Skip to content

Consistency Is a Business Decision

You have probably heard of eventual consistency. The short version: in a distributed system, when data changes in one place, other parts of the system might not see that change immediately. For a brief moment, different components have different views of the truth. Eventually, they all catch up. Eventually, they all agree. But not instantly.

This concept makes many developers nervous. "Eventually consistent" sounds like "temporarily wrong." It sounds like a bug waiting to happen. In German, it gets even worse: "eventual consistency" is often translated as "eventuell konsistent," which means "possibly consistent," implying the data might never be correct. No wonder people reach for stronger guarantees.

But "eventual" in English means "ultimately" or "in the end," not "possibly." Eventual consistency means the system will become consistent, given enough time. The question is not whether consistency happens, but when. And here is the uncomfortable truth: your system is already eventually consistent. You just have not admitted it yet.

Lost in Translation

The German mistranslation I mentioned is more than a linguistic curiosity. It reveals how we think about the problem. When we hear "eventual consistency," we imagine data that might never be correct. We imagine chaos. We imagine angry customers and lost transactions. The word "eventual" triggers fear, when it should trigger a simple question: how long?

A better mental model is stale data. At any given moment, some part of your system might be looking at data that does not reflect the very latest state. The data is not wrong. It is just not current. It was correct a moment ago. It will be correct again in a moment. Right now, it is stale.

Every system has stale data somewhere. The question is not whether your data can be stale, but how stale is acceptable. Milliseconds? Seconds? Minutes? Hours? The answer depends on the use case, and it is rarely "never."

The Comfortable Lie

Here is the mental model most developers carry: "My relational database is always consistent. Transactions guarantee it. ACID guarantees it. When I commit, the data is there, and everyone sees it."

This is true within a single database instance, for a single query, at a single moment. But that is not how real systems work.

Do you have read replicas? They lag behind the primary. Your user writes to the primary, then reads from a replica, and sees stale data. Do you have a cache? It holds data that was current when it was cached, not when it is read. Do you have a mobile app? It shows data that was current when the app last synced, which might have been seconds or minutes ago. Do you render HTML on the server? The page was current when it was rendered, not when the user reads it.

The moment data leaves your database, it starts becoming stale. By the time it reaches the user's screen, it is already a snapshot of the past. The user sees "Order confirmed," but the warehouse system has not processed it yet. The user sees "3 items in stock," but someone else just bought two. The user sees their account balance, but a payment is still being processed.

This is not a bug. This is how distributed systems work. And every system with a user interface is a distributed system. The user's device is a node. The network is unreliable. Time passes between request and response. You are already building distributed systems. You just pretend you are not.

This Is Not a Technical Problem

Here is the insight that changes everything: eventual consistency is not a technical problem. It is a business problem. And it existed long before computers.

Imagine a company with two sales offices in different cities, back when the only communication was by telephone. Both offices sell from the same inventory. A customer in Munich wants to buy the last unit of a product. A customer in Hamburg wants to buy the same unit. Neither salesperson knows what the other is doing.

How did businesses solve this before computers? They did not achieve perfect real-time synchronization. They accepted that conflicts would happen and designed processes to handle them. They overbooked and apologized. They kept safety stock. They called the warehouse before promising delivery. They compensated disappointed customers. They managed risk, not consistency.

The same product, the same problem, with pen and paper instead of databases. No amount of technology can eliminate this fundamental challenge. Two people, two locations, one resource, imperfect information. The laws of physics guarantee that information takes time to travel. Perfect synchronization is impossible, not just difficult.

This is why discussions about eventual consistency belong in business meetings, not just engineering meetings. Engineers can explain the trade-offs. But the decisions are business decisions. How often will conflicts occur? What does a conflict cost us? What would it cost to reduce conflicts? These are questions about risk and economics, not about code.

Consistency Is a Spectrum

Consider how many systems you use every day that embrace eventual consistency without apology.

Package tracking. You check the status: "In transit." But that update was recorded hours ago when the package was scanned. Right now, the package might be on a truck, in a sorting facility, or already delivered. The tracking system shows you stale data. And that is fine. You do not need real-time GPS coordinates. You need a general sense of progress.

