Logo
Become a Client

Resource Regions: Central and Eastern Europe

A market that demands its own perspective

IDC today published the European Contact Center-as-a-Service (CCaaS) MarketScape, recognizing that Europe’s contact center landscape is shaped by unique regional dynamics, stringent regulatory frameworks, and a more measured approach to adopting new technologies. These characteristics make it essential to evaluate Europe as a distinct market rather than as an extension of global models. Success in this region depends on understanding trust, compliance, and local engagement at a much deeper level.

A market defined by diversity and regulation

The European CCaaS market is expanding rapidly, projected to grow from US$1.5 billion in 2024 to US$3.7 billion by 2029. Yet, it remains highly diverse and fragmented. Differences in regulation, business culture, and language shape how contact centers operate and adopt technology. For example, priorities such as pricing, professional services, and data residency vary widely across key markets, underscoring the importance of regional insight and tailored strategies over a one-size-fits-all approach.

Why a European MarketScape matters

The IDC European CCaaS MarketScape provides an in-depth assessment of how vendors address this diversity. It evaluates how effectively they align their strategies and offerings with Europe’s regulatory, cultural, and operational realities.

It also considers how vendors demonstrate thought leadership — not by simply leading with innovation, but by helping contact centers modernize responsibly. This includes educating customers on the value of digital transformation, offering support to overcome adoption barriers, and using partnerships to bridge linguistic and cultural gaps while building trust.

By capturing these nuances, the IDC European CCaaS MarketScape delivers a region-specific perspective that reflects the complexity, diversity, and maturity of Europe’s contact center ecosystem — and highlights the industry’s steady evolution toward AI-driven, compliant, and customer-centric operations.

IDC MarketScape: European Contact Center-as-a-Service Applications Software 2025 Vendor Assessment is available now.

If you have a question about anything, please fill in this form.

Oru Mohiuddin - Research Director - IDC

Analyst Profile
Oru Mohiuddin is a Research Director in the European Enterprise Communications and Collaboration team. Based in London, she is responsible for IDC’s coverage of Unified Communications and Collaboration in the region. Her work focuses on tracking the markets for premise-based and cloud solutions and new developments and trends, particularly in the light of changing work patterns impacting the traditional mode of enterprise communication. Prior to joining IDC, Oru worked for Euromonitor International, where she focused on Future of Work and technology in the SMB context. She also worked in New York and Bangladesh and speaks English and Bengali. Oru was awarded Chevening Scholarship by the British Foreign and Commonwealth Office to pursue her MSc in International Development from the University of Birmingham. In addition, Oru has a BA from Marymount Manhattan College in New York.

ROI Is the New Mandate: Events Are Back at the Center

B2B tech marketers are navigating tighter budgets and higher expectations in 2026. With ROI under the microscope, one strategy is emerging as both high-impact and measurable: events. IDC’s latest Sponsor Survey surfaces the data behind this shift, equipping marketing leaders with clarity on how and where to focus.

Events Deliver Real Value at Critical Stages

This isn’t a return to events as usual. It’s a reimagining based on measurable business outcomes.

According to IDC’s 2026 Sponsor Survey of 150 senior marketers across the US, UK, Germany, and Singapore:

  • 67% rank brand awareness as a top priority
  • 53% are focused on generating qualified leads
  • 90%+ say events deliver the most value in mid-to-late funnel stages

Hybrid Takes the Lead and the Budget

The format matters, and hybrid is winning.

When asked which formats they’ll prioritize in 2026:

  • 57% of marketers chose hybrid events as their top format
  • 58% expect their event budgets to increase next year

This reflects a push for flexible, scalable, and inclusive experiences that can drive personalized engagement at scale.

What Performance Looks Like in 2026

To prove impact, marketers are aligning event ROI with funnel-specific metrics:

Top success metrics:

  • Cost per opportunity (67%)
  • Lead quality and conversion (60%)
  • Deal influence in key accounts (43%)

Top challenges:

  • Complex execution (52%)
  • Delivering personalized experiences (42%)

Marketers aren’t just seeking impact,they need proof they can show upstream.

What Marketers Value Most in Event Partnerships

Marketers aren’t just choosing events; they’re choosing strategic ecosystems. The IDC survey reveals a strong alignment between what drives investment and what defines a valuable partner.

What drives investment in third-party events:

  • High-quality lead generation (67%)
  • Credibility through association with analysts or peers (63%)
  • Expansion into new accounts or buying centers (47%)

These motivators point to one thing: marketers want more than visibility; they want validation and velocity. Events must open doors, fast-track trust, and spark meaningful conversations.

What defines the right partner:

  • Price-to-value ratio (84%)
  • High-caliber audience (seniority, budget influence) (69%)
  • Personalization (66%)
  • Fast execution and support (54%)
  • Lead-to-pipeline conversion performance (53%)
  • Custom targeting options (51%)

It’s not just about format or reach. Marketers are choosing partners that combine content credibility with precision targeting. In a complex buying environment, relevance, not just scale, wins.

Together, these findings reflect a clear mandate: outcomes matter. From tailored audience experiences to measurable lead progression, marketers are investing where value is both visible and verifiable.

