Logo
Become a Client

Resource Regions: Western Europe

Given all the geopolitical and economic upheavals so far seen in 2025, concerns about U.S. tech dominance, and fear of services from (non-European) IT providers being withdrawn as a result of government executive orders, the big question we keep hearing in Europe is “What is Plan B”?

I can answer that.

Firstly though, it should be noted that Europe’s interest in digital sovereignty has always been high. Now, as geopolitical tensions escalate and regulatory uncertainty deepens, many organisations on the continent see this as a strategic imperative.

But…

Geopolitical risk has typically been a low-ranking market driver for those seeking sovereign solutions in Europe. Sure, IDC’s 2025 Worldwide Digital Sovereignty Survey shows that this has climbed up the rankings, now attracting more than a quarter of responses compared to last year when it was slightly less and even coming bottom of the list of drivers as it has done so in the years prior to 2024.

What’s more revealing is that Europe now has a new top sovereign cloud market driver: protection against extra-territorial data requests.This reflects growing anxiety over foreign access to sensitive data and a clear signal that sovereignty is no longer just about compliance and control, but has a greater focus on autonomy.

The European provider’s response: “Plan B”

In what can be regarded as a largely unprecedented move, Europe’s service providers have reacted swiftly and have taken a proactive approach, joining forces to offer what they consider to be the “alternative” (and many also promote the idea of services, platforms and providers that can be labelled as “Made In Europe”).

Some examples here include EuroStack, which calls for a Europe-led digital supply chain spanning chips, cloud, AI and digital governance; virt8ra (pronounced virtoora), which is billed as Europe’s first sovereign edge cloud; and the EU-funded Sovereign European Cloud API (SECA) which is available to all European cloud providers for cloud infrastructure management.

These initiatives reflect a broader push to reclaim digital autonomy and reduce dependency on non-European tech giants.

The global cloud providers’ response: committed to Europe

The global cloud providers have not been standing still. And of course, none of them are about to walk away from their highly successful business operations in Europe.

In recent months, several big name providers, such as Google and Microsoft, have enhanced their sovereign offerings to emphasize how sovereignty and U.S. big tech can work provided the right controls and partnerships are in place.

And clearly, just as the global cloud providers are not planning to abandon Europe, Europe is not planning to abandon them.

For instance, despite all the media hype earlier this year around German authorities “ditching” Microsoft in favour of their own home-grown solutions (in June 2025, the German state of Schleswig-Holstein rolled out the OpenTalk videoconferencing solution, developed by Berlin-based Heinlein Support, across all state agencies), partnerships with U.S. providers continue to be announced.

These include the German Federal Office for Information Security’s (BSI) strategic cooperation agreement with AWS in the run-up to the launch of the AWS European Sovereign Cloud in Germany later this year.

Separately, the BSI has also teamed-up with Google Cloud to support the development and deployment of secure and sovereign cloud solutions for government agencies, including the German military that will use an air-gapped version of Google distributed cloud.

IDC’s response: Techxit? What techxit?

Despite their increased interest in sovereign solutions due to all the geopolitical turmoil, just 4% of European organisations say they plan to stop using cloud services and platforms from global public cloud vendors and only partner with local cloud providers.Thus, reports of ‘techxit’ – the prospect of U.S. providers being forced out of Europe for whatever reason – are greatly exaggerated.

Instead, the dominant strategy is staying “glocal”: combining global innovation with local control by using both global and local providers, and many organisations in Europe say they will continue to depend on global cloud vendors.

What’s more, the idea of a full-scale “techxit” remains impractical, given the deep integration of global technologies in European IT environments.

Of course, it would be naïve to think that buyer expectations have remained unchanged in 2025 – far from it.  The expanded interest in digital sovereignty in Europe is expected to account for a decrease in organisations using sovereign cloud from not only global providers but also their local counterparts, with managed providers seeing a slight increase. The changes here are not huge but significant enough for all providers to take not.

What all providers need to consider

To succeed in this evolving landscape, cloud providers must:

  • Offer verifiable protections against extra-territorial data access
  • Prioritize network sovereignty, including data in transit
  • Invest in AI governance and compliance-first infrastructure
  • Build regional partnerships to meet local expectations
  • Embrace open standards to support interoperability and avoid vendor lock-in

So what is “Plan B”?

IDC has long maintained that a trusted ecosystem of partners is needed for sovereignty to work at scale, and we believe this should include a combination of using global and local providers.

For the global cloud players that means looking for the right regional and in-country partners to help boost local credibility and to deliver local services, local expertise and leverage local knowledge.

For the local service providers, it means partnering with global players to help deliver innovation and scalability.

And then the global SaaS providers need to be able to work across both to develop and deliver customized offerings within sovereign frameworks.

Europe’s vision for digital sovereignty is not about isolation — it’s about balance. The goal is to level the playing field, reduce dependency, and ensure that the continent can compete globally while retaining control locally.

Ultimately it’s about the sovereign aspect of digital self-determination and survivability and self-sufficiency. The latest geopolitical uncertainties indicate a recalibration of Europe’s cloud market, not a rejection of global providers.

So what’s Plan B? Our advice to organisations in Europe seeking sovereign solutions is to stick to Plan A.

For more information and to see what Rahiel is covering, look here: Digital Sovereignty. 

Got a specific question? Drop it in here.