Inventory displays. An online shop shows "Only 3 left in stock." Is that number accurate? Maybe. It was accurate when the page was rendered. Since then, someone might have bought one. Someone might have added one to their cart without checking out. Someone in the warehouse might have found a misplaced unit. The number is a hint, not a guarantee. And that is acceptable, because the checkout process handles the edge case where the item is actually gone.

Social media metrics. Your post shows 1,247 likes. Is that the real number? Different servers might show different numbers. The count you see might be seconds or minutes old. If someone likes your post right now, you might not see it for a while. Nobody cares. The exact number does not matter. The approximate number is good enough.

Flight bookings. Airlines deliberately overbook flights because they know some passengers will not show up. The booking system accepts more reservations than there are seats. If everyone shows up, they handle it at the gate with compensation and rebooking. The system is designed to accept conflicts and resolve them later. This is not a failure of consistency. It is a business strategy.

All of these systems work. Customers use them every day without complaint. The eventual consistency is invisible because the consistency window is short enough, or because the business process handles the edge cases gracefully. The goal is not perfect consistency. The goal is acceptable consistency.

The Right Questions

When developers discuss eventual consistency, they often ask the wrong question. They ask: "Is eventual consistency acceptable here?" This frames consistency as binary, as if you either have it or you do not.

The right questions are about risk and cost.

How often will this conflict occur? If two users try to buy the last item simultaneously, how often does that actually happen? Once a day? Once a month? Once a year? The frequency matters because it determines whether the conflict is a real problem or a theoretical concern.

What does a conflict cost us? If the conflict happens, what is the impact? A disappointed customer? A refund? A manual intervention? A legal issue? The cost determines how much effort is worth spending on prevention.

What does prevention cost? Stronger consistency guarantees are not free. They require coordination, which means latency. They require locking, which means reduced throughput. They require infrastructure, which means money. Every millisecond of consistency you buy has a price.

These are business questions, not engineering questions. The engineering team can explain what is possible and what each option costs. But the decision about acceptable risk belongs to the business. A payment system and a social media feed have different tolerances. A medical record system and a shopping cart have different requirements. The context determines the answer.

This is why it is wrong to discuss eventual consistency only within the development team. The team might have strong opinions about technical purity, but they might not know that the business would happily accept a one-second delay if it means lower infrastructure costs. Or they might not know that a particular use case has regulatory requirements that demand stronger guarantees. The conversation needs both perspectives.

The ATM That Kept Working

Here is a concrete example that shows how thinking in business terms transforms a technical problem into an opportunity.

ATMs are normally online, connected to the bank's systems in real time. When you request a withdrawal, the ATM checks your account balance, verifies you have sufficient funds, and dispenses the cash. Simple and consistent. But what happens when the network connection fails and the ATM goes offline?

Ask most developers, and they will say the ATM should stop working. No connection means no balance check. No balance check means potential overdrafts. Potential overdrafts mean risk. Therefore, shut down the ATM until the connection is restored. This is the obvious, safe, technically correct answer.

It is also the wrong answer.

Imagine a well-known billionaire standing at an ATM, trying to withdraw 50 Euros, and being told the machine is out of service. Tomorrow's headline: "Bank Fails Billionaire Customer Over Network Glitch." That is not a headline any bank wants. The reputational damage far exceeds any potential overdraft from a small withdrawal.

So what do banks actually do? The ATM keeps working, even when offline. But with smart risk management.

First, most outages are short. The connection drops for a few minutes, then recovers. By the time anyone notices, the problem has resolved itself. If the outage persists for thirty minutes, then you can consider going offline. But panicking after thirty seconds makes no sense.

Second, most people only withdraw money when they know they have it. Nobody wants the embarrassment of standing at an ATM with a queue forming behind them, only to have their card rejected. Self-selection reduces the risk of overdrafts dramatically.

Third, what is the actual worst case? Most withdrawals are small: 20, 50, 100 Euros. The bank can limit the maximum withdrawal amount during offline periods. You cannot withdraw 2,000 Euros from an offline ATM, but you can withdraw 100. How often do people actually need to withdraw thousands in cash? Rarely. And for the small amounts, the risk is manageable.

Now consider what happens if someone does overdraw their account during an offline period. The bank has two options for how to frame this situation.

Option one: "Customer exploited system vulnerability during network outage." That sounds like a security incident. That sounds like something went wrong.