Insight-Led Content Is the Difference-Maker

The success of an event hinges on relevance. That’s why marketers are doubling down on partners who bring audience precision and analyst-backed content.

  • 91% say independent, analyst-led content is critical to event success
  • Trusted insight builds trust across every stage of engagement before, during, and after the event

Key takeaway: Price-to-value, audience quality, and credible content are top criteria when selecting event partners.

Navigate Your 2026 Strategy With Confidence

Events are no longer standalone experiences, they’re central pillars in a broader B2B growth strategy. When backed by trusted tech intelligence, the right formats, and analyst-led content, events can help your team hit every metric that matters.

Whether you’re optimizing your event calendar or rethinking your demand strategy, IDC’s insights are here to guide your next move.

🗓️ Explore the IDC 2026 Events Calendar
Discover the best opportunities to connect with your audience with data, formats, and partnerships that work.

In Europe’s markets, strategic messaging must prove ROI and stay aligned across strategy, sales, analysts, and country GTM teams. 

Strategic Messaging in Europe’s Markets 

As 2026 planning accelerates, high-performing GTM teams at tech vendors across Europe know that campaigns alone won’t secure growth. They’re stress-testing positioning – not only for internal alignment, but for resonance with buyer expectations, stakeholder dynamics, and budget scrutiny. 

The fundamentals of effective messaging remain constant across regions: clear strategy, ROI proof, and alignment across functions. In Europe, however, an added layer of complexity must be addressed: messaging needs to resonate across fragmented national markets, languages, and governance models while staying consistent for buyers. 

What We’re Seeing from Top-Performing GTM Teams in EMEA 

  1. Building from buyer economics, not brand preference

The strongest value narratives in 2026 are rooted in buyer economics. For European GTM teams, that means anchoring messaging in: 

  • Business outcomes tied to line-of-business KPIs 
  • Time-to-impact metrics that satisfy budget scrutiny 
  • Proof points that link product value to spend categories and investment decisions 

IDC research shows that messaging built around use-case ROI increases renewal likelihood by 3.5x. For GTM teams competing across Europe, this ROI narrative must be credible at headquarters and adaptable in local markets. 

  1. Aligning to who the buyer really is now

Your champion may still sit in IT or product, but the buying committee has expanded. In 2026, procurement, finance, RevOps, and CFOs will shape final evaluations – and their questions go beyond features and functions: 

  • How does this investment impact budget and efficiency? 
  • Where does it fit in the broader vendor stack? 
  • Does it align with compliance and operational resilience goals? 

For European GTM teams, these dynamics don’t change, but multi-country decision-making adds friction. ROI messaging must stay consistent across borders, so what a buyer hears in Paris matches what they hear in Munich or London. 

  1. Checking internal alignment before buyers do

Too often, what strategy wants to say, what sales are saying, and what analysts are reporting don’t fully align. That slows the buyer’s journey or stops it altogether. 

In Europe, the risk of misalignment is multiplied: 

  • A message crafted centrally may not translate effectively in country execution 
  • Analyst commentary may highlight ROI drivers in one market that don’t match what buyers hear locally 
  • Country-level adaptations risk drifting unless anchored in a shared ROI-based strategic framework 

Leading European GTM teams are addressing this by creating aligned narratives validated against external signals. That way, strategy, sales, analysts, and country teams reinforce each other rather than pulling apart. 

Why It Matters for Tech Vendors in Europe

In fragmented markets, the risk isn’t messaging that’s “wrong.” It’s messaging that’s slightly off – between strategy, sales, and analysts, or between headquarters and local GTM teams.

The strongest European GTM teams in 2026 will be those that:

  • Keep strategic alignment as their foundation
  • Prove ROI under budget scrutiny
  • Adapt to country-level nuance without losing consistency

IDC’s role as the Trusted Tech Intelligence provider is to help tech vendors validate and align these narratives — ensuring that what strategy defines, what sales delivers, and what analysts echo are all part of one coherent story across Europe.

Want a deeper checkpoint?

We recently published a new guide “5 Signals Your Messaging Won’t Win in 2026”.  This guide outlines the most common and often hidden signs of misalignment we’re seeing in enterprise GTM efforts right now, along with steps you can take to course-correct using IDC data.

If you have a question about anything, please fill in this form.

 

 

 

 

The IDC European Enterprise Communication and Collaboration Survey 2025 reveals increasing market segmentation in the UC space, as customers demand more choice and flexibility. This underlines the need for UC providers to evaluate their strategies and align more closely with evolving market trends. Below are the key findings from the European survey.

Businesses Demand Greater Choice and Flexibility

Most current UC offerings present binary, mutually exclusive choices that lock customers into a single platform. These options fail to address the full spectrum of business requirements, forcing organizations into trade-offs between critical capabilities such as transparency and control versus scalability and flexibility. As a result, many are unable to achieve their desired outcomes to the fullest extent.

A Resurgence of On-Premises Deployments

Cloud solutions provide scalability and eliminate upfront infrastructure costs, but some organizations are reverting to on-premises models to regain greater control and transparency over their IT environments. Regulatory constraints and geopolitical concerns — including the implications of the US Cloud Act — are driving this shift, particularly in sensitive verticals. However, this choice also involves trade-offs, with transparency and control being prioritized over flexibility. But it is not just reverting back to on-premises UCC – 60% across the board have stated that they will replace their existing solutions.

