those questions are becoming less theoretical with every passing month.
Mitigation is not contingency
This brings me back to the thing you should take away from this: we are quite good at mitigation, but we are much less good at contingency planning. A mitigation might reduce the risk of a supplier outage. A contingency plan assumes outages happen despite your best efforts and focuses on recovery.
Maybe it’s because contingency planning feels slightly pessimistic. It is the organisational equivalent of buying travel insurance or writing a will. Nobody enjoys doing it, so we put it off for as long as possible. We would rather focus on prevention than recovery. But the organisations I have worked with that handle disruption best are not the ones that predicted every problem; they are the ones that recover fastest when something unexpected occurs.
In other words, they know that black swans exist.**
A black swan is only a surprise once
The trouble with black swans is that they are difficult to predict, by definition. If we knew exactly what was coming, they would simply be risks. We cannot – at each project board – foresee every global conflict (although…), regulatory intervention, tech failure or market shock. Nor should we spend our lives trying to.
What we can do is stop designing systems that assume those things will never happen. The lesson from this week’s AI disruption is not that Anthropic is unreliable, nor that governments should never intervene in technology markets. The lesson is that AI has become important enough that your resilience now matters – and it’s not just about your IT guy having a look at the wiring for you.
As organisations move beyond experimentation and begin embedding AI into frontline services, governance can no longer be limited to safety, privacy and procurement. It must also include continuity. Because the question that really matters is not whether your preferred model is available today.
Dover did not stop being a port. St Pancras did not stop being a station. The problem was that a small change exposed dependencies people had largely ignored.
AI is now important enough that we should learn the same lesson before the queues start forming. It is whether your organisation knows what to do on Monday morning if it isn’t working.
*Inference is the technical term for the moment when the AI does the work and generates an answer. In other words, when you type a prompt and receive a response, where is that thinking happening and under whose rules? If you aren’t sure, ask your tech supplier. If they can’t tell you, get a new supplier.
**We’ve talked about these before. But it’s been a year so you might need to check back.