Rahiel Nasir - Research Director, European Cloud Practice, Lead Analyst, Digital Sovereignty - IDC

Analyst Profile
Rahiel Nasir is responsible for leading and contributing to IDC's European cloud and cloud data management research programs, as well as supporting associated consulting projects. In addition, he leads IDC's worldwide Digital Sovereignty research program. Nasir has been watching technology markets and writing about them throughout his professional life.

The deadline for the transposition of the EU’s second Network and Information Systems Security directive (NIS 2) came and went in October 2024 with only a handful of member states having completed the task. As it became clear that this was not just a minor case of not submitting the paperwork on time, the European Commission (EC) swung into action, initiating infringement proceedings against 23 member states in November 2024, with those countries given until January 2025 to provide updates on their progress or demonstrate that they had achieved compliance. Only Belgium, Croatia, Italy, and Lithuania escaped the wrath of the Commission.

Changes

Through the first half of 2025 the picture gradually changed, although decisive numbers depend on the interpretation of what it means to be compliant. In May 2025, 19 member states were on the receiving end of another ultimatum from the EC. However, by July 2025, the list of countries that had enacted laws on the implementation of NIS 2 had swelled to 14 states, with Cyprus, Denmark, Finland, Greece, Hungary, Latvia, Malta, Romania, Slovakia, and Slovenia joining the first four countries noted above. Denmark, Finland, Hungary, Latvia, and Slovenia were the countries with the dubious honour of having transposed the directive but still making the EC’s naughty list. The nuance is that countries not only have to transpose the law, they also have to provide full notification of all applicable legislation to the Commission.

Note that EC saber-rattling is not confined to NIS 2: the Commission provides a monthly list of its infringement decisions and recent iterations have included calls around energy legislation, emissions trading, corporate sustainability reporting, and more.

It’s also worth looking at why some of the non-compliant states have not made the required progress. In several cases, the countries in question have gone through changes in government, often multiple times. In Portugal, the government has toppled three times in three years, most recently in March 2025. Germany’s elections in February 2025 meant that all pending legislation either had to be reintroduced or was put on hold. The collapse of the Dutch government at the beginning of June 2025 further set back a process that was already behind schedule.

Legislative processes are complex and any disruption can lead to delays both initially and then further down their carefully calibrated calendars.

Under pressure

What does this mean for all the organizations covered – or likely to be covered – by the Directive? How should a company with operations in 10 EU member states, for example, build its compliance strategy and roadmap if 5 of those member states have transposed the Directive and 5 have not? The legislation is already extensive and complex enough without such additional uncertainty layered on top.

Uncertainty impacts organizational planning. According to IDC’s 2025 EMEA Security Technologies and Strategies Survey, almost two-thirds of organizations covered directly by the legislation had not yet started compliance work, as of spring 2025. Allocation of dedicated funding is difficult under these circumstances, with 82% of organizations saying they had not seen any change in their security budget to address NIS 2 requirements. That does not mean no funding is available – but when the directive comes into force in their relevant markets, it may require reallocation of existing funds from other initiatives.

Of course, there are measures that can be taken that do not require technology investments, with 19% of organizations saying they have updated their security policies and processes in relation to NIS 2 requirements. Still, that is less than 1 in 5.

Up the hill backwards

Delays in transposition of the legislation may lead some organizations to consider that time is on their side and there is little need to press ahead with preparations for compliance. Until a European law has come into force, there is no legal basis to enforce compliance. Nevertheless, there are legal principles that caution against taking this approach.

The so-called doctrine of effectiveness principle created by the European Court of Justice in relation to EU laws puts obligations on EU member states to act in certain circumstances. It may seem like there is little incentive to pursue such cases but bear in mind that NIS 2 aims to build cyber resilience in critical and important entities, in the face of ever-increasing cyberattacks. So, when a major cyber incident disrupts operational capability in a critical vertical, after the initial impact has been contained and services restored, investigations and audits will follow. In that situation, there is no guarantee that the principle of effectiveness will not be invoked, if it is deemed that an in-scope organization failed to take appropriate measures to manage the risk.

Most member states have set up registration mechanisms through which in-scope organizations have to provide certain information such as designated personnel, contact details, IP ranges, and more. The designated authorities in each member state are required to compile those lists of critical and important entities and share the number of entities, along with the sector and subsector breakdown, with the EC and the NIS 2 Cooperation Group. These coordinated actions serve a broader function of enabling the EU’s supranational cybersecurity operational bodies to track and address major incidents that may transcend national borders and lead to impacts spreading across sectors and countries. Consequently, even in member states that have not completed transposition it is crucial that in-scope entities fulfill the registration requirements for their organization.

The area of incident response also bears scrutiny. Article 23 of the NIS 2 directive details incident reporting obligations, which include an initial alert that must be made within 24 hours of becoming aware of the incident, full notification within 72 hours, and a final, detailed report within one month. Even before full transposition, member states themselves are required to run Computer Security Incident Response Teams (CSIRTs) that are obliged to support in-scope entities in case of an incident. Subject to the findings of those cases, compliance demands could be applied retroactively or specific requirements imposed with compressed deadlines to address key issues.