A New Era of Choice in Deployment Models

As customer demand for flexibility increases, the market is seeing greater segmentation and a shift away from traditional “either/or” approaches. Deployment models no longer need to be substitutes for one another. Instead, they can coexist, with each bringing unique, often irreplaceable value. Applications can now be decoupled from the underlying infrastructure, offering a wider range of hosting options across environments. This represents a market inflection point, where customers have more choice and flexibility to adopt solutions that best meet their needs.

Hybrid Deployments Are Becoming the Standard

Two-thirds of European businesses are already using multiple UC solutions across different deployment models to meet diverse requirements. While this hybrid approach enables organizations to capture the strengths of various models, it also introduces challenges — including higher maintenance costs, operational complexity, and integration issues. In the context of AI-driven automation, this creates opportunities for innovation to simplify hybrid environments and reduce complexity.

Strategic Implications for UC Providers

No single vendor can cover all requirements alone. A clear understanding of customer priorities, combined with close ecosystem collaboration, will be critical as the market continues to evolve. IDC’s European UCC research provides the insights needed to help providers align strategies with shifting customer needs.

If you have a question about anything, please fill in this form. 

As cloud marketplaces continue to grow in scale and influence, they are reshaping how software is bought, sold, and delivered. For independent software vendors (ISVs), cloud platforms, and partners, marketplaces offer a streamlined route to customers, accelerated procurement, and new monetization models. But as this ecosystem matures, a subtle but important issue is emerging: the potential for revenue double-counting across the value chain.

The marketplace revenue flow

In a typical cloud marketplace transaction, a customer may purchase a SaaS or PaaS solution from an ISV via a private offer. That offer might be created by a distributor and fulfilled by a partner, while the ISV itself runs its solution on the same cloud platform that hosts the marketplace. Each party in this chain—partner, distributor, ISV, and cloud provider—may record the full transaction value as revenue or gross merchandise value (GMV), depending on their role and reporting model.

Where overlap occurs

The potential for double-counting arises when the same infrastructure spend is captured in multiple places. For example, an ISV may purchase infrastructure-as-a-service (IaaS) from a cloud provider to run its application. That same ISV may then sell its solution via the cloud marketplace, where the customer pays for the full SaaS offering—including the embedded IaaS costs. In this scenario, the cloud provider may record both the ISV’s IaaS consumption and the customer’s SaaS purchase as separate revenue streams, even though they are economically linked to the same infrastructure usage.

Estimating the impact

Our latest estimates suggest that up to 10–20% of reported marketplace revenue could be subject to some form of double-counting. This is particularly relevant in complex enterprise deals involving multiple intermediaries and multi-year commitments. The risk of overlap is higher in marketplaces with mature ISV ecosystems and transactional depth, where infrastructure and software are tightly coupled.

Implications for the ecosystem

This dynamic doesn’t imply wrongdoing—each party is legitimately recognizing revenue based on their role in the transaction. However, it does raise questions about how we measure the true size and growth of the cloud economy. Without careful deduplication and end-user-level spend tracking, there is a risk of overstating total IT spend, partner influence, and marketplace adoption.

Why it’s hard to fix

The challenge lies in the complexity of the ecosystem. Each participant has different incentives, reporting standards, and visibility into the transaction flow. Cloud providers may report gross marketplace volume, ISVs may report full contract value, and partners may claim influence or attach credit. Without a standardized framework for revenue attribution, it’s difficult to isolate and remove duplication.

A subtle signal

This isn’t a crisis—but it is a signal. As marketplaces become a larger share of enterprise IT procurement, the need for transparency and consistency will grow. For ISVs and cloud platforms alike, understanding where and how revenue is recognized can help avoid misaligned incentives and ensure sustainable growth. It’s something to be aware of as the ecosystem continues to evolve.

IDC’s EMEA Partnering Ecosystems team helps technology vendors, platforms, and ISVs navigate the evolving dynamics of cloud marketplaces and partner ecosystems.

Through continuous engagement with the ecosystem and proprietary survey data, we provide grounded, real-world insights into how value flows, where overlaps occur, and what it means for your go-to-market strategy. Whether you’re refining partner models, optimizing marketplace presence, or simply seeking clarity in a complex landscape, we can help. Get in touch to access the intelligence you need to make smarter, faster, and more efficient ecosystem decisions. For more information on the research, click here.

Listen to Stuart and Andreas’ webcast “The New Partner Playbook: Ecosystem-Led Growth in EMEA” register here.

If you have a question on this or anything related to partnering, please drop it here.

Stuart Wilson - Senior Research Director, EMEA Partnering Ecosystems - IDC

Analyst Profile
Stuart Wilson is senior research director for IDC’s Europe, Middle East & Africa (EMEA) Partnering Ecosystems program. With over two decades of global experience, Stuart focuses on the rise of complex, connected ecosystems and how platform models are reshaping routes to market and partner engagement frameworks.

Given all the geopolitical and economic upheavals so far seen in 2025, concerns about U.S. tech dominance, and fear of services from (non-European) IT providers being withdrawn as a result of government executive orders, the big question we keep hearing in Europe is “What is Plan B”?

