UNIT.City — місце, де люди працюють... КРАЩЕ! Обирай свій простір просто зараз 👉
Ігор Вишневський That's Life
16 June 2025, 09:00
2025-06-16
“We talk about hackers, cybersecurity, Russian groups, but our state IT systems depend on the mood of one person.” Why vendor lock-in not only kills competition in govtech, but is also a serious threat
What negatives monopolization of any sphere brings — it is unnecessary to explain, it is obvious even to people without a specialized economic education. Of course, many nuances depend on the specific domain, but basically — the risks are the same.
After talking to a number of experts and participants in the Ukrainian govtech market — both publicly and off rec — the dev.ua journalist heard a number of stories about how Ukrainian state bodies found themselves in a monopoly dependence on those companies that supply them with software, as well as develop and maintain specialized IT systems.
What negatives monopolization of any sphere brings — it is unnecessary to explain, it is obvious even to people without a specialized economic education. Of course, many nuances depend on the specific domain, but basically — the risks are the same.
After talking to a number of experts and participants in the Ukrainian govtech market — both publicly and off rec — the dev.ua journalist heard a number of stories about how Ukrainian state bodies found themselves in a monopoly dependence on those companies that supply them with software, as well as develop and maintain specialized IT systems.
What is this dependence formed on? We can easily choose another product, for example, food or clothing. It is a little more complicated, but we can change the Internet provider or even the company that provides utilities. But who can replace the IT system of a state body, through which, conditionally, pensions and insurance payments, subsidies and benefits are calculated, and internal document flow is also ensured? There is simply no ready-made alternative! Even if you, as the head of a state body, are not satisfied with the quality of its work, cost or functionality, building everything «from scratch» is too expensive and takes a lot of time. And also, how to prove the political necessity of this step? After all, everything works anyway, and «from above» simply will not understand this.
«From the point of view of the head of a state body, solving this problem is expensive, difficult, risky, and no one will ever praise it,» says Maksym Nefyodov, co-founder of the NGO «Technologies of Progress» and ideologist of the Prozorro system, in a comment to our publication.
But such state IT systems are not just «suitcases without handles». Sometimes you don’t even have a key to these suitcases, that’s the real problem! Sometimes in the govtech sphere, a situation arises when a state body doesn’t even own the rights to its own IT system, they haven’t been given the code and all the necessary documentation for it — all this is in the hands of a private vendor. Whether you like it or not, you have to reckon with it, and it — one way or another — influences the policy of this state body in the digital sphere. You can’t «just leave» or involve someone else in the work. It’s a kind of codependency, like in an abusive relationship. This is precisely the root of the supplier monopoly, or vendor lock-in. And these roots, as experts say, have grown deep in state IT since the turbulent 90s.
The root of evil. How experts and market participants explain the problem
Kateryna Stavniychuk, CEO of the GovTech Alliance of Ukraine, in a comment to dev.ua claims that there are examples when a state body cannot change the vendor because it does not have access to the architecture or infrastructure «that was developed a decade ago,» or does not have the resources to take over and maintain the IT system on its own. Accordingly, according to her, the state body cannot properly ensure its transfer to another supplier without loss of functionality, which can be critical even for a short period of time.
«Such cases are difficult to identify publicly, but everyone in the market understands that this is a systemic problem,» she says.
Kateryna Stavniychuk, CEO of the GovTech Alliance of Ukraine. Photo from the Kitsoft website
The consequences of such a situation, as Kateryna Stavniychuk sees it, are not only the restriction of competition, but also the risk of losing control over critical state IT systems or registers. «And this is not always malicious intent, but the result of absent or weak technical support (requirements for the transfer of source code or intellectual property rights are not specified, the mandatory nature of accompanying documentation is not recorded, requirements for API openness, integration standards, etc. are not defined) or unprofessional support from the customer,» explains the head of the GovTech Alliance.
BRDO Executive Director Oleksiy Dorohan, in turn, claims that the older the IT system of a particular government agency, the greater the likelihood of finding vendor lock-in there.
«In the 90s, this is how business was done in state IT. The company’s goals arose due to the fact that the head of the state body had a relative who „knew computers“. It was this relative’s company that won tenders for procurement in the same state body where the official worked. This company built the system, and then no one really understood it except itself,» explains the executive director of BRDO.