It’s no game

Despite delays in transposing the legislation, the NIS 2 directive is moving inexorably towards being enforced across the EU and even beyond, when we take into account international companies with operations in EU member states or companies that are suppliers to in-scope organizations. According to IDC’s survey, 41.1% of organizations said that despite not being in-scope for NIS 2, they are still facing compliance requests from some of their partners that are covered by the directive. Individual countries continue to make progress: in Finland the legislation came into force on April 8th 2025; in Slovenia on 19th June; and in Denmark and Estonia on July 1st. Cyber incidents and the risk of extended legal actions make a very strong case for all in-scope entities to prioritize achieving NIS 2 compliance. And even if the auditors aren’t watching you – maybe the cybercriminals are.

To learn more about how European organizations are preparing for NIS 2 compliance, visit IDC’s European Security Technologies and Strategies page. If you have a specific query about NIS 2, drop it in this form.

Mark will be speaking at IDC’s CISO Xchange, which takes place 9-11 November in Marbella, Spain.

Mark Child - Associate Research Director, European Security - IDC

Analyst Profile
Associate Research Director Mark Child of IDC’s European Security Group leads the group's Endpoint Security and Identity & Digital Trust (IDT) research for both Western Europe and Central & Eastern Europe. He monitors developments in security technologies and strategies as organizations address the challenges of evolving business models, IT infrastructure, and cyberthreats. Mark's coverage includes in-depth security market studies, end-user research, white papers, and custom consulting.

Discover strategies to quantify ROI, build buyer confidence, and drive growth in a competitive tech market.

In today’s technology landscape, having an innovative product is just the starting point. What truly sets successful tech vendors apart is their ability to demonstrate clear, measurable business value and return on investment (ROI) to their customers. This shift is driven by evolving buyer expectations, economic pressures, and the need for technology investments to deliver tangible outcomes aligned with broader business goals.

Why ROI and business value matter more than ever

The market environment has transformed significantly in recent years. Economic uncertainties and tighter IT budgets mean that decision-makers—from CFOs to CIOs—are monitoring investments with higher levels of scrutiny. Digital transformation must prove its worth through quantifiable results.

Three key forces are shaping this new reality:

  • Economic pressure: Organizations must justify every expenditure, making financial accountability paramount.
  • Rapid technological change: Businesses need to adopt solutions that not only innovate but provide competitive advantages.
  • Increased accountability: IT leaders are under growing pressure to demonstrate measurable impact to stakeholders.

In this context, ROI has become the deciding factor for investment decisions. It translates technology benefits into financial terms, aligns technology initiatives with strategic business objectives, and reduces risks by offering assurance through proven value.

Moving beyond features: how to prove business value

Tech buyers today demand more than product specs—they want evidence of how a solution will improve their operations, reduce costs, or increase revenue. To meet this demand, vendors must embrace a comprehensive, data-driven approach to showcase business value:

  • Use data-backed documentation: Whitepapers, case studies, and analyst reports grounded in credible research help tell a compelling story.
  • Offer tailored financial models: Interactive ROI calculators and TCO analyses customized to specific client scenarios provide clarity and confidence.
  • Highlight operational KPIs: Metrics like productivity gains, time savings, and efficiency improvements resonate alongside financial data.
  • Leverage customer insights: Real-world success stories and testimonials add authenticity and build trust.

A holistic approach to business value

Demonstrating business value requires more than just numbers—it demands a strategic, customer-centric mindset:

  • Validate with industry research: Third-party validation from trusted sources enhances credibility and trust.
  • Tailor to customer needs: Align your messaging with the unique challenges and goals of each prospect.
  • Present a multifaceted value proposition: Beyond cost savings, emphasize strategic benefits such as improved agility, innovation enablement, and enhanced customer experience.

Why IDC Is your ideal partner for business value success

At IDC, we specialize in supporting tech vendors quantify and communicate the real-world impact of their solutions. Our Business Value services combine rigorous research, tailored financial analysis, and compelling storytelling to empower your sales and marketing teams. We provide:

  • Detailed ROI and TCO models that resonate with CFOs and finance teams.
  • Strategic presentations and case studies that speak to CIOs and IT decision-makers.
  • Training and tools to equip your sales force to confidently address objections and demonstrate value.

By partnering with IDC, you gain access to trusted expertise and proven methodologies that accelerate buyer journeys, reduce sales cycles, and ultimately drive revenue growth.

Final thoughts

In a market where every investment must have a return, demonstrating ROI and business value is essential. Tech vendors who can clearly articulate the economic and operational benefits of their solutions will not only win more deals but build lasting partnerships grounded in trust and measurable success.

Are you ready to unlock the full potential of your technology offerings by proving their true business value? Connect with us to learn how IDC can help you transform your sales approach and drive impactful results.

Lynn-Kristin Thorenz - Associate Vice President, Research & Consulting - IDC

Analyst Profile
Lynn-Kristin Thorenz is Associate Vice President, Research & Consulting. In her role, Lynn manages IDC’s consulting and research business in Germany and Switzerland and is responsible for the successful delivery of IDC’s local portfolio which includes standard research products, Go-to-Market Solutions and individual client projects. She works closely with IDC's clients to understand their specific needs and requirements and to tailor solutions which support their business objectives. Lynn is also responsible for the strategic development of the complete range of IDC's local research and consulting activities around Digital Transformation and IDC’s 3rd Platform Technologies.

At the 2025 NATO Summit in The Hague a few weeks ago, member states pledged to allocate 5% of their annual GDP to core defense requirements and defense- and security-related expenditures by 2035. This represents a significant departure from the alliance’s longstanding 2% benchmark, particularly given that the current average defense spending among NATO members only marginally meets the 2% target.