I can answer that.

Firstly though, it should be noted that Europe’s interest in digital sovereignty has always been high. Now, as geopolitical tensions escalate and regulatory uncertainty deepens, many organisations on the continent see this as a strategic imperative.

But…

Geopolitical risk has typically been a low-ranking market driver for those seeking sovereign solutions in Europe. Sure, IDC’s 2025 Worldwide Digital Sovereignty Survey shows that this has climbed up the rankings, now attracting more than a quarter of responses compared to last year when it was slightly less and even coming bottom of the list of drivers as it has done so in the years prior to 2024.

What’s more revealing is that Europe now has a new top sovereign cloud market driver: protection against extra-territorial data requests.This reflects growing anxiety over foreign access to sensitive data and a clear signal that sovereignty is no longer just about compliance and control, but has a greater focus on autonomy.

The European provider’s response: “Plan B”

In what can be regarded as a largely unprecedented move, Europe’s service providers have reacted swiftly and have taken a proactive approach, joining forces to offer what they consider to be the “alternative” (and many also promote the idea of services, platforms and providers that can be labelled as “Made In Europe”).

Some examples here include EuroStack, which calls for a Europe-led digital supply chain spanning chips, cloud, AI and digital governance; virt8ra (pronounced virtoora), which is billed as Europe’s first sovereign edge cloud; and the EU-funded Sovereign European Cloud API (SECA) which is available to all European cloud providers for cloud infrastructure management.

These initiatives reflect a broader push to reclaim digital autonomy and reduce dependency on non-European tech giants.

The global cloud providers’ response: committed to Europe

The global cloud providers have not been standing still. And of course, none of them are about to walk away from their highly successful business operations in Europe.

In recent months, several big name providers, such as Google and Microsoft, have enhanced their sovereign offerings to emphasize how sovereignty and U.S. big tech can work provided the right controls and partnerships are in place.

And clearly, just as the global cloud providers are not planning to abandon Europe, Europe is not planning to abandon them.

For instance, despite all the media hype earlier this year around German authorities “ditching” Microsoft in favour of their own home-grown solutions (in June 2025, the German state of Schleswig-Holstein rolled out the OpenTalk videoconferencing solution, developed by Berlin-based Heinlein Support, across all state agencies), partnerships with U.S. providers continue to be announced.

These include the German Federal Office for Information Security’s (BSI) strategic cooperation agreement with AWS in the run-up to the launch of the AWS European Sovereign Cloud in Germany later this year.

Separately, the BSI has also teamed-up with Google Cloud to support the development and deployment of secure and sovereign cloud solutions for government agencies, including the German military that will use an air-gapped version of Google distributed cloud.

IDC’s response: Techxit? What techxit?

Despite their increased interest in sovereign solutions due to all the geopolitical turmoil, just 4% of European organisations say they plan to stop using cloud services and platforms from global public cloud vendors and only partner with local cloud providers.Thus, reports of ‘techxit’ – the prospect of U.S. providers being forced out of Europe for whatever reason – are greatly exaggerated.

Instead, the dominant strategy is staying “glocal”: combining global innovation with local control by using both global and local providers, and many organisations in Europe say they will continue to depend on global cloud vendors.

What’s more, the idea of a full-scale “techxit” remains impractical, given the deep integration of global technologies in European IT environments.

Of course, it would be naïve to think that buyer expectations have remained unchanged in 2025 – far from it.  The expanded interest in digital sovereignty in Europe is expected to account for a decrease in organisations using sovereign cloud from not only global providers but also their local counterparts, with managed providers seeing a slight increase. The changes here are not huge but significant enough for all providers to take not.

What all providers need to consider

To succeed in this evolving landscape, cloud providers must:

  • Offer verifiable protections against extra-territorial data access
  • Prioritize network sovereignty, including data in transit
  • Invest in AI governance and compliance-first infrastructure
  • Build regional partnerships to meet local expectations
  • Embrace open standards to support interoperability and avoid vendor lock-in

So what is “Plan B”?

IDC has long maintained that a trusted ecosystem of partners is needed for sovereignty to work at scale, and we believe this should include a combination of using global and local providers.

For the global cloud players that means looking for the right regional and in-country partners to help boost local credibility and to deliver local services, local expertise and leverage local knowledge.

For the local service providers, it means partnering with global players to help deliver innovation and scalability.

And then the global SaaS providers need to be able to work across both to develop and deliver customized offerings within sovereign frameworks.

Europe’s vision for digital sovereignty is not about isolation — it’s about balance. The goal is to level the playing field, reduce dependency, and ensure that the continent can compete globally while retaining control locally.

Ultimately it’s about the sovereign aspect of digital self-determination and survivability and self-sufficiency. The latest geopolitical uncertainties indicate a recalibration of Europe’s cloud market, not a rejection of global providers.

So what’s Plan B? Our advice to organisations in Europe seeking sovereign solutions is to stick to Plan A.

For more information and to see what Rahiel is covering, look here: Digital Sovereignty. 

Got a specific question? Drop it in here.

