The Single-Vendor Surface
Related
Regulators7 reqs Regulators6 artefacts Coase75 vendors

The median institution shares AI dependencies with 300 other institutions.

85,491
Pairwise links concentrated in dominant vendor ecosystem
8.3×
Larger than the next vendor group
414
Of 543 institutions exposed to the dominant ecosystem

DORA Articles 31 to 44 establish the framework under which the European Supervisory Authorities may designate a third-party ICT provider as critical to the financial system. Designation triggers joint oversight under the Lead Overseer mechanism, including the right to perform on-site inspections of the designated provider and to require remediation plans for institutions dependent on it. The designation criteria draw on multiple inputs including the systemic impact on the stability or continuity of financial services. The Meridian substrate operationalises this criterion at the agent level. A pairwise institutional link exists between two regulated institutions when both deploy AI agents through the same vendor. Cross-institutional propagation of any vendor-side governance event is bounded above by the pairwise link count. Hyperscaler A generates 85,491 such links across the regulated financial population. The next-largest vendor group generates 10,296. The substrate is provided as evidence input to designation analysis, not as a designation conclusion. The threshold shown on the chart is illustrative.

Figure 1 · Cross-Institutional Dependency Surface by Vendor
DORA ART 31-44 ESA DESIGNATION FRAMEWORK · PAIRWISE LINKS AS CONCENTRATION METRIC DESIGNATION THRESHOLD (illustrative) Hyperscaler A n=414 institutions 85,491 links DESIGNATION CANDIDATE Hyperscaler C n=144 institutions 10,296 links MONITOR Hyperscaler B n=141 institutions 9,870 links MONITOR Foundation Model B n=69 institutions 2,346 links BELOW THRESHOLD Enterprise Vendor A n=53 institutions 1,378 links BELOW THRESHOLD Each link is a regulated institution that fails or recovers with the vendor. MAR®500.com

Each bar shows the count of pairwise institutional links generated by shared dependency on the named vendor group across the v13.1.0 sealed substrate. The dashed vertical line represents an illustrative designation threshold; the actual ESA designation criteria are multi-factor and set out in Commission Delegated Regulation under DORA Article 31. The status pills indicate where the substrate evidence places the vendor group: designation candidate, ongoing monitor, or below threshold. The metric is independent of agent count and measures the structural concentration risk that the bilateral framework of DORA Article 28 was not designed to address.

Source · Meridian substrate v13.1.0, May 2026 · Pairwise links computed as n(n-1)/2 over distinct institutions sharing each vendor Methodology · SSRN 6535599
543 institutions · 12 sectors · 95,876 agents · 636,854 governance edges · substrate v13.1.0
Methodology grounded in Systemic Governance Risk in AI Agent Networks, SSRN Working Paper 6535599. Substrate methodology in The Stationary Sea (Part 1) on Zenodo.