European nations constitute the majority of NATO’s members. And since the onset of Russia’s invasion of Ukraine, several Eastern European countries—such as Poland—have substantially increased their defense budgets. Nevertheless, many European allies remain below the alliance average, rendering the new 5% objective highly ambitious. The United States continues to lead in defense investment, with expenditures approaching $1 trillion in 2024— double the combined defense spending of Europe and Canada — and has been an advocate for heightened commitments among NATO.

The new target of 5% of GDP is structured to address both immediate military needs and broader security challenges, with an ideal split of spending among 2 categories:

3.5% of GDP: core defense requirements

  • Purpose: This portion is dedicated to traditional military expenditures.
  • Coverage: Includes funding for active personnel, acquisition and maintenance of weapons systems, military equipment, R&D, and operational readiness.

1.5% of GDP: defense and security-related investments

  • Purpose: This segment is allocated to areas that support and enhance national and alliance security beyond conventional military assets.
  • Coverage: Encompasses investments in critical infrastructure (such as energy grids, transportation networks, and communication systems), network defense, and resilience against hybrid threats.

Direct ICT Spending Impact

Core defense Spending: A larger budget is expected to drive more funding for defense organizations and spark a ripple effect in ICT spending. According to IDC Worldwide ICT Spending Guide Enterprise and SMB by Industry, aerospace and defense ICT investments in Europe will top $11 billion in 2025—about 1% of the region’s total ICT expenditure.

Military modernization efforts are focused on upgrading command, control, communications, computers, intelligence, surveillance, and reconnaissance (C4ISR) systems, strengthening cyber defenses, integrating artificial intelligence for battlefield operations, and enhancing encryption to secure communications and protect against cyber threats. However, this category will likely represent only a small portion of the overall 3.5% GDP allocation to core defense requirements.

Assuming the 3.5% target equates to approximately $665 billion, it is expected that initially less than $20 billion will be directed towards digital modernization and related technologies. This restrained allocation stems from several pressing priorities:

  • Many NATO members must rearm and modernize legacy military equipment, much of which is outdated or exceeded its operational life.
  • There is an urgent need to rebuild naval fleets and replenish armament supplies, particularly after significant stocks were transferred in support of Ukraine.
  • Substantial investment in unmanned aerial systems (drones), which are increasingly central to modern warfare, will also consume a major share of the available resources.

Therefore, while digital modernization is strategically important, the immediate proportion of defense spending dedicated to these initiatives will be modest in comparison to the broader requirements of re-equipping and reinforcing conventional military forces. Over time, this share may increase as foundational rearmament needs are addressed and digital technologies become further integrated into military operations.

Indirect ICT spending impact

Defense and security-related investments: Efforts are focused on securing critical infrastructure from both cyber and physical threats, enhancing national and international cybersecurity through advanced tools, investing in IoT and digital twin technologies for real-time monitoring, and promoting post-quantum cryptography and secure digital identities. However, the most significant portion of spending in this area will be dedicated to fundamental cybersecurity measures and the development of sovereign data and cloud capabilities. Much of this investment will address foundational requirements, such as fortifying existing networks, implementing robust data protection protocols, and ensuring compliance with national security standards.

While initiatives involving emerging technologies—such as post-quantum cryptography—are important for long-term resilience, these areas are likely to attract only limited funding initially. The focus will remain predominantly on basic cybersecurity infrastructure and sovereign data management until Europe further develops a robust innovation base in the defense technology sector. Heavy investment in more advanced and experimental digital solutions will depend on the establishment of this foundation and the maturation of European defense-driven technological ecosystems.

Induced ICT spending impact

This growth will create new opportunities for core defense solutions and benefit related industries, fueling wider momentum in the Defense Ecosystem. This momentum has therefore set off significant induced ICT spending, especially among major European defense contractors. As these companies prepare to deliver more advanced and diverse products and services, the demand for innovative IT solutions and digital transformation initiatives has surged. This effect spans not only traditional leaders such as Leonardo, Dassault, and Rheinmetall, but also extends to BAE Systems, SAAB, Indra, Thales, and Airbus, among others.

The current environment provides a strong opportunity for the European defense industry to enhance its position in the global market. By accelerating investments in areas such as digital platforms, cybersecurity, cloud infrastructure, and advanced analytics, the sector can differentiate itself while building greater resilience and competitive strength. Examples of current IT and digital transformation-related initiatives include:

  • Development of secure, sovereign cloud platforms for defense applications and data management.
  • Deployment of AI-driven command and control systems to improve operational decision-making and mission effectiveness.
  • Launch of pan-European projects to promote interoperability, digital sovereignty, and cybersecurity across defense networks, often supported by the European Defence Fund and broader EU digital policy frameworks.

These initiatives foster a more interconnected and technologically advanced defense ecosystem, ensuring that European contractors can respond to evolving demands and capture new growth opportunities in a global context

NATO’s new 5% GDP spending target signals a major shift for Europe’s defense sector, promising record investment in military capabilities and key enabling technologies by 2035. However, long-term commitment is uncertain, as future governments may redefine priorities.

This shift opens the door for technology providers—whether established contractors or innovative startups—to play an essential role in shaping the continent’s security future.