Rahiel Nasir - Research Director, European Cloud Practice, Lead Analyst, Digital Sovereignty - IDC

Analyst Profile
Rahiel Nasir is responsible for leading and contributing to IDC's European cloud and cloud data management research programs, as well as supporting associated consulting projects. In addition, he leads IDC's worldwide Digital Sovereignty research program. Nasir has been watching technology markets and writing about them throughout his professional life.

The deadline for the transposition of the EU’s second Network and Information Systems Security directive (NIS 2) came and went in October 2024 with only a handful of member states having completed the task. As it became clear that this was not just a minor case of not submitting the paperwork on time, the European Commission (EC) swung into action, initiating infringement proceedings against 23 member states in November 2024, with those countries given until January 2025 to provide updates on their progress or demonstrate that they had achieved compliance. Only Belgium, Croatia, Italy, and Lithuania escaped the wrath of the Commission.

Changes

Through the first half of 2025 the picture gradually changed, although decisive numbers depend on the interpretation of what it means to be compliant. In May 2025, 19 member states were on the receiving end of another ultimatum from the EC. However, by July 2025, the list of countries that had enacted laws on the implementation of NIS 2 had swelled to 14 states, with Cyprus, Denmark, Finland, Greece, Hungary, Latvia, Malta, Romania, Slovakia, and Slovenia joining the first four countries noted above. Denmark, Finland, Hungary, Latvia, and Slovenia were the countries with the dubious honour of having transposed the directive but still making the EC’s naughty list. The nuance is that countries not only have to transpose the law, they also have to provide full notification of all applicable legislation to the Commission.

Note that EC saber-rattling is not confined to NIS 2: the Commission provides a monthly list of its infringement decisions and recent iterations have included calls around energy legislation, emissions trading, corporate sustainability reporting, and more.

It’s also worth looking at why some of the non-compliant states have not made the required progress. In several cases, the countries in question have gone through changes in government, often multiple times. In Portugal, the government has toppled three times in three years, most recently in March 2025. Germany’s elections in February 2025 meant that all pending legislation either had to be reintroduced or was put on hold. The collapse of the Dutch government at the beginning of June 2025 further set back a process that was already behind schedule.

Legislative processes are complex and any disruption can lead to delays both initially and then further down their carefully calibrated calendars.

Under pressure

What does this mean for all the organizations covered – or likely to be covered – by the Directive? How should a company with operations in 10 EU member states, for example, build its compliance strategy and roadmap if 5 of those member states have transposed the Directive and 5 have not? The legislation is already extensive and complex enough without such additional uncertainty layered on top.

Uncertainty impacts organizational planning. According to IDC’s 2025 EMEA Security Technologies and Strategies Survey, almost two-thirds of organizations covered directly by the legislation had not yet started compliance work, as of spring 2025. Allocation of dedicated funding is difficult under these circumstances, with 82% of organizations saying they had not seen any change in their security budget to address NIS 2 requirements. That does not mean no funding is available – but when the directive comes into force in their relevant markets, it may require reallocation of existing funds from other initiatives.

Of course, there are measures that can be taken that do not require technology investments, with 19% of organizations saying they have updated their security policies and processes in relation to NIS 2 requirements. Still, that is less than 1 in 5.

Up the hill backwards

Delays in transposition of the legislation may lead some organizations to consider that time is on their side and there is little need to press ahead with preparations for compliance. Until a European law has come into force, there is no legal basis to enforce compliance. Nevertheless, there are legal principles that caution against taking this approach.

The so-called doctrine of effectiveness principle created by the European Court of Justice in relation to EU laws puts obligations on EU member states to act in certain circumstances. It may seem like there is little incentive to pursue such cases but bear in mind that NIS 2 aims to build cyber resilience in critical and important entities, in the face of ever-increasing cyberattacks. So, when a major cyber incident disrupts operational capability in a critical vertical, after the initial impact has been contained and services restored, investigations and audits will follow. In that situation, there is no guarantee that the principle of effectiveness will not be invoked, if it is deemed that an in-scope organization failed to take appropriate measures to manage the risk.

Most member states have set up registration mechanisms through which in-scope organizations have to provide certain information such as designated personnel, contact details, IP ranges, and more. The designated authorities in each member state are required to compile those lists of critical and important entities and share the number of entities, along with the sector and subsector breakdown, with the EC and the NIS 2 Cooperation Group. These coordinated actions serve a broader function of enabling the EU’s supranational cybersecurity operational bodies to track and address major incidents that may transcend national borders and lead to impacts spreading across sectors and countries. Consequently, even in member states that have not completed transposition it is crucial that in-scope entities fulfill the registration requirements for their organization.

The area of incident response also bears scrutiny. Article 23 of the NIS 2 directive details incident reporting obligations, which include an initial alert that must be made within 24 hours of becoming aware of the incident, full notification within 72 hours, and a final, detailed report within one month. Even before full transposition, member states themselves are required to run Computer Security Incident Response Teams (CSIRTs) that are obliged to support in-scope entities in case of an incident. Subject to the findings of those cases, compliance demands could be applied retroactively or specific requirements imposed with compressed deadlines to address key issues.