According to Dorohan, such a system is usually built on outdated tools, and if the new head of a state agency wants to «throw it away» and make a new one instead, it turns out to be too expensive a decision that no one dares to make. «As a result, the old IT contractor remains, and the old system too. A certain combination of circumstances is needed for a state agency to move away from the vendor-lock in practice,» the expert says.
According to Maksym Nefyodov, co-founder of the NGO «Technologies of Progress» and ideologist of the Prozorro system, the problem of vendor lock-in is absolutely critical for many state bodies. According to him, sometimes the situation even becomes a threat to national security.
«There is no possibility — neither operational nor technical — to change this contractor, and it comes to a situation where this contractor, implementer, developer de facto has complete control over where the IT function of a particular state body will develop,» says Nefyodov.
According to him, one of the primary sources of the problem is the critical underfunding of state bodies, and, as a result, the inability to attract high-quality and motivated IT personnel to the staff. «State bodies have no ability to be a customer in IT in the normal sense of the word. They cannot develop software themselves, they cannot describe their business processes qualitatively, they do not have knowledge of technologies or their choice, and even more so, they do not have the budgets and negotiating position that would allow them to form some kind of normal open development market,» the expert explains.
Therefore, in this situation, according to Nefedov, the state body holds a tender, and the third-party developer «occupies a kind of quasi-position». The latter de facto not only develops the software itself, but also performs the functions of business analysis, and in certain cases directly credits the state body, «agreeing to do some part of the work pro bono». In conditions where payments from the state are irregular, but the developer, understanding the dependence of the state body, is ready to wait for money from the budget, this unhealthy situation arises.
Nefyodov also adds that state IT can only work according to the waterfall principle, and cannot work according to agile, because it depends on lengthy bureaucratic procedures.
Co-founder of the NGO «Technologies of Progress» and ideologist of the Prozorro system Maksym Nefyodov. Photo from his Facebook
«In the best cases, this leads to a somewhat strange symbiosis, in the worst cases, to the de facto privatization of IT solutions. De jure they may belong to the state, but de facto the state does not understand what is happening there at all. Sometimes it does not even have the administrative powers in the literal sense to administer anything there,» states Maksym Nefyodov. According to him, almost every state body has a contractor who, as a rule, no one has ever heard of in the private market.
In his opinion, the problem will remain as long as an IT specialist in state bodies receives 12,000 UAH, and they will be expected not only to have the knowledge of a system architect, but also the skills of a technical writer who will write the technical specifications, as well as a person who systematically understands the IT market.
Who is to blame and what to do?
The answer to the first of these fundamental questions has already been partially given by experts — it is both the underfunding and insolvency of state IT, as Maksym Nefyodov noted above, and the corruption component and family business ties.
«Another reason is corruption. In the Ukrainian practice of state IT construction, there is a long tradition of working according to the vendor lock-in model. This creates conditions for abuse, as evidenced by numerous, although not always completed, criminal cases. One of the typical problems is that the property rights to the software do not belong to the state, but to the developer. In such a situation, the developer company can freely set arbitrary, often inflated prices for its software. This model was widespread in the 1990s and 2000s,» says BRDO Executive Director Oleksiy Dorohan.
Oleksiy Dorohan, executive director of BRDO. Photo — kmbs.ua
Currently, the expert claims, the situation is changing for the better, in particular thanks to the efforts of the Ministry of Digital Affairs and the work of CDTO Campus. Nevertheless, so far, «the government’s capacity is not ideal.»
Some of the govtech market participants themselves agree with this opinion.
Thus, Kitsoft CEO Oleksandr Yefremov notes that in order to prevent vendor lock-in, the code and documentation for the system should be transferred to state structures, and internal competence should be formed.
«Then this problem can be avoided. We always do this, transfer the code, train the customer’s specialists, as well as other IT companies,» he explained in a short comment for dev.ua.
According to Prozori Solutions CEO Oleksiy Radchenko, the prerequisite for protection against vendor lock-in is the use of standard and widespread technologies and writing solutions according to industry practices. If the solution is implemented in a popular programming language, then replacing a specific developer or contractor company, as Radchenko claims, will only require onboarding into the subject area.
Oleksiy Radchenko, CEO of Prozori Solutions. Photo from his LinkedIn
If we talk about some kind of rotation of contractors in tenders, then, according to Oleksiy Radchenko, this is a complex issue that does not have a legislative format for resolution.