For technology providers, the key imperatives are clear:

  • Make the defense market a top priority. With traditional defense budgets swelling and new funding streams available, tech vendors – especially those historically focused on enterprise or civil solutions – should prioritize defense within their broader industry strategies. Consider how your technology – especially AI-driven solutions for logistics, scheduling, or intelligent automation – could be adapted for military use. With rising defense investment and a growing need for innovation, now is the time to explore how your products can address emerging defense challenges and open new markets.
  • Embrace broader collaboration: Leverage increased funding and European Union support for joint ventures and R&D initiatives to accelerate adoption and scale innovation across national boundaries.
  • Drive dual-use innovation: Develop technologies that bridge defense and civilian markets, maximizing addressable opportunity while supporting national security objectives. In doing so, it is essential also to consider the spillover effects beyond pure core defense spending in adjacent sectors.

The path forward demands agility, innovation, and collaboration, but the rewards – in terms of both market opportunity and societal impact – are substantial.

To learn more about how ongoing geopolitical dynamics are shaping IT spending strategies, visit IDC’s Digital Economy Strategies page.

Lapo Fioretti - Senior Research Analyst - IDC

Analyst Profile
Lapo Fioretti is a Senior Research analyst in IDC Digital Business Research Group, leading the European Emerging Technologies Strategies research. In his role, he advises ICT players on how European organizations leverage new technologies to create business value and achieve growth and analyzes the development and impact of emerging trends on the markets. Fioretti also co-leads the IDC Worldwide MacroTech Research program, focused on the intertwined connection between the Economical and Digital worlds - analyzing the impact key MacroEconomic factors have on the digital landscape and viceversa, how technologies are impacting economies around the world.

Remember the good old days when “Shadow IT” was just about rogue Excel spreadsheets and unauthorized Dropbox accounts? But the times they are a-changing! Now we’re dealing with something far more insidious: Shadow AI. And no, it’s not just lurking in the corners of your or anyone’s organization anymore. Now, it’s driving productivity gains while simultaneously creating security nightmares that, hopefully, keep CISOs wide awake at night.

From private drives to GPT instances

Shadow IT has been the bane of enterprise administrators’ existence for decades. We’ve all seen it: marketing teams building up their own CRM systems, sales departments hoarding customer data in personal cloud drives, and finance teams creating elaborate Excel macros that, unnoticed, somehow have become mission-critical applications. But nowadays we have Shadow IT on AI steroids.

Because instead of innocent unauthorized OneDrive instances, we have unauthorized ChatGPT accounts, private Perplexity subscriptions, custom Copilots, and Excel automation scripts integrated with GPT APIs. And they ALL operate completely outside of IT oversight.

As many experts repeat: shadow IT hasn’t disappeared – it has evolved. And artificial intelligence has given it turbocharged engine.

The staggering scale of unauthorized AI adoption

IDC’s Global Employee Survey from April 2025 reveals that 39% of EMEA employees are using free AI tools at work, another 17% use AI tools they privately pay for. Only 23% of employees declare they use AI tools provided by their organization, and it still does not mean they are not using private tools simultaneously. Another survey I’ve come across shows that 52% of workers won’t admit to using AI in their jobs. And the percentage of sensitive corporate data being fed into AI tools has skyrocketed from a not insignificant 10% to over 25% in just one year.

Why are these numbers so high? The answer is frustratingly simple: on a basic level, AI can be ridiculously easy to use. You need a browser, a prompt, and you’re done. No coding, no server configuration, no IT tickets that sit in queues. Just pure, immediate productivity enhancement. Maybe with a bit of compliance catastrophe on the side, but who’s looking?

March or die

However, let’s be brutally honest about why else these numbers are so high. Employees aren’t just using AI tools to work smarter – they’re often using them to survive increasingly unreasonable workplace expectations. In an era where headlines scream about companies replacing entire departments with AI, workers are fighting hard to prove their relevance.

The pressure is palpable and justified. When employees read about firms cutting 30% of their workforce while boasting about AI-driven efficiency gains, the message is clear: march or die. Shadow AI adoption isn’t just about productivity enhancement, more than anything it can be about professional self-preservation.

This creates a weird dynamic where the very people organizations depend on feel compelled to hide the tools that make them valuable. Are they being rebellious or just rational? When your job security depends on meeting targets that seem designed for superhuman capabilities, you’ll probably use whatever tools necessary to achieve them, authorized or not.

Most AI tools don’t require dedicated client applications. They operate seamlessly through web browsers or as mobile apps, making them almost invisible to traditional IT monitoring systems. The vast majority of ChatGPT, Google Gemini or other tools usage at work happens through non-corporate accounts, meaning corporate data or IP is being processed by AI models that organizations have zero visibility into, zero control over, and zero ability to audit.

How pursuit of productivity kills strategic AI adoption

Many organizations, in their relentless pursuit of productivity metrics and efficiency gains, are creating an environment where employees feel compelled to hide their AI usage to meet impossible expectations. This creates a vicious circle where leadership demands productivity improvements while threatening job cuts, employees discover AI tools that help them meet unrealistic expectations, IT blocks access, so employees use unauthorized tools to avoid becoming the next layoff statistic.

The result? Organizations end up with lower overall AI adoption rates than they could achieve, precisely because they created a fear-based environment where survival instinct eats strategy for breakfast. Define irony: companies that publicly celebrate AI’s potential to replace human workers are simultaneously frustrated by their inability to achieve coordinated, strategic AI implementation.