It’s no game

Despite delays in transposing the legislation, the NIS 2 directive is moving inexorably towards being enforced across the EU and even beyond, when we take into account international companies with operations in EU member states or companies that are suppliers to in-scope organizations. According to IDC’s survey, 41.1% of organizations said that despite not being in-scope for NIS 2, they are still facing compliance requests from some of their partners that are covered by the directive. Individual countries continue to make progress: in Finland the legislation came into force on April 8th 2025; in Slovenia on 19th June; and in Denmark and Estonia on July 1st. Cyber incidents and the risk of extended legal actions make a very strong case for all in-scope entities to prioritize achieving NIS 2 compliance. And even if the auditors aren’t watching you – maybe the cybercriminals are.

To learn more about how European organizations are preparing for NIS 2 compliance, visit IDC’s European Security Technologies and Strategies page. If you have a specific query about NIS 2, drop it in this form.

Mark will be speaking at IDC’s CISO Xchange, which takes place 9-11 November in Marbella, Spain.

Mark Child - Associate Research Director, European Security - IDC

Analyst Profile
Associate Research Director Mark Child of IDC’s European Security Group leads the group's Endpoint Security and Identity & Digital Trust (IDT) research for both Western Europe and Central & Eastern Europe. He monitors developments in security technologies and strategies as organizations address the challenges of evolving business models, IT infrastructure, and cyberthreats. Mark's coverage includes in-depth security market studies, end-user research, white papers, and custom consulting.

Discover strategies to quantify ROI, build buyer confidence, and drive growth in a competitive tech market.

In today’s technology landscape, having an innovative product is just the starting point. What truly sets successful tech vendors apart is their ability to demonstrate clear, measurable business value and return on investment (ROI) to their customers. This shift is driven by evolving buyer expectations, economic pressures, and the need for technology investments to deliver tangible outcomes aligned with broader business goals.

Why ROI and business value matter more than ever

The market environment has transformed significantly in recent years. Economic uncertainties and tighter IT budgets mean that decision-makers—from CFOs to CIOs—are monitoring investments with higher levels of scrutiny. Digital transformation must prove its worth through quantifiable results.

Three key forces are shaping this new reality:

  • Economic pressure: Organizations must justify every expenditure, making financial accountability paramount.
  • Rapid technological change: Businesses need to adopt solutions that not only innovate but provide competitive advantages.
  • Increased accountability: IT leaders are under growing pressure to demonstrate measurable impact to stakeholders.

In this context, ROI has become the deciding factor for investment decisions. It translates technology benefits into financial terms, aligns technology initiatives with strategic business objectives, and reduces risks by offering assurance through proven value.

Moving beyond features: how to prove business value

Tech buyers today demand more than product specs—they want evidence of how a solution will improve their operations, reduce costs, or increase revenue. To meet this demand, vendors must embrace a comprehensive, data-driven approach to showcase business value:

  • Use data-backed documentation: Whitepapers, case studies, and analyst reports grounded in credible research help tell a compelling story.
  • Offer tailored financial models: Interactive ROI calculators and TCO analyses customized to specific client scenarios provide clarity and confidence.
  • Highlight operational KPIs: Metrics like productivity gains, time savings, and efficiency improvements resonate alongside financial data.
  • Leverage customer insights: Real-world success stories and testimonials add authenticity and build trust.

A holistic approach to business value

Demonstrating business value requires more than just numbers—it demands a strategic, customer-centric mindset:

  • Validate with industry research: Third-party validation from trusted sources enhances credibility and trust.
  • Tailor to customer needs: Align your messaging with the unique challenges and goals of each prospect.
  • Present a multifaceted value proposition: Beyond cost savings, emphasize strategic benefits such as improved agility, innovation enablement, and enhanced customer experience.

Why IDC Is your ideal partner for business value success

At IDC, we specialize in supporting tech vendors quantify and communicate the real-world impact of their solutions. Our Business Value services combine rigorous research, tailored financial analysis, and compelling storytelling to empower your sales and marketing teams. We provide:

  • Detailed ROI and TCO models that resonate with CFOs and finance teams.
  • Strategic presentations and case studies that speak to CIOs and IT decision-makers.
  • Training and tools to equip your sales force to confidently address objections and demonstrate value.

By partnering with IDC, you gain access to trusted expertise and proven methodologies that accelerate buyer journeys, reduce sales cycles, and ultimately drive revenue growth.

Final thoughts

In a market where every investment must have a return, demonstrating ROI and business value is essential. Tech vendors who can clearly articulate the economic and operational benefits of their solutions will not only win more deals but build lasting partnerships grounded in trust and measurable success.

Are you ready to unlock the full potential of your technology offerings by proving their true business value? Connect with us to learn how IDC can help you transform your sales approach and drive impactful results.

Lynn-Kristin Thorenz - Associate Vice President, Research & Consulting - IDC

Analyst Profile
Lynn-Kristin Thorenz is Associate Vice President, Research & Consulting. In her role, Lynn manages IDC’s consulting and research business in Germany and Switzerland and is responsible for the successful delivery of IDC’s local portfolio which includes standard research products, Go-to-Market Solutions and individual client projects. She works closely with IDC's clients to understand their specific needs and requirements and to tailor solutions which support their business objectives. Lynn is also responsible for the strategic development of the complete range of IDC's local research and consulting activities around Digital Transformation and IDC’s 3rd Platform Technologies.

