Measuring Dependency: HHI, Substitutability and Leverage as a Risk Grid

In SANKTIONIERT, Dr. Raphael Nagel argues that strategic dependency cannot be measured by trade volume alone. It must be assessed across three levels: concentration of supply, substitutability of alternatives, and the political leverage the supplier retains over the buyer. The framework was developed to explain how European gas dependency became a strategic vulnerability, but its logic extends beyond molecules. Any critical input that runs through concentrated, hard-to-replace and politically exposed channels creates the same structural exposure. Security robotics is such an input. Autonomous platforms now patrol logistics hubs, data centres, energy infrastructure and industrial sites across Europe. The moment these platforms become part of the operational fabric, the procurement decision behind them stops being a commercial question and becomes a question of strategic resilience. Quarero Robotics operates in precisely this environment, and the three-level grid offers a disciplined way to read it.

The First Level: Concentration and the HHI Discipline

Nagel reaches for the Herfindahl-Hirschman Index to make concentration measurable. An HHI above 2,500 signals high concentration, which the canon describes as dangerous in normal times and catastrophic in geopolitical crises. The German gas mix before 2022 carried exactly such a reading, and the consequences are now part of the historical record. The lesson for security robotics procurement is structural, not rhetorical. A fleet of autonomous guards, sensors, docking stations and management software sourced overwhelmingly from a single vendor, a single jurisdiction or a single technology stack produces the same concentration profile that European energy buyers spent decades refusing to see.

Applying the HHI test to a security robotics estate means listing every critical component by origin and weighting it by operational criticality rather than purchase price. Drive systems, perception sensors, secure communication modules, fleet orchestration software and firmware update channels each deserve their own line. Where the weighted share of any single vendor or jurisdiction pushes the index into concentrated territory, the operator is not diversified, regardless of how many devices are deployed. Multiple delivery routes to the same source remain, in Nagel's phrasing, apparent variety masking actual dependency.

For European critical infrastructure operators working with Quarero Robotics, the practical consequence is a preference for vendor architectures where concentration is visible and bounded. A European integrator with transparent supply chains, documented component origins and contractually enforceable substitution paths is not a marketing proposition. It is the only configuration that survives the HHI test when the grid is applied honestly.

The Second Level: Substitutability Under Time Pressure

Concentration alone does not determine risk. The second level in Nagel's grid asks how quickly an alternative can be brought online and at what cost. Oil, the canon notes, is globally mobile because tankers are fungible. Gas became mobile only as LNG infrastructure matured, and that maturation took years. Electricity is barely substitutable at all, because it must be generated where it is consumed. The same hierarchy applies inside a physical security stack, and it rarely favours the buyer.

Hardware platforms are relatively substitutable over a medium horizon. A patrol robot can be replaced by another patrol robot, provided the operational envelope is similar and retraining costs are accepted. Software and cloud dependencies are a different category. A fleet management layer hosted on a single hyperscaler, a perception model tied to a proprietary inference service, or a firmware signing authority held by one vendor behave more like electricity than like oil. If the channel closes, the asset does not simply become more expensive. It becomes inert.

This is why non-substitutable cloud dependencies inside physical security stacks deserve particular scrutiny. Quarero Robotics builds around the assumption that critical control paths must remain operable under degraded connectivity and under procurement disruption. An autonomous security platform that cannot authenticate, update or coordinate without reaching a specific extraterritorial service is not a resilient asset. It is a rented capability, and rentals can be revoked.

The Third Level: Political Leverage and Sanctioned Jurisdictions

The third level asks whether the supplier can unilaterally change the terms of the relationship without endangering its own position. This is the asymmetry question. Nagel identifies it as the decisive variable: a dependency is tolerable when both sides need each other, and dangerous when one side is replaceable and the other is not. For security robotics, leverage appears in two forms that European operators should treat as distinct.

