A provider’s failure — bankruptcy, liquidation, voluntary cessation of activity, hostile takeover by a non-EU entity that dismantles the offer, unilateral decision to close the European service — is not a theoretical scenario. Aleph Alpha, sold to Cohere in April 2026; Silo AI, acquired by AMD for $665M in August 2024; MariaDB, taken over by K1 Investment in September 2024; MinIO, dismantled in four methodical stages over eighteen months between May 2025 and April 2026. At each event, European customers discover that their provider changes its reference jurisdiction or vanishes without any contractual protection on offer.
Continuity on failure is the set of arrangements that turn this vulnerability into a managed risk. It is distinct from reversibility: reversibility is the capacity to leave while the provider is still functioning; continuity is the capacity to keep going when the provider no longer functions.
Three mechanisms build its backbone.
First, software escrow held by a European trusted third party, or its alternative — a public release commitment to publish the source code under a free licence in named triggering circumstances. The source code stays usable, independent of the survival of the commercial entity (see commitment pub-005). This arrangement is, for proprietary publishers, the contractual equivalent of what open source offers structurally.
Next, the operational continuity arrangement: organised transfer of the customer relationship to an identified successor, sector guarantee fund mutualised between publishers in a single sector, mutual takeover agreement among competing peers. The publisher does not merely promise an export — it prepares a continuous operating trajectory (see commitment pub-011). The banking and insurance sectors have battle-tested these mechanisms; the software ecosystem is starting to formalise them.
Finally, for customers whose contract justifies it — sensitive public bodies, critical infrastructure, strong sovereign requirements — a source code audit right under a non-disclosure agreement (see commitment pub-013) opens the possibility of verification by independent eyes. It is not publication, it is assurance.
These arrangements presuppose time. Without a minimum contractual notice period before any support termination, unilateral flip, or substantial modification (see commitment pub-010), none of these mechanisms can be activated under reasonable conditions. The notice period is the temporal envelope common to every other arrangement.
This page is the contractual face of thesis 13 of the manifesto: “technological sovereignty is the condition under which an organisation can continue to operate its data and conduct its operations, whatever happens. It is a right, not a comfort.” Domain 5 of the Sovereignty Profile is the declarative instrument where each of these mechanisms becomes readable and verifiable.
For the real-world cases that motivate these commitments, see the annexes Family 1 — Licence flips and Family 3 — Distribution chains.