«How to force contractor rotations is an interesting question. Forbidding past contractors from participating in subsequent tenders is uncompetitive,» states the CEO of Prozori Solutions.
As for the legal component, there are already certain developments — in particular, market participants note the Resolution of the Cabinet of Ministers of Ukraine No. 205 of February 21, 2025 «Some Issues of Creation, Administration and Ensuring the Functioning of an Information Means».
«The Ministry of Digital Affairs is taking care of all these problems, as evidenced by Resolution 205 — it expands and regulates the requirements for standards and documentation. The Ministry of Digital Affairs’ strategy for technology standardization is similar — Diia.Engine aims to generalize approaches and standard solutions,» says Oleksiy Radchenko.
The CEO of Prozori Solutions claims that there is still a significant part of large projects and registries in which contractors do not change, but this does not always create a problem. «Sometimes the contractor uses his unique position and for years (or decades) does not switch to more modern solutions and technologies, sets inflated prices… On the other hand, there are other stories when contractors do not change, but do their work qualitatively and at commercial rates. The reason for their irreplaceability is that the civil servants responsible for the system see additional risks in replacing the contractor. These risks are such that the new contractor needs to be onboarded both into the technical solution and into specific processes that are being digitized, and this requires additional time and money,» he comments.
The vendor lock-in problem can be solved by establishing requirements for the transfer of all development results to the state (code, documentation, rights), the use of open interfaces that ensure interoperability, standardization of technical and legal documentation, and no less importantly, by increasing the technical capacity of customers, says Kateryna Stavniychuk. According to her, the GovTech Alliance of Ukraine supports this approach, and its representatives are already cooperating on its implementation.
«Currently, representatives of GTA UA member companies are part of the working groups of the Center for Digital Competencies, within which amendments to the NPA regulating the digital economy are being developed,» says Stavniychuk. In this context, she mentioned the same CMU resolution No. 205, which is already in effect, as well as the relevant work with CDTO Campus on training digitalization managers for the state.
What about specific cases? Vendor lock-in with a rich history or the biased opinion of envious colleagues?
When we spoke with some market participants off-record, they named several companies in Ukrainian govtech that can be attributed to vendor lock-in. Such signs can include quite indirect ones — for example, a very long period of cooperation, 15-20 years with one contractor. However, someone will say — this is because he does his job qualitatively and there is no reason to change him. Failure to transfer copyright, code and documentation to a state body, as well as procurement through a direct procedure, when other participants do not even participate in the tender — this is already «closer to the body» to justify the presence of vendor lock-in. Especially if we are also talking about related persons and family business ties in a state body and a private company. There are also special tricks on the part of an unscrupulous vendor to minimize the possibility of cooperation with other companies. But still, we must admit: stating vendor lock-in as a proven fact is quite difficult.
As for such tricks, by the way, some participants in the govtech market told dev.ua about the standard scheme for vendor lock-in — when a particular solution is developed on an extremely rare technology — such as Elixir. Less than 1% of developers on the Ukrainian market use it, so even if you really want to — it will be physically difficult to find another vendor.
Meanwhile, according to market participants, it was on Elixir that the Electronic Health System (EHS) was developed. Our interlocutors say that Edenlab participated in the development of the latter, as well as in a number of other large projects in the healthcare domain. There is something to think about…
Also in the context of vendor lock-in, our publication’s interlocutors mentioned the company IQusion. For example, many years ago, the media reported that the copyrights to the developed information and analytical systems for the Social Insurance Fund for Temporary Disability and the State Employment Service of the Ministry of Social Policy were never transferred to state bodies, and the state paid 50 million UAH in royalties and other payments to the companies «IQusion» and «BMS Consulting» every year as payment for software modernization.
However, the most non-public mentions from our interlocutors were about the company that has long and closely cooperated with the Pension Fund of Ukraine — «Medyrent». At the same time, right now this company is also implementing the Unified Information System of the Social Sphere (UISS) for the Ministry of Social Policy. By the way, the latter for some reason ignored dev.ua’s request on this issue.
Over the long period of cooperation with the Pension Fund, the IT companies Medirent and Medirent Solutions have received a huge number of orders from the state institution, the total amount of which exceeded UAH 1.5 billion. At least, such data can be seen by summing up the contracts in the Prozorro system. In 2024 alone, Medirent Solutions earned approximately UAH 187 million on state orders, and the absolute majority of purchases were from the Pension Fund and its regional PFU departments.
Archive photo from the Facebook page of the company «Medyrent». «We are proud that for 26 years we have been walking side by side, helping to develop digital solutions,» — at the end of 2024, the company «Medyrent» congratulated the Pension Fund on its 34th anniversary, publishing an archive photo from the presentation of «the first steps in developing the Pension Fund’s electronic services web portal.»
According to the PFU’s response to dev.ua’s request, most orders are related to the integrated comprehensive information system of the Pension Fund (or IKIS PFU), which has been implemented since 2002. As of now, this system provides automation of the processes of accumulation and expenditure of pension funds, including their personalized accounting, assignment, recalculation and payment of pensions, as well as insurance payments, housing subsidies and benefits for payment of complex services. Its functionality also includes maintaining the register of insured persons of the State Register of Compulsory State Social Insurance and other processes related to serving visitors, informing citizens, document flow, personnel management, etc. According to the PFU’s response to our request, it was the IKIS system that was finalized by the contractor in 2022-2024, in fact every time — as certain legislative updates arose that directly affected the calculations of pensions or other payments.
This is a truly large-scale and critically important functionality within the state. Therefore, some of our interlocutors on the govtech market sounded the alarm, noting that «Medyrent» may also own the copyrights to the above-mentioned system. At least, judging by the information on the subject of the procurement for support, maintenance and modernization of the PFU IKIS subsystems on the same Prozorro dated 31.12.2020, this was indicated «in black and white.» «The intellectual property rights to the computer program „Integrated Comprehensive Information System of the Pension Fund of Ukraine ‚ICIS PFU‘, version 2“ (hereinafter referred to as the „Work“), confirmed by the Certificate of Registration of Copyright to the Work No. 30820 dated October 30, 2009, belong jointly to the Pension Fund of Ukraine and the Limited Liability Company „Scientific and Production Enterprise ‚Medyrent‘“ (hereinafter referred to as LLC SPE „Medyrent“) (decision of the State Intellectual Property Service on registration of the agreement concerning the right to the work No. 1672 dated November 11, 2011.)», — stated in the justification for conducting non-competitive procurement on the Prozorro website.
Frequent receipt of orders through a simplified procedure is another standard «benefit» of vendor lock-in for a private company, because it immediately justifies why no one but it can receive this order.
It is especially interesting that the fact that this company received the «contract» is justified, in fact, by the fact that it owns the copyright to the IT system, and no other company is simply capable of taking on these functions. Our publication’s interlocutors say that after the start of the full-scale tender, another «modification» of the tender appeared, which gives preferences to such companies — this is «open tenders with features.»
We asked whether the copyrights to the IKIS system belong to both the Pension Fund and the Medirent company itself — both assured that as of now the rights belong to the Pension Fund.
Medirent confirmed that until 2022, part of these rights belonged to them, «however, later all rights were transferred to the Pension Fund in accordance with the terms of the current agreements.»
The company also emphasized that even during the period when part of the rights belonged to them, Medirent did not have the right to unilaterally dispose of the system without the consent of the PFU. One way or another, the fact remains that these rights remained with a private company for a very long period of time, and why this transfer took place only recently is an open question.
«The Pension Fund of Ukraine is provided with a full set of technical documentation, including the software source code. Thus, the customer has every opportunity to independently or with the involvement of third parties to change, modify, or use the system according to their own needs — without any restrictions,» Medirent noted in response to our request.
In addition to servicing the IKIS system, Medirent and Medirent Solutions provide a number of other services to the Pension Fund and its regional departments. For example, according to the responses of the regional departments of the Pension Fund, which literally flooded the author’s email, almost every one of them has a contract with Medirent Solutions for technical support services for ChekPoint firewalls, and some of them have made purchases with the subject «Protected Media Token». The amounts of purchases in the responses of the regional departments vary, but most of them paid Medirent Solutions at least UAH 100,000–200,000.
However, our sources did not only focus on this aspect of vendor lock-in. The fact is also that the private company Medirent has historically had very close ties with the state Pension Fund. So close that, according to the publication «Our Money», the ex-director of Medirent, Yuriy Bonislavsky, headed the State Enterprise «Information Center for Personalized Accounting of the Pension Fund of Ukraine» in 2001-2008. That is, this is the same enterprise that actually worked with the Pension Fund’s software, which is developed and provided by Medirent. Moreover, in the early 2000s, Yuriy Bonislavsky’s father, Anatoly, held the position of Deputy Chairman of the Pension Fund’s Board. In 2011, he also became Deputy Director of the aforementioned State Enterprise «Information Center for Personalized Accounting of the Pension Fund of Ukraine.» According to our interlocutors, the official ties between PFU and Medirent are much deeper, and positions in the company were held by a number of former PFU employees. Interestingly, even Olesya Ivanchenko, who is listed as a communications manager on the official website of Medirent, was previously the head of the organizational and information work department of the Pension Fund of Ukraine in the Mykolaiv region.
During its activity, Medirent has also been in the spotlight in a number of dubious stories. Back in 2020, Dzerkalo Tyzhnia wrote about the E-Social system, which was never put into operation, but for which tens of millions of dollars were allocated from the World Bank’s loan funds. And although the question here should rather be raised with the state authorities themselves, it is still impossible to do without a negative reputational trace for Medirent. Moreover, the media later reported on criminal proceedings in this regard.
The same applies to the «Unified Database of Evaluation Reports» of the State Property Fund, which Bihus.info wrote about, embezzlement by officials of «Ukrtransgaz» during the purchase of the software package «Information Platform of the Operator of the Gas Transportation System and Underground Gas Storage Facilities», and other stories that became the property of the media.
It is worth noting that Medirent did not shy away from comments regarding the ambiguous assessments of its activities in the govtech market. In response to a request from dev.ua, Medirent reported that statements about the alleged creation of vendor lock-in in their cooperation with government customers are unfounded and have no factual basis.
«Such assessments are superficial and look like an attempt to form a biased opinion about an individual market participant. Therefore, we are surprised by the selective focus of individual discussions exclusively on our company — without analyzing other market participants who also implement state IT solutions. This approach distorts the overall picture of the development of Ukrainian GovTech and does not contribute to an honest professional discussion,» the company noted.
«The teams of Medirent and the State Enterprise „IC of the Ministry of Social Policy of Ukraine“ have joined their efforts to make the Unified Information System of the Social Sphere (UISS) even better!», — the post of the company «Medirent» on Facebook states
As we indicated above, Medirent also assured about the transfer of rights to the IKIS system to PFU, and noted that the owner of the EISSS and all its subsystems and exclusive intellectual property rights to its software is the state represented by the system holder — the Ministry of Social Policy of Ukraine.
Is there light at the end of the tunnel?
Co-founder of the NGO «Technologies of Progress», Maksym Nefyodov, in a conversation with dev.ua, once again emphasizes: the problem of vendor lock-in in state IT is critical, because it concerns systems that, in fact, serve not only and not so much state bodies, but millions of citizens.
«We talk about hackers, about cybersecurity, about some Russian groups, and so on. And we have state systems that, in the literal sense of the word, depend on the mood and health of a particular person,» he claims.
But have changes been felt in the govtech market over the past 5-10 years? Most of the experts we interviewed say yes, although there are still more than enough «Augean stables» in government agencies.
Some vendors, according to BRDO Executive Director Oleksiy Dorohan, also do not want to be associated with «old IT», so they are taking the initiative into their own hands.
«Some new generation companies offering platform solutions provide their platforms for life and provide updates for free. In addition, they are trying to build an ecosystem, a network of partners of development companies that can compete with each other. This approach is an attempt to avoid the negative consequences of vendor lock-in even in cases where the customer’s system is built on a platform owned by the contractor,» says Dorohan.
At the same time, according to him, the labels «old company» or «new generation company» are a significant simplification, because the key thing is not the age of the organization, but the decisions of the people who work there.
«There are old companies that employ people with values who are aware of their role and work in the interests of the country. I am sure that there are also new companies that seek to gain a monopoly position and make the customer dependent on them for decades to come,» the expert says.
The vision of colleagues and CEO of Prozori Solutions Oleksiy Radchenko shares. According to his estimates, the situation is still changing for the better. «A large number of young companies and entrepreneurs have appeared who treat the implementation of projects for the state simply as a business, and not as a source of corrupt profits. My motivation is to provide the state with high-quality service on general terms and market prices, so that our experience works not only for foreign commercial clients, but also in Ukraine,» he says.
The government supported a resolution on regulating cloud services, which allows state registers to be left in data centers abroad after the end of the war