At the 2025 NATO Summit in The Hague a few weeks ago, member states pledged to allocate 5% of their annual GDP to core defense requirements and defense- and security-related expenditures by 2035. This represents a significant departure from the alliance’s longstanding 2% benchmark, particularly given that the current average defense spending among NATO members only marginally meets the 2% target.

European nations constitute the majority of NATO’s members. And since the onset of Russia’s invasion of Ukraine, several Eastern European countries—such as Poland—have substantially increased their defense budgets. Nevertheless, many European allies remain below the alliance average, rendering the new 5% objective highly ambitious. The United States continues to lead in defense investment, with expenditures approaching $1 trillion in 2024— double the combined defense spending of Europe and Canada — and has been an advocate for heightened commitments among NATO.

The new target of 5% of GDP is structured to address both immediate military needs and broader security challenges, with an ideal split of spending among 2 categories:

3.5% of GDP: core defense requirements

  • Purpose: This portion is dedicated to traditional military expenditures.
  • Coverage: Includes funding for active personnel, acquisition and maintenance of weapons systems, military equipment, R&D, and operational readiness.

1.5% of GDP: defense and security-related investments

  • Purpose: This segment is allocated to areas that support and enhance national and alliance security beyond conventional military assets.
  • Coverage: Encompasses investments in critical infrastructure (such as energy grids, transportation networks, and communication systems), network defense, and resilience against hybrid threats.

Direct ICT Spending Impact

Core defense Spending: A larger budget is expected to drive more funding for defense organizations and spark a ripple effect in ICT spending. According to IDC Worldwide ICT Spending Guide Enterprise and SMB by Industry, aerospace and defense ICT investments in Europe will top $11 billion in 2025—about 1% of the region’s total ICT expenditure.

Military modernization efforts are focused on upgrading command, control, communications, computers, intelligence, surveillance, and reconnaissance (C4ISR) systems, strengthening cyber defenses, integrating artificial intelligence for battlefield operations, and enhancing encryption to secure communications and protect against cyber threats. However, this category will likely represent only a small portion of the overall 3.5% GDP allocation to core defense requirements.

Assuming the 3.5% target equates to approximately $665 billion, it is expected that initially less than $20 billion will be directed towards digital modernization and related technologies. This restrained allocation stems from several pressing priorities:

  • Many NATO members must rearm and modernize legacy military equipment, much of which is outdated or exceeded its operational life.
  • There is an urgent need to rebuild naval fleets and replenish armament supplies, particularly after significant stocks were transferred in support of Ukraine.
  • Substantial investment in unmanned aerial systems (drones), which are increasingly central to modern warfare, will also consume a major share of the available resources.

Therefore, while digital modernization is strategically important, the immediate proportion of defense spending dedicated to these initiatives will be modest in comparison to the broader requirements of re-equipping and reinforcing conventional military forces. Over time, this share may increase as foundational rearmament needs are addressed and digital technologies become further integrated into military operations.

Indirect ICT spending impact

Defense and security-related investments: Efforts are focused on securing critical infrastructure from both cyber and physical threats, enhancing national and international cybersecurity through advanced tools, investing in IoT and digital twin technologies for real-time monitoring, and promoting post-quantum cryptography and secure digital identities. However, the most significant portion of spending in this area will be dedicated to fundamental cybersecurity measures and the development of sovereign data and cloud capabilities. Much of this investment will address foundational requirements, such as fortifying existing networks, implementing robust data protection protocols, and ensuring compliance with national security standards.

While initiatives involving emerging technologies—such as post-quantum cryptography—are important for long-term resilience, these areas are likely to attract only limited funding initially. The focus will remain predominantly on basic cybersecurity infrastructure and sovereign data management until Europe further develops a robust innovation base in the defense technology sector. Heavy investment in more advanced and experimental digital solutions will depend on the establishment of this foundation and the maturation of European defense-driven technological ecosystems.

Induced ICT spending impact

This growth will create new opportunities for core defense solutions and benefit related industries, fueling wider momentum in the Defense Ecosystem. This momentum has therefore set off significant induced ICT spending, especially among major European defense contractors. As these companies prepare to deliver more advanced and diverse products and services, the demand for innovative IT solutions and digital transformation initiatives has surged. This effect spans not only traditional leaders such as Leonardo, Dassault, and Rheinmetall, but also extends to BAE Systems, SAAB, Indra, Thales, and Airbus, among others.

The current environment provides a strong opportunity for the European defense industry to enhance its position in the global market. By accelerating investments in areas such as digital platforms, cybersecurity, cloud infrastructure, and advanced analytics, the sector can differentiate itself while building greater resilience and competitive strength. Examples of current IT and digital transformation-related initiatives include:

  • Development of secure, sovereign cloud platforms for defense applications and data management.
  • Deployment of AI-driven command and control systems to improve operational decision-making and mission effectiveness.
  • Launch of pan-European projects to promote interoperability, digital sovereignty, and cybersecurity across defense networks, often supported by the European Defence Fund and broader EU digital policy frameworks.

