From Outrage to Architecture: Redesigning IT Services Strategy After the $100,000 H-1B Shock

Reading Time: 15 minutes

Prefer watching instead of reading? Watch the video here. Prefer reading instead? Scroll down for the full text. Prefer listening instead? Scroll up for the audio player.

P.S. The video and audio are in sync, so you can switch between them or control playback as needed. Enjoy Greyhound Standpoint insights in the format that suits you best. Join the conversation on social media using #GreyhoundStandpoint.

---

On September 19, 2025, President Trump signed the proclamation Restriction on Entry of Certain Nonimmigrant Workers. Its centerpiece: a US $100,000 surcharge on every H-1B sponsorship. The White House packaged it as a patriotic filter, telling companies they must “pay if they truly need the talent” with revenues earmarked for debt reduction and domestic training.

The administration later clarified that the surcharge is a one-time payment, not a recurring annual fee. That does not blunt the impact. Even once, it is money directly out of pocket for every employer. More importantly, it is a directional signal. This administration has been targeting the H-1B programme since its previous term, and this move underlines a broader intent. Models built on visa dependency are vulnerable and must be re-architected.

Greyhound Research’s first dossier, “Trump’s $100,000 Fee for H-1B: A Tariff on Talent,” called this what it is: a tariff on talent. It equates genius with balance sheets, forces enterprises to ration critical talent, and threatens America’s reputation as the gravitational center of innovation. That dossier unpacked three themes in detail:

• Immediate enterprise disruption. CIOs already ranked immigration volatility as a top risk; this proclamation turned anxiety into hard costs. Within hours, Microsoft, JPMorgan, and others urged H-1B employees to stay in the U.S. or rush back before the deadline.
• Contradictions in policy. While taxing scientists and engineers, Washington simultaneously opened investor “Gold” and “Platinum” visas, fast-tracking residency for those with $1–5 million to spare. Money gets welcomed; skills get taxed.
• Global ripple effects. Universities, hospitals, IT services, and Big Tech voiced alarm. Stocks of visa-dependent providers fell. Competitor nations from Canada to Singapore seized the opportunity with open-door talent programs.

That was the first dossier: the storm warning, the outrage, and the diagnosis of a policy shock that instantly converted visa risk into a board-level liability.

This second dossier is deliberately different. It assumes the context is clear. Its purpose is practical: to set out what IT services providers must do on priority, how enterprises should prepare, what both sides must continue without pause, and where the dialogue must pivot if resilience is to be built before the next policy turn.

Greyhound Standpoint. Context matters, but action matters more. If Part One exposed the storm, this dossier is the operator’s manual.

Why IT Services Must Act Now

The $100,000 H-1B surcharge is not just a tax; it is a stress test of the IT services industry’s operating model. For decades, that model has leaned on the ability to rotate engineers into U.S. client sites, build trust shoulder-to-shoulder, and then scale delivery from offshore campuses. The fee strikes at the heart of this playbook by turning every visa into a six-figure liability that few clients are willing to underwrite and even fewer providers can absorb quietly.

In our first dossier, we explained how the immediate tremors rippled across enterprises and stock markets. But for IT services, the issue is not just day-one disruption; it is the structural sustainability of a business model built on mobility. Many Tier-1 firms have already diversified—setting up nearshore hubs in Canada and Eastern Europe, investing in U.S. locals, and layering automation to raise throughput. Yet for the industry at large, reliance on H-1B pipelines remains high enough that this proclamation cannot be shrugged off as “business as usual.”

Why the urgency? Because clients will not wait. They have already begun asking harder questions: How many of your delivery leads are visa-dependent? What percentage of my program will be staffed onshore without risk of sudden cost hikes? How resilient is your hub strategy if Washington tightens the screws further? In a climate where CIOs rank immigration volatility alongside cyber and supply chain risk, providers who cannot answer these questions with evidence risk being written out of renewal conversations.

The truth is blunt: the surcharge has shifted visa exposure from an HR compliance metric to a board-level resilience test. Providers who hesitate will find themselves competing not just against rival Indian peers but against global alternatives in Canada, Poland, Mexico, and the Philippines—markets that clients increasingly view as less politically volatile.

Greyhound Standpoint. The surcharge is the loudest signal yet that the IT services industry must complete a transition already underway: from dependency on a visa-fed onsite pyramid to a distributed, resilient, automation-rich delivery network. Delay is not strategy. The firms that move first to prove resilience will set the new standard; those that stall will be redesigned by their clients.

IT Services Industry Playbook: Ten Things Providers Must Do As Priority

The surcharge has removed the luxury of incremental change. IT service providers must now demonstrate not just resilience but redesign. What once passed as hygiene—talking about “global delivery” or “flexible models”—must be re-architected into proof points clients can audit. The following ten imperatives mark the difference between firms that steady their client relationships and those that watch them unravel.

First, providers must publish the hub map. No more generic assurances about global footprints. Clients want to see the specific cities, capacities, and workloads each hub carries, from U.S. onshore centers to Canadian nearshore pods and deep offshore campuses in India and ASEAN. A map is not marketing; it is a confidence artifact.

Second, they must rebalance the talent pyramid. The model of sending in droves of junior engineers on H-1Bs is over. The new shape is clear: fewer onsite juniors, more experienced local anchors, and a deeper offshore core that drives throughput. Onsite presence must shift from bulk staffing to precision staffing.

Third, the industry must anchor governance with local leadership. Clients will no longer tolerate the risk that their account manager or delivery lead is one visa renewal away from disappearing. Senior local leaders must become the visible face of delivery and governance, backed by substitution plans that make continuity more than a promise.

Fourth, providers must automate relentlessly. Every onshore role has become too expensive to be used inefficiently. Testing, deployment, monitoring, and orchestration must be industrialized. Productivity per onsite engineer must rise, and it must be measured.

Which leads to the fifth imperative: make automation lift a KPI. It is no longer enough to talk about automation in pitch decks. Firms must report, quarter after quarter, how many hours, defects, or tickets automation has eliminated, and link those gains to fee-at-risk clauses. Clients will forgive higher rates if they see evidence of higher output.

Sixth, providers must diversify visa pathways. O-1s, TNs, E-3s, L-1s—none are perfect, but together they spread the risk. What matters is not exploiting loopholes but demonstrating foresight and compliance discipline. Clients want to know that critical roles are not one policy chokepoint away from collapse.

Seventh, providers must prove substitution speed. Just as companies drill for cybersecurity incidents, IT services firms must drill for talent replacement. Swap a visa-dependent engineer mid-sprint and prove that delivery timelines hold. Show the evidence in QBRs. Confidence comes from drills, not declarations.

Eighth, the industry must harden security for distributed work. If more work shifts offshore and remote, zero-trust controls cannot be optional. Code isolation, strict data perimeters, session monitoring, and red-team attestations must become standard. In the new model, resilience without security is fragility in disguise.

Ninth, providers must reprice with honesty. Visa shocks should not be buried in buffers. Introduce a transparent Visa Risk Adjustment line item in contracts, flexing up or down depending on exposure, and pair it with outcome-linked pricing. This moves the conversation from headcount to value.

Finally, providers must reset the client narrative. The old script—onsite presence builds trust—has expired. The new story is that distribution builds durability. Trust will come not from proximity but from proof: hub maps, automation trends, substitution drills, security attestations, and risk-sharing math.

Greyhound Standpoint. These ten imperatives are not nice-to-haves. They are the scaffolding of survival in an industry whose default model has been taxed into obsolescence. Providers who act visibly and decisively will reset the rules of client engagement. Those who don’t will find that clients have already rewritten the playbook without them.

Enterprise Playbook: Ten Things Enterprises Must Do to Prepare

If the surcharge has forced IT services providers to redesign their models, it has forced enterprises to confront their own blind spots. For too long, many CIOs, CFOs, and CHROs have treated visa strategy as a back-office function. That era is gone. With each H-1B sponsorship carrying a six-figure price tag, talent risk now sits squarely on the board agenda. The following ten actions define how enterprises can prepare—urgently and visibly.

First, enterprises must classify their roles. Not every hire warrants a $100,000 surcharge. Critical architects, AI researchers, and compliance-heavy roles may justify the spend; routine developers and testers will not. The taxonomy must be clear, written down, and used to triage every sponsorship decision.

Second, companies must budget with discipline. Visa costs can no longer be treated as incidental. CFOs should create explicit “talent tariff reserves” in program budgets and demand offsetting productivity gains from providers. Money saved offshore or through automation should be visible, not buried.

Third, contracts must be rewired for risk-sharing. Enterprises should insist on Visa Risk Adjustment clauses that flex pricing up or down based on actual visa exposure and outcome-linked fees that anchor spending to measurable delivery results. Rate cards should give way to resilience economics.

Fourth, enterprises must invest in location diversification. This means building or expanding global capability centers in India, Poland, Mexico, or the Philippines, and nearshore hubs in Canada or Eastern Europe. Concentration is fragility. Distribution is resilience.

Fifth, boards must demand governance dashboards. Talent resilience should be tracked alongside cyber risk and financial risk. Dashboards must show visa exposure, substitution speed, automation lift, and the percentage of work delivered from resilient hubs. Anything less is blindness.

Sixth, enterprises must test substitution drills. Don’t take a provider’s word for it—run an exercise where a visa-dependent engineer is replaced mid-project and measure the impact. If a provider cannot execute the drill, they cannot promise resilience.

Seventh, companies must harden compliance and security expectations. As more work shifts offshore or remote, enterprises must require zero-trust attestations, code isolation protocols, and red-team results in every major contract. Security is not a nice-to-have; it is the floor of resilience.

Eighth, enterprises must strengthen domestic talent pipelines. Visa restrictions cannot be solved only by global redistribution. Local apprenticeships, university partnerships, and re-skilling programs should be funded and tied directly to program needs. The next generation of U.S. technologists cannot be left to chance.

Ninth, enterprises must use alternative pathways wisely. O-1, TN, E-3, and L-1 visas, plus OPT programs, can all be harnessed to fill gaps, but they require legal rigor and governance. Immigration planning must become part of enterprise workforce planning, not a last-minute scramble.

Finally, enterprises must reset the conversation with providers. Stop asking how many onsite bodies are available. Start asking how resilient the delivery network is, how fast substitutions occur, how much automation is lifting throughput, and how risk is being shared contractually.

Greyhound Standpoint. For enterprises, the surcharge is not just a line item. It is a test of seriousness about talent resilience. Those who codify role taxonomies, wire budgets to outcomes, expand diversified hubs, and demand proof from providers will weather the storm. Those who continue to outsource responsibility for visa risk will discover too late that resilience cannot be bought off the shelf.

Joint Priorities: Ten Things Providers and Enterprises Must Continue Without Pause

The surcharge has forced providers and enterprises to redesign major parts of their operating models. But some practices must not be abandoned. They are not optional extras; they are the ballast that holds delivery chains steady when policy winds turn violent. These ten priorities deserve joint ownership and continuous investment.

First, both sides must protect co-funded talent pipelines. Apprenticeships, university partnerships, and returnship programs are no longer a nice-to-have for press releases. They are the only way to ensure a stream of local talent ready to step into roles once filled by visa holders. Cutting back now would be short-termism of the worst kind, leaving organizations more exposed just as the external environment grows harsher.

Second, there is a need to double down on domestic upskilling. Enterprises and providers alike must invest in reskilling their own workforces for cloud, AI, security, and data. Every engineer retrained internally is one less role forced into the bottleneck of visa dependency. This is not charity; it is hard-edged resilience planning that strengthens the local bench and wins regulatory goodwill.

Third, both sides must sustain automation backlogs with measurable lift. The discipline of continually identifying toil, removing manual effort, and reporting the hours saved cannot be dropped. In an era when every onshore role has become expensive, automation becomes the margin equalizer. What matters is not the promise but the proof—numbers that boards can recognize as productivity gains.

Fourth, that means treating automation lift as a joint KPI, not as a vendor talking point. Clients and providers should agree on how automation savings are measured and share accountability for the results. When both sides sign off on the metric and link a share of fees to it, automation ceases to be marketing and becomes governance.

Fifth, the partnership must institutionalize security drills for distributed work. With delivery spanning multiple jurisdictions, intellectual property and sensitive data are at greater risk. Only joint red-team exercises, breach simulations, and cross-border code isolation tests will turn reassurance into evidence. Boards do not want adjectives; they want attestations.

Sixth, continuity must be stress-tested, not assumed. Too many delivery contracts assume that if a visa-dependent engineer cannot travel, a replacement can be slotted in without disruption. The reality is usually slower and more painful. Enterprises and providers should rehearse substitutions in live environments, swapping critical roles mid-sprint to measure the impact. Only when substitution is practiced does resilience become credible.

Seventh, both sides should safeguard governed experimentation. The temptation in a crisis is to freeze pilots and protect core delivery. But the organizations that ring-fence experiments in AI-assisted delivery, automation, and governance tooling are the ones that will compound advantage. Protecting a small lane for innovation under constraint is what keeps capability pipelines alive.

Eighth, governance dashboards must expand and sharpen. Quarterly reviews cannot remain theater. They should expose visa exposure, automation lift, substitution drills, and security results with the same candor as an incident post-mortem. A dashboard that both sides sign off on becomes the shared truth against which resilience is judged.

Ninth, location strategy must be synchronized. Providers setting up hubs in Canada or Poland should align those expansions with clients’ GCC strategies, and enterprises opening centers in Mexico or India should coordinate with vendor presence there. Alignment reduces duplication and compounds resilience; misalignment wastes scarce investment.

Finally, both sides must maintain joint advocacy. Whether through industry associations or direct policy dialogue, enterprises and providers have a shared interest in making clear the risks of hollowing out innovation pipelines. Silence signals acceptance. Speaking together, they stand a chance of tempering the sharpest policy edges—or at the very least of shaping the exemptions that will matter most.

Greyhound Standpoint. These ten practices form the ballast of resilience. Talent pipelines, upskilling, automation, security, substitution, experimentation, governance, location strategy, and advocacy are not back-office hygiene; they are frontline disciplines. Neglect them, and the surcharge becomes a destabilizer. Defend them, and it becomes survivable.

Where the Dialogue Must Pivot: Ten Conversations That Can’t Wait

The surcharge has ended the era when outsourcing conversations could revolve around day rates, seat counts, and the comfort of seeing engineers on-site. If providers and enterprises keep speaking in that vocabulary, they will be negotiating with ghosts. The dialogue must shift—decisively—into ten new conversations that match today’s reality.

First, the emphasis must move from headcount to outcomes. The relevant questions are no longer about how many people show up but about what gets delivered. Deployment frequency, ticket deflection, and automated claims—these are the measures that matter.

Second, the dialogue must shift from rate cards to resilience economics. Boards will demand to see how contracts flex when visa exposure changes and how productivity gains offset higher costs. Hidden buffers will not pass muster.

Third, enterprises and providers must replace proximity with proof. Trust used to mean engineers down the hall; now it means dashboards that show visa exposure, automation lift, and substitution drills. Artifacts, not anecdotes, are what buy confidence.

Fourth, generic delivery models have to give way to tailored portfolios. Each enterprise carries its own regulatory obligations, risk appetite, and appetite for offshore. Providers that recycle a single “global delivery” story will sound tone-deaf; clients will expect a model that reflects their realities.

Fifth, the conversation must elevate talent provenance. Clients want to know exactly where skills are sourced, how secure those pipelines are, and what contingency exists if they fail. Providers must answer directly, with transparency and foresight, not platitudes.

Sixth, visa volatility must be folded into broader resilience planning. It is one thread in the same fabric that also includes cyber, energy, and supply chain risk. Treating it in isolation only underplays its significance.

Seventh, the conversation must shift from static contracts to living agreements. Renewals written once a year cannot capture the volatility of policy and delivery. Contracts must flex with exposure levels, automation gains, and location strategy.

Eighth, anecdote must give way to evidence. Providers can no longer lean on reassurance; they must bring substitution drill results, security attestations, and automation savings signed off by both sides.

Ninth, there must be a cultural shift from comfort to control. Comfort was seeing teams nearby. Control is knowing that governance and tooling will hold even if borders close. The dialogue must help clients accept this new form of assurance.

Finally, the conversation must extend from transactions to advocacy. Enterprises and providers face the same systemic risk. A joint stance in policy forums is not a luxury; it is enlightened self-interest. Staying silent risks being read as compliance.

Greyhound Standpoint. The surcharge has made the old script unusable. The new script must be about outcomes, resilience, provenance, and advocacy. Providers and enterprises who learn to speak this language first will own the narrative; the rest will be spoken for.

30/60/90/120: Turning Strategy Into Proof

A proclamation this disruptive cannot be met with vague assurances. Boards will not tolerate adjectives; they will expect artifacts. A four-stage cadence—30, 60, 90, and 120 days—forces both providers and enterprises to prove that resilience is not just discussed but lived. Each milestone is a checkpoint: visibility, governance, lift, and institutionalization.

Within 30 Days – Establish Visibility

• Providers must publish delivery hub maps that are more than marketing gloss. Each map should name locations, show headcounts, and outline the specializations anchored there. Without this transparency, “global delivery” is just a slogan.
• Providers should also present visa-exposure dashboards by client program, complete with trigger thresholds that force substitution when exposure crosses a line. A dashboard makes risk measurable; without one, it remains an opinion.
• Providers need to schedule substitution drills and assign accountable leads. A plan without ownership is not a plan.
• Enterprises must produce a role taxonomy that separates those positions worth the surcharge from those that must localize or offshore. This is how boards see discipline rather than panic.
• Enterprises should earmark “talent tariff reserves” in program budgets. Finance teams must signal early that they are preparing to absorb shocks.
• Jointly, both sides must bring these artifacts to the first board or steering review. The act of presentation itself is proof that visibility has been established.

By 60 Days – Embed in Contracts and Governance

• Providers should insert Visa Risk Adjustment clauses and outcome-linked pricing into at least one live renewal. It proves that risk is not buried in buffers but surfaced in contracts.
• Enterprises must table the first Talent Resilience Scorecard at the board. This should capture visa exposure, substitution readiness, and geographic diversification, placing talent risk alongside cyber and supply chain.
• Both sides must complete a cross-border security test—red-team a code repository, probe a data flow—and then review results together. Only evidence builds trust when delivery is distributed.
• Together, they must lock in the cadence for quarterly resilience reviews. Automation lift, substitution performance, and visa exposure—these need to be tracked like uptime and revenue.

By 90 Days – Demonstrate Lift and Continuity

• Providers should demonstrate double-digit automation gains on at least two active programs, signed off by clients. Talk of automation must be translated into charts that boards can read.
• Providers must also execute a live substitution drill, document recovery time, and present results in the QBR. If continuity has never been tested, it does not exist.
• Enterprises should move from intent to action by approving and launching at least one nearshore or offshore expansion. A footprint on paper is not a footprint.
• Jointly, both sides must refresh the automation backlog and ring-fence three experiments for the next quarter—be it AI-assisted delivery, governance tooling, or new security controls. The message to boards is simple: adaptation has not paused innovation.
• Together, they must present the outcomes of drills and automation to the board. Visibility without outcomes is hollow.

By 120 Days – Institutionalise Resilience

• Providers should publish a quarterly resilience report across major accounts, covering hub health, automation lift, substitution drills, and security attestations. Artifacts must evolve into rhythm.
• Enterprises must embed the Talent Resilience Scorecard as a standing board agenda item, integrated with cyber and supply-chain risk. This elevates talent resilience from project noise to corporate governance.
• Both sides should complete at least one joint advocacy action—whether through an industry body or direct policy forum—so that resilience extends beyond contracts into the shaping of policy itself.
• Together, they must align next year’s workforce planning with the lessons of the surcharge: fewer visa-dependent roles, stronger domestic pipelines, and deeper global hubs. If plans do not reflect what has been learned, the cycle repeats.
• Finally, both sides should audit and certify at least one engagement against a recognized zero-trust or resilience standard. Evidence is stronger when credentialed by a third party.

Greyhound Standpoint. Ninety days is enough to survive; one hundred and twenty is what embeds resilience. Enterprises and providers that move through this checklist with artifacts in hand will convince boards they are not absorbing a tariff but re-architecting around it. Those who treat the milestones as optional will find that in the boardroom, absence of proof reads as absence of preparedness.

Conclusion: From Outrage to Architecture

The first dossier was about outrage. It had to be. A six-figure surcharge on skilled visas is not a policy tweak; it is a seismic shock to how enterprises plan, how universities recruit, and how IT services are delivered. Outrage was necessary to mark the break with the past and to name the contradictions in a policy that taxes skills while selling fast-track residency to capital.

This second dossier is about architecture. Outrage may win attention, but only architecture wins resilience. The surcharge has turned immigration volatility from a compliance irritant into a board-level risk. Providers and enterprises now live in an environment where talent resilience must be treated with the same gravity as cybersecurity or supply-chain continuity. The days of trusting in mobility pipelines are over; what matters now are delivery maps, automation lifts, substitution drills, security attestations, and contracts that flex with risk.

What we have laid out here is not a menu; it is a scaffold. IT services firms must redesign their hub networks, rebalance their pyramids, automate relentlessly, and tell a new story grounded in evidence. Enterprises must classify their roles, rewire contracts, diversify their footprints, and hold providers accountable through governance dashboards. Together, both sides must defend talent pipelines, run drills, measure automation, and show boards artifacts that prove resilience. And they must pivot the dialogue—from headcount to outcomes, from proximity to proof, from anecdotes to evidence, and from transactions to advocacy.

If Part One warned of the storm, Part Two shows the lighthouse. The $100,000 surcharge is not just a tariff on visas; it is a test of seriousness. Enterprises and providers who move fast to institutionalize resilience will emerge stronger, more distributed, and more trusted. Those who delay will find themselves at the mercy of boards, markets, and competitors who no longer negotiate on comfort but on proof.

Greyhound Standpoint. Outrage has its place, but architecture is what endures. America’s long-term strength has always come from attracting talent, not taxing it. Enterprises and providers must now architect around volatility with evidence and urgency. Those who do will stand firm when the politics of the moment fade; those who don’t will discover that resilience deferred is resilience denied.

Copyright Policy. All content contained on the Greyhound Research website is protected by copyright law and may not be reproduced, distributed, transmitted, displayed, published, or broadcast without the prior written permission of Greyhound Research or, in the case of third-party materials, the prior written consent of the copyright owner of that content. You may not alter, delete, obscure, or conceal any trademark, copyright, or other notice appearing in any Greyhound Research content. We request our readers not to copy Greyhound Research content and not republish or redistribute them (in whole or partially) via emails or republishing them in any media, including websites, newsletters, or intranets. We understand that you may want to share this content with others, so we’ve added tools under each content piece that allow you to share the content. If you have any questions, please get in touch with our Community Relations Team at connect@thofgr.com.