Option two: "Bank showed flexibility and helped customer in need despite technical difficulties." That sounds like excellent customer service. That might even make a positive headline.

And here is the business opportunity: the bank charges overdraft fees and interest. The customer who withdrew 50 Euros they did not have will pay it back, plus a premium. The bank turned a technical limitation into a revenue opportunity. The offline ATM is not a bug. It is a feature that generates goodwill and, occasionally, additional income.

This is what thinking in business terms looks like. The developer sees a consistency problem and wants to prevent it at all costs. The business sees a risk-reward calculation and finds a solution that is better than either "always consistent" or "always available." The best answer was not in the engineering meeting. It was in the business meeting.

Making the Implicit Explicit

So if eventual consistency is everywhere, why do Event Sourcing and CQRS get singled out for criticism?

First, a clarification: Event Sourcing itself does not require eventual consistency. You can build an event-sourced system that is fully consistent within its boundaries. The events are written atomically, and the state is derived directly from those events. No stale data, no lag, no eventual anything.

The eventual consistency enters through CQRS, the pattern that separates the write model from read models. As explored in CQRS Without The Complexity, the write side handles commands and produces events, while the read side maintains projections optimized for queries. These projections are typically updated asynchronously: events are written to the event store, then processed by projection handlers that update the read databases. That asynchronous step is where eventual consistency lives.

Because Event Sourcing and CQRS are so often used together, eventual consistency becomes a common topic in Event Sourcing discussions. But it is important to understand where it actually comes from. The event store itself can be fully consistent. The eventual consistency is in the synchronization between write and read models.

And here is why that explicitness matters: in a traditional system, eventual consistency is hidden. The cache is stale, but the code does not acknowledge it. The read replica lags, but the application pretends it does not. The race condition exists, but nobody talks about it until it causes a bug. The system is eventually consistent, but it pretends to be strongly consistent.

CQRS forces you to confront reality. The write model and the read model are explicitly separate. Events are processed asynchronously, and the architecture acknowledges this. Projections might be behind, and the system accounts for it. The stale data is not hidden. It is designed for.

This explicitness is an advantage, not a disadvantage. When you know where the consistency boundaries are, you can reason about them. You can measure the lag. You can alert when it exceeds thresholds. You can design user experiences that account for it. You can build business processes that handle conflicts gracefully.

As we discussed in Exactly Once Is a Lie, distributed systems require designing for imperfect delivery. Idempotent operations, compensation logic, and conflict resolution are not workarounds for a broken system. They are the correct way to build systems that acknowledge physical reality. CQRS does not introduce eventual consistency. It surfaces the eventual consistency that was always there.

And when you need to understand what happened, the event history gives you complete visibility. As The Three-Cent Problem illustrated, you can trace exactly how any state was derived. If a projection shows unexpected data, you can replay the events and watch the calculation step by step. The eventual consistency is not a black box. It is fully observable.

The Real Risk Is Pretending

The danger is not eventual consistency. The danger is pretending you do not have it.

When you pretend your system is strongly consistent, you do not design for conflicts. You do not build compensation logic. You do not create user experiences that handle edge cases gracefully. And then, when the race condition finally happens, when the cache serves stale data at the wrong moment, when the replica lag causes a visible inconsistency, you have no plan. The system fails in ways you did not anticipate, because you refused to anticipate them.

When you acknowledge eventual consistency, you design for it. You think about what happens when data is stale. You build idempotent operations that can be safely retried. You create compensation mechanisms for when things go wrong. You communicate uncertainty to users instead of false certainty. You build robust systems instead of fragile ones.

The German mistranslation is accidentally profound. "Eventuell konsistent" sounds scary because uncertainty sounds scary. But uncertainty is the reality of distributed systems. The choice is not between certainty and uncertainty. The choice is between acknowledged uncertainty and hidden uncertainty. One leads to robust systems. The other leads to surprises.

Eventual consistency is not a limitation to overcome. It is a reality to embrace. Your system is already eventually consistent. The question is whether you design for that reality or pretend it does not exist.

For a deeper understanding of how these patterns work together, explore cqrs.com. And if you want to discuss how these concepts apply to your specific situation, reach out at hello@thenativeweb.io.