The education paradox or one-time is here to fail you

And here’s where most organizations spectacularly miss the mark. They roll out a single “AI Awareness” training session, check the compliance box, and wonder why employees still go rogue.

Basic communication theory tells us that people need to hear a message seven times before it truly registers. Yet organizations treat AI education like a software update: deploy once, assume adoption. The learning curve for responsible AI usage isn’t a gentle slope. Or maybe gentle but the road will be long and winding. Employees need ongoing, contextual education that evolves with the changing AI landscape. They need to understand not just the “what” and “how,” but the “why” behind AI governance policies. (And you need AI governance, do we even need to say that?) When people understand the reasoning behind restrictions, compliance rates soar. When they don’t, Shadow Everything thrives.

Smart organizations recognize that AI literacy requires sustained and strategically planned education programs. They build comprehensive learning pathways that revisit core concepts with increasing depth over time, ensuring employees develop genuine understanding rather than superficial compliance. This investment isn’t just about risk mitigation – it’s about creating a workforce capable of strategic, responsible AI adoption.

Hope for the transparency solution? BYOAI!

The IEEE Computer Society proposes a solution that might make traditional IT nervous: BYOAI (Bring Your Own AI). This approach emphasizes transparency, risk assessment, and responsibility while allowing employees to work with their preferred AI tools.

The concept acknowledges a fundamental truth that many organizations refuse to face, although they should have learnt already: you can’t stop Shadow AI, or anything else for that matter, adoption through prohibition. Prohibition will only drive it deeper underground, where it becomes even more dangerous. Think about Chicago, Valentine’s Day, circa 1929, So if a ban is not the answer, then what? The easiest, yet most reliable, way to mitigate risk is good old, albeit boring, education…

Embrace reality, manage risk

Shadow AI isn’t going away. The productivity gains are too compelling, the tools are too accessible, and the competitive pressure too intense. Organizations have two choices: build frameworks for managing Shadow AI or watch it manage them.

What will smart companies do?

  • Invest heavily in ongoing employee AI education (not one-shot training)
  • Create transparent AI governance frameworks
  • Design security policies that enable rather than restrict innovation
  • Build trust through collaboration rather than control
  • Measure success by strategic AI adoption, not just productivity metrics

The question isn’t whether Shadow AI is a threat or an opportunity – it’s whether your organization will respond with wisdom or wishful thinking. Choose wisely!

Listen back to Ewa on the following webcast: AI in 2025: Deliver or Wither

To learn more about how International Data Corporation (IDC) can support your technology market data needs, please contact us.

Ewa Zborowska - Research Director, AI, Europe - IDC

Analyst Profile
Ewa Zborowska is an experienced technology professional with 25 years of expertise in the European IT industry. Since 2003, she has been a member of the IDC team, based in Warsaw, researching IT services markets. In 2018, she joined the European team with a specific emphasis on cloud and AI. Ewa is currently the lead analyst for IDC’s European Artificial Intelligence Innovations and Strategies CIS.

The technology landscape across Europe, Middle East, and Africa (EMEA) is changing rapidly in 2025, with innovations actively reshaping industries and creating new business opportunities.

The Emerging Tech Radar: Current Market Drivers 

The EMEA region’s technology environment encompasses a diverse range of emerging technologies at various maturity stages. Organizations demonstrate different levels of readiness and capability in adopting these technologies. Across EMEA, IDC observes technology gaps between industries and individual countries, highlighting variations in economic, financial and R&D power, and maturity.

These variations exist because countries and industries across EMEA differ in economic strength, investment levels, regulatory environments, and access to skilled talent, all of which impact their ability to adopt and develop new technologies. And as these technologies evolve, new trends are emerging.

Critical Topics Shaping EMEA’s Tech Conversation in 2025

1.     Quantum Computing’s Regional Applications

The state of quantum computing in EMEA reveals how this technology is moving from theoretical to practical applications across various sectors. Quantum computing in the region is rapidly advancing from theory to real-world use, with pilot quantum computers now integrated into supercomputing centers to tackle complex challenges in fields like drug design, supply chain management, and financial modeling.

2.     Tech Maturity Assessment

Organizations are evaluating adoption versus maturity, making critical assessments of emerging technologies and market readiness to guide implementation decisions. Structured maturity models and cross-functional assessments are essential to benchmark their current capabilities, identify gaps, and align technology adoption with business objectives and market readiness.

3.     Change Forecast: 2025–2030

The projected disruptions from emerging technologies over the next five years will reshape how businesses operate and compete in the EMEA region. From AI integration into virtual worlds, to European quantum computing centers, space initiatives, and next-generation batteries, the next five years are crucial for the region’s global competitiveness.

4.     GenAI as a Technology Catalyst 

GenAI is accelerating the development and adoption of other emerging technologies, creating and opening exciting new pathways to innovation for organizations. Its ability to rapidly generate code, simulate complex scenarios, and automate content creation is streamlining R&D processes and enabling faster prototyping across industries.

5.     Digital Natives Drive Innovation

Digital-first businesses, with their deep integration of technology and agile operating models, are often at the forefront of implementing emerging technologies and developing innovative use cases that set industry standards. Their ability to rapidly experiment, scale solutions, and leverage data-driven insights enables them to act as key partners and leaders in digital transformation initiatives across sectors.

6.     Investment Patterns Reveal Priorities

Current investment plans for 2025 and beyond highlight that emerging technologies are attracting capital and organizational focus across EMEA. Investments are supported by significant public and private funding initiatives, such as venture capital for deep tech and government-backed projects in clean energy, digital infrastructure, and advanced manufacturing, all aimed at boosting competitiveness and technological leadership across sectors.

7.     Beyond AI: Work Transformation by 2030

Five specific emerging technologies beyond AI are positioned to reshape how work happens by the end of the decade, enabling new forms of collaboration, automation, and real-time data exchange. The focus will be on streamlining secure transactions and digital identity management, creating immersive training and remote work environments, automating logistics and manufacturing, and supporting seamless connectivity for smart workplaces and IoT-driven operations.

Driving Adoption Through Measurable Results

Organizations across EMEA are adopting these technologies for specific business outcomes. Successful implementations connect directly to KPI improvements, with clear links between technology adoption and business performance metrics. Adoption barriers include challenges that limit EMEA organizations’ ability to implement emerging technologies effectively.

Technology Integration Benefits

Companies that combine multiple emerging technologies report stronger results than those implementing isolated solutions. The combination approach generates meaningful synergies across business processes.

The technical foundation is crucial. Organizations need the right technology backbone to exploit emerging technologies and generate maximum value.

What This Means for Your Business 

These emerging technological trends and their practical applications will influence your organization’s market position in 2025 and beyond. Understanding the key applications and use cases driving technology demand can help position your organization to capitalize on these developments as they mature.

The question isn’t whether these technologies will transform business — it’s how prepared your organization is to adapt to them. 

Did You Know?

IDC analysts are continuously monitoring and identifying emerging technologies through our Continuous Information Services. This resource empowers organizations to make informed decisions by providing comprehensive analyses, forecasts, and strategic guidance at the global, regional, and country levels.

To learn more about how our experts can assist you, feel free to reach out!

Lapo Fioretti - Senior Research Analyst - IDC

Analyst Profile
Lapo Fioretti is a Senior Research analyst in IDC Digital Business Research Group, leading the European Emerging Technologies Strategies research. In his role, he advises ICT players on how European organizations leverage new technologies to create business value and achieve growth and analyzes the development and impact of emerging trends on the markets. Fioretti also co-leads the IDC Worldwide MacroTech Research program, focused on the intertwined connection between the Economical and Digital worlds - analyzing the impact key MacroEconomic factors have on the digital landscape and viceversa, how technologies are impacting economies around the world.

Rethinking CRM and Embracing Agentic AI: Towards a New Era of Customer Experience

According to IDC research, 77% of consumers currently prefer to buy products and services through a mix of digital channels, and customer expectations relating to personalization, immediacy and cross-channel consistency are only becoming more demanding. Customer journeys are not linear, and consumer engagement is expected to become increasingly contextual, not just at the initial stages of the journey but also in terms of customer support — from sales and marketing to customer service.  To meet these demands, organizations are reimagining traditional customer relationship management (CRM) systems, which involves actively implementing AI in multiple ways. As part of this, exploration of agentic AI is ramping up.

The Evolution of CRM: from Systems of Record to Systems of Action

Customer relationship management has evolved beyond merely storing contact details and tracking interactions. CRM platforms need to be designed or re-designed following a omnichannel and cross-functional approach to customer data collection, enabling profile reconciliation through data integration from various sources such as online purchases, in-store transactions, social media interactions, and customer service incidents. This integration should ensure a comprehensive and unified view of customer data, allowing organizations to gain valuable insights and provide personalized experiences. By consistently providing personalized and meaningful interactions, companies can foster loyalty, resulting in increased customer retention and positive word-of-mouth referrals. Modern CRM systems must be dynamic, real-time, and deeply integrated across the entire customer journey, encompassing marketing, sales, service, and support. Key shifts in CRM thinking include:

  • Real-Time, Contextualized Data: Modern CRM platforms need to reflect customer data in real time, providing contextual and intent-driven insights that empower every function within the organization.
  • Cross-Functional Collaboration: Effective CRM now requires multiple departments to work together, breaking down data silos to ensure a comprehensive view of the customer.
  • Automation and AI Integration: AI-enhanced automation is foundational, enhancing customer service, streamlining operations, and ensuring consistency across channels.

IDC Insight: Organizations are rethinking CRM through collaborative, AI-enhanced approaches that connect data across functions and eliminate silos.

Agentic AI: Bringing Intelligence to Unstructured Work

Organizations are already gaining experience in leveraging AI in multiple ways to serve customers — from proposing next-best actions to making sense of documents and knowledge articles, analyzing customer sentiment and more. Agentic AI represents a new frontier here, and pulls AI capabilities towards task and workflow automation. Unlike traditional rule-based systems, where workflows and processes are designed statically up-front, the emergence of AI agents is starting to show how organizations can bring more nuanced automation capabilities to less structured, unpredictable environments. AI agents are therefore conceptually a great fit for complex service scenarios that can come into play at critical moments in the customer journey. At IDC, we see three waves of AI agents playing out:

  1. Knowledge Agents: Enhance decision-making by integrating relevant information into workflows
  2. Action Agents: Execute tasks (including taking actions in external systems) and assist in decision-making processes
  3. Orchestration Agents: Coordinate entire workflows, based on goals and insights into patterns of past behavior and positive outcomes

IDC Research: 41% of organizations say they are already investing in AI agents, recognizing their value in case management and service operations where flexibility and responsiveness are critical.

The Role of Platforms in Enabling AI and CRM Synergy

CRM systems are increasingly pivotal in the integration of customer data and AI across organizational value chains, serving as a foundational element for collaboration between IT and business units. Agentic AI, in this context, acts as a transformative accelerator, converting insights into actionable strategies and enhancing decision-making processes at scale. Organizations wanting to implement AI quickly, safely, and securely into CRM practices and capabilities will benefit from platforms that provide:

  • Managed Access to Enterprise Data: Secure, broad access to corporate knowledge, documents, and data is essential for AI systems to function effectively.
  • Integrated Automation Tools: A unified platform combining AI with existing automation capabilities reduces complexity and accelerates time to value.
  • Scalability and Agility: Platforms can help organizations quickly adapt to changing market conditions and customer needs without extensive customization.

Trend: In the context of modern CRM strategies, AI is most effective when integrated into a platform that spans front-, middle-, and back-office functions, enabling seamless customer experiences and operational efficiency.

Measurable Impact: What Organizations Are Achieving

Organizations embracing AI and modern CRM strategies are witnessing significant results:

  • Escalations reduced by approximately 90%
  • Case resolution time decreased from 7 hours to 2 hours
  • Customer satisfaction increased from 80% to 99%
  • 17% reduction in staff needed to handle more cases
  • 7% increase in billable utilization

These outcomes highlight the transformative potential of combining CRM modernization with AI and point towards an exciting future powered by agentic AI.

The Bottom Line

Organizations that rethink CRM as a real-time, AI-powered system of action — and embrace agentic AI to handle complex, unpredictable work — are better positioned to deliver exceptional customer experiences. This approach not only enhances satisfaction and loyalty but also drives operational efficiency and business agility.

Neil Ward-Dutton - VP AI, Automation, Data & Analytics Europe - IDC

Analyst Profile LinkedIn
Neil Ward-Dutton is vice president, AI, Automation, Data & Analytics at IDC Europe. In this role he guides IDC’s research agendas, and helps enterprise and technology vendor clients alike make sense of the opportunities and challenges across these very fast-moving and complicated technology markets. In a 28-year career as a technology industry analyst, Neil has researched a wide range of enterprise software technologies, authored hundreds of reports and regularly appeared on TV and in print media.

Ornella Urso - Research Director, IDC Retail Insights - IDC

Analyst Profile
Ornella Urso is Head of IDC's Retail Insights team and leads the Customer Experience research group in Europe. Urso conducts market research, industry analysis, and proactively contributes to the definition of thought-leadership at the intersection of businesses priorities and technology innovation in B2C and D2C strategy companies. In her role, she is responsible for the delivery of research reports, custom projects and offers strategic direction and advice to both technology providers and IT and business executives of global brands.

AI is quickly changing the workplace, but not everyone is reaping the rewards. Office workers are seeing the perks of AI, while those on the front lines are lagging due to a lack of training and resources. This gap could lead to a two-tier workforce, where some people with AI skills excel while others find it tough.

Many frontline jobs involve a lot of manual and repetitive tasks. Automation and AI are great tools to help shift workers’ focus from boring tasks to more interesting ones. So, it’s no shock that found that 63% of frontline workers are using AI tools in their jobs. Unfortunately, just 18% of employees have access to AI from their companies, which has led 45% to seek out free or personal AI tools for their work. This creates serious security risks for companies.

While frontline workers generally view AI less favorably than office staff, nearly half believe it could enhance their work experience. Generational differences are notable though, with 55% of Gen Z frontline workers expressing excitement about AI, compared to just 27% of baby boomers.

Frontline workers frequently also feel more anxious about AI, mainly because they’re worried about job security, feeling powerless against new tech, and thinking that human input in decision-making is dwindling. IDC’s survey shows that just 48% of frontline workers think AI isn’t a threat to their jobs. On the flip side, 20% feel they are at serious risk, with the remainder unsure. Getting to know AI tools better can help ease these worries for frontline workers and turn skeptics into skilled AI users.

More than 2 billion frontline workers play a crucial role in keeping our planet running. Their jobs are tough and often risky, involving 10- to 12-hour shifts in different settings. AI is changing the game for these workers by automating tasks, offering real-time insights, and giving them more power. AI isn’t just for office work anymore; it’s now making waves in most industries, including those with large numbers of frontline workers.

To move forward, tech providers and tech buyers must rethink what expertise means in today’s AI era. They must help frontline workers understand how AI tools can enable them to handle complicated tasks even with little prior experience. Our research suggests that companies can — and ought to — expand their view on who can get involved in AI-driven initiatives. By doing so, they can leverage the complete potential of their workforce and make sure that everyone is part of the AI transformation, ultimately boosting the return on investment for current and future AI projects.

Listen to Meike on the latest webcast, “Important Workplace Insights to Drive AI Sales in Europe”

Meike Escherich - Associate Research Director, European Future of Work - IDC

Analyst Profile
Meike Escherich is an associate research director with IDC's European Future of Work practice, based in the UK. In this role, she provides coverage of key technology trends across the Future of Work, specializing in how to enable and foster teamwork in a flexible work environment. Her research looks at how technologies influence workers' skills and behaviors, organizational culture, worker experience and how the workspace itself is enabling the future enterprise.