These initiatives foster a more interconnected and technologically advanced defense ecosystem, ensuring that European contractors can respond to evolving demands and capture new growth opportunities in a global context

NATO’s new 5% GDP spending target signals a major shift for Europe’s defense sector, promising record investment in military capabilities and key enabling technologies by 2035. However, long-term commitment is uncertain, as future governments may redefine priorities.

This shift opens the door for technology providers—whether established contractors or innovative startups—to play an essential role in shaping the continent’s security future.

For technology providers, the key imperatives are clear:

  • Make the defense market a top priority. With traditional defense budgets swelling and new funding streams available, tech vendors – especially those historically focused on enterprise or civil solutions – should prioritize defense within their broader industry strategies. Consider how your technology – especially AI-driven solutions for logistics, scheduling, or intelligent automation – could be adapted for military use. With rising defense investment and a growing need for innovation, now is the time to explore how your products can address emerging defense challenges and open new markets.
  • Embrace broader collaboration: Leverage increased funding and European Union support for joint ventures and R&D initiatives to accelerate adoption and scale innovation across national boundaries.
  • Drive dual-use innovation: Develop technologies that bridge defense and civilian markets, maximizing addressable opportunity while supporting national security objectives. In doing so, it is essential also to consider the spillover effects beyond pure core defense spending in adjacent sectors.

The path forward demands agility, innovation, and collaboration, but the rewards – in terms of both market opportunity and societal impact – are substantial.

To learn more about how ongoing geopolitical dynamics are shaping IT spending strategies, visit IDC’s Digital Economy Strategies page.

Lapo Fioretti - Senior Research Analyst - IDC

Analyst Profile
Lapo Fioretti is a Senior Research analyst in IDC Digital Business Research Group, leading the European Emerging Technologies Strategies research. In his role, he advises ICT players on how European organizations leverage new technologies to create business value and achieve growth and analyzes the development and impact of emerging trends on the markets. Fioretti also co-leads the IDC Worldwide MacroTech Research program, focused on the intertwined connection between the Economical and Digital worlds - analyzing the impact key MacroEconomic factors have on the digital landscape and viceversa, how technologies are impacting economies around the world.

Remember the good old days when “Shadow IT” was just about rogue Excel spreadsheets and unauthorized Dropbox accounts? But the times they are a-changing! Now we’re dealing with something far more insidious: Shadow AI. And no, it’s not just lurking in the corners of your or anyone’s organization anymore. Now, it’s driving productivity gains while simultaneously creating security nightmares that, hopefully, keep CISOs wide awake at night.

From private drives to GPT instances

Shadow IT has been the bane of enterprise administrators’ existence for decades. We’ve all seen it: marketing teams building up their own CRM systems, sales departments hoarding customer data in personal cloud drives, and finance teams creating elaborate Excel macros that, unnoticed, somehow have become mission-critical applications. But nowadays we have Shadow IT on AI steroids.

Because instead of innocent unauthorized OneDrive instances, we have unauthorized ChatGPT accounts, private Perplexity subscriptions, custom Copilots, and Excel automation scripts integrated with GPT APIs. And they ALL operate completely outside of IT oversight.

As many experts repeat: shadow IT hasn’t disappeared – it has evolved. And artificial intelligence has given it turbocharged engine.

The staggering scale of unauthorized AI adoption

IDC’s Global Employee Survey from April 2025 reveals that 39% of EMEA employees are using free AI tools at work, another 17% use AI tools they privately pay for. Only 23% of employees declare they use AI tools provided by their organization, and it still does not mean they are not using private tools simultaneously. Another survey I’ve come across shows that 52% of workers won’t admit to using AI in their jobs. And the percentage of sensitive corporate data being fed into AI tools has skyrocketed from a not insignificant 10% to over 25% in just one year.

Why are these numbers so high? The answer is frustratingly simple: on a basic level, AI can be ridiculously easy to use. You need a browser, a prompt, and you’re done. No coding, no server configuration, no IT tickets that sit in queues. Just pure, immediate productivity enhancement. Maybe with a bit of compliance catastrophe on the side, but who’s looking?

March or die

However, let’s be brutally honest about why else these numbers are so high. Employees aren’t just using AI tools to work smarter – they’re often using them to survive increasingly unreasonable workplace expectations. In an era where headlines scream about companies replacing entire departments with AI, workers are fighting hard to prove their relevance.

The pressure is palpable and justified. When employees read about firms cutting 30% of their workforce while boasting about AI-driven efficiency gains, the message is clear: march or die. Shadow AI adoption isn’t just about productivity enhancement, more than anything it can be about professional self-preservation.

This creates a weird dynamic where the very people organizations depend on feel compelled to hide the tools that make them valuable. Are they being rebellious or just rational? When your job security depends on meeting targets that seem designed for superhuman capabilities, you’ll probably use whatever tools necessary to achieve them, authorized or not.

Most AI tools don’t require dedicated client applications. They operate seamlessly through web browsers or as mobile apps, making them almost invisible to traditional IT monitoring systems. The vast majority of ChatGPT, Google Gemini or other tools usage at work happens through non-corporate accounts, meaning corporate data or IP is being processed by AI models that organizations have zero visibility into, zero control over, and zero ability to audