Concentration Risk by Architecture: AI Debt, Credit Default Swaps and the Supervisory Gaps Post-Crisis Frameworks Left Open

The extraordinary pace of hyperscaler debt issuance is producing structural consequences in credit derivatives markets that existing regulatory frameworks have yet to adequately apprehend. Between 2020 and 2024, the five major AI hyperscalers, namely Amazon, Alphabet, Meta, Microsoft and Oracle, issued an annual average of $28 billion in US corporate bonds. In 2025 alone, that figure reached $121 billion. Goldman Sachs projects cumulative hyperscaler capital expenditure from 2025 through 2027 at $1.15 trillion. Total commitments across the group have reached $969 billion, with $662 billion in data centre leases yet to commence. This post argues that the resulting surge in credit default swap (CDS) activity on hyperscaler reference entities reveals how the regulatory architecture itself generates the concentration risk that credit derivatives are then deployed to manage.

The Credit Derivatives Response and Its Structural Function

The response from bank credit desks has been swift and is now well-documented. Banks face concentration limits: regulatory ceilings on how much exposure they may carry against a single counterparty across loan portfolios, derivatives books and other instruments. As hyperscaler borrowing has accelerated, major banks have begun to approach those limits. The instrument of choice for managing this tension has been the CDS. Monthly notional volumes of hyperscaler CDS trading at Bank of America increased tenfold in the first months of 2025 relative to the period preceding it. CDS contracts referencing Microsoft, Amazon and Oracle recorded $4.6 billion in notional trading volume in the first quarter of 2026, against $759 million in the equivalent period of the prior year. JPMorgan has introduced a standardised basket product covering the five major hyperscaler names in $25 million increments, offering institutional clients a more liquid hedging vehicle than single-name instruments alone can provide. Meta and Alphabet only entered CDS markets as reference entities in November 2025. The market is expanding in real time.

The most legally and prudentially significant dimension of this development resides in the structural function that credit derivatives are being asked to perform. Bank of America’s head of US single-name CDS has confirmed publicly that much of the demand for hyperscaler CDS originates with credit valuation adjustment (CVA) desks, which are purchasing protection with the express aim of preserving lending capacity within regulatory concentration limits. The demand is balance-sheet-driven, with the management of regulatory constraints rather than fundamental credit assessment as the operative driver. This distinction carries material implications for how the framework ought to respond.

The CVA Architecture and the Limits of the Basel Framework

It is submitted that the SA-CVA and BA-CVA frameworks under the Basel III final standards (paras 52.1–52.82) were designed to ensure banks hold adequate capital against derivatives exposures and that CVA hedges receive appropriate recognition in the capital calculation. They were not designed to address a scenario in which the same small group of investment-grade counterparties simultaneously dominates both corporate lending books and derivatives counterparty relationships at a system-wide level. The current framework treats CVA hedging as a technical capital adequacy problem. The hyperscaler concentration dynamic reveals that it is equally a macro-prudential question. When CVA desks systematically purchase protection from hedge funds and other non-bank financial intermediaries, concentration risk is transferred to institutions not subject to equivalent prudential oversight, with no corresponding mechanism for tracking the aggregate magnitude of that transfer. The structural incentive to hedge is preserved; the systemic visibility required to assess the consequences of that hedging is absent.

The Information Embedded in CDS Spreads

It is noteworthy that CDS spreads on hyperscaler reference entities are trading at levels materially above those one would ordinarily expect from their formal credit ratings. Alphabet and Meta carry AA ratings from S&P Global, and their spreads have widened sharply since the acceleration of their capital programmes, reflecting information that the rating methodology is not structured to capture: execution risk at scale on multi-hundred-billion-dollar infrastructure programmes, duration mismatch between very long-dated bonds and the competitive lifecycle of AI infrastructure, and the accumulation of off-balance-sheet commitments that accounting frameworks recognise only partially. Oracle presents the starkest case, with a BBB rating sitting two notches above non-investment grade and a debt-to-equity ratio exceeding 462% against a figure of under 50% for its hyperscaler peers. Where CDS spreads consistently price risks that formal ratings do not acknowledge, across a concentrated and systemically relevant set of names, that divergence constitutes supervisory information. The current architecture contains no mechanism requiring regulators to act upon it.

An Unregistered Systemic Exposure

The macro-prudential frameworks that emerged from the 2008 financial crisis were designed to detect leverage concentration, maturity mismatch and interconnectedness before they crystallised into systemic instability. None of those frameworks were constructed to govern a scenario in which a small number of non-financial corporations accumulates close to $1 trillion in financial and contingent commitments within a period of years, becomes among the largest issuers in the investment-grade bond index, and simultaneously constitutes the dominant reference entity cluster in an expanding credit derivatives market. The Financial Stability Board’s (FSB) Global Monitoring Report on Non-Bank Financial Intermediation does not currently account for AI-related corporate debt as a distinct exposure category. The US Financial Stability Oversight Council (FSOC) has not designated any hyperscaler entity as a systemically important non-bank financial institution. The same forces driving the transition from sovereign to corporate debt as the dominant site of systemic risk accumulation are now generating derivative markets whose scale and structural function outpace the supervisory frameworks designed to observe them.

Three Regulatory Recommendations

It is submitted that three targeted interventions would substantially narrow this gap. First, the Basel Committee on Banking Supervision should review whether the SA-CVA and BA-CVA frameworks adequately address concentration risk scenarios in which a small number of investment-grade counterparties simultaneously dominates both corporate lending and derivatives books across multiple institutions. The present framework creates structural incentives for CVA hedging without generating systemic visibility into the destination of the transferred risk. Second, the International Organization of Securities Commissions (IOSCO) should examine whether the structural demand imbalance in single-name CDS markets for AI reference entities, arising from bank balance-sheet management rather than fundamental credit assessment, requires enhanced position transparency requirements for large directional CDS exposures. Standardised basket instruments create liquidity and correlated exposure simultaneously, and single-name analysis is insufficient to capture the aggregate risk profile. Third, the FSB should require participating jurisdictions to incorporate AI-related corporate debt concentration as a tracked category in financial stability reporting, with explicit mapping of CDS market exposures to underlying bank balance-sheet positions. The tools exist within the data reporting architecture established under the G20 OTC derivatives reform programme. What is absent is the mandate to deploy them.

Conclusion

The hyperscaler CDS expansion is, on one reading, a straightforward market development: banks deploying available instruments to manage growing counterparty relationships, and non-bank institutions finding profitable positions in the resulting demand imbalance. It is submitted that this reading requires supplementation. When CVA desks systematically deploy derivatives to manage around concentration limits, when CDS spreads embed information that ratings frameworks decline to acknowledge, and when close to $1 trillion in corporate commitments accumulates outside any macro-prudential monitoring framework, the structural question is whether the solution the market has found operates within a regulatory architecture designed to see it. The regulatory architecture, as currently designed, lacks the supervisory visibility to answer that question.

Ligia Catherine Arias-Barrera is Professor-Researcher in Commercial Law at Universidad Externado de Colombia, where she leads CERES (Centro de Estudios Regulatorios de la Empresa Sostenible), and Invited Lecturer for Financial Derivatives at Queen Mary University of London.