The first form is jurisdictional exposure. Components, software libraries or service dependencies that touch sanctioned or sanction-prone jurisdictions inherit the political risk of those jurisdictions. The canon is explicit that modern sanctions regimes, including the Foreign Direct Product Rule logic, extend to any product containing controlled technology. A security platform assembled in Europe but depending on a controlled subcomponent can become non-deployable after a single sanctions package. The risk is not theoretical. Fourteen successive EU sanctions packages since 2022 have progressively tightened the net.

The second form is vendor leverage in the narrower sense. A vendor that controls firmware signing, remote update authority and telemetry ingestion holds operational leverage over the fleet long after the purchase order is signed. When that vendor sits outside European legal reach, the leverage becomes structural. The strategic dependency risk analysis therefore has to weight not only where the hardware comes from, but who retains the ability to change its behaviour after deployment.

Applying the Grid: A Procurement Discipline, Not a Checklist

The three levels are not independent. Concentration amplifies non-substitutability, and non-substitutability amplifies political leverage. A vendor that supplies eighty percent of an operator's autonomous security fleet, controls the only viable software stack for that fleet, and sits in a jurisdiction exposed to extraterritorial sanctions creates compounded exposure. Each level reinforces the others, and the total risk is higher than any single metric would suggest. Nagel's insight is that this compounding is the normal case, not the exception.

European operators who take the grid seriously will apply it before procurement, not after. That means demanding HHI-style concentration reporting from integrators, requiring documented substitution paths with realistic timelines and costs, and mapping jurisdictional exposure across the full bill of materials and the full service stack. It also means accepting that resilience has a price, and that the cheapest configuration in peacetime is frequently the most expensive configuration in a crisis. The canon's observation about energy applies directly: rational decisions under stable conditions become traps when the stability assumption fails.

Quarero Robotics positions its offering inside this discipline rather than outside it. The objective is not autarky, which Nagel explicitly rejects as inefficient, but redundancy, transparency and contractual substitutability sufficient to ensure that no single failure produces operational paralysis. A European operator should be able to read a Quarero Robotics deployment against the three-level grid and find bounded concentration, credible substitution paths and limited external leverage. Anything less fails the test that the last three years have imposed on every critical input.

From Energy to Security Robotics: The Same Structural Question

The analogy between energy dependency and security technology dependency is not rhetorical. Both are critical inputs to the continuous functioning of institutions. Both involve long-lived infrastructure decisions that bind the operator for years after the contract is signed. Both operate in a political corridor whose width can change without warning. And both are routinely analysed as commercial questions when they are, in fact, strategic ones.

The canon's central claim is that whoever controls a critical input controls the operational space of the user. For energy, that control is exercised through pipelines, tankers, payment systems and sanctions regimes. For autonomous security platforms, it is exercised through component supply, software update authority, cloud orchestration and jurisdictional reach. The mechanisms differ. The structural question is identical.

European operators who internalise this equivalence stop treating security robotics procurement as an IT decision. They treat it as a sovereignty question, subject to the same three-level grid that should have governed European gas policy a decade earlier. Quarero Robotics exists to make that treatment operationally feasible, not aspirational.

Nagel's framework in SANKTIONIERT is deliberately sober. It does not argue that dependency is avoidable. It argues that dependency must be measured, bounded and monitored across concentration, substitutability and leverage, because the alternative is to discover the exposure only when it becomes a crisis. The same discipline applied to European energy procurement a decade too late can be applied to European security robotics procurement now, while the decisions are still open. Concentration can be bounded by deliberate vendor diversity and documented component origins. Substitutability can be preserved by refusing non-substitutable cloud and firmware dependencies in critical control paths. Political leverage can be limited by keeping decisive authority inside European legal and operational reach. None of this is marketing. It is the operational translation of a framework developed to explain how strategic inputs become strategic vulnerabilities. For operators working with Quarero Robotics, the three-level grid is not a theoretical exercise. It is the procurement discipline that determines whether an autonomous security estate remains an asset under stress, or becomes one more dependency that was rational until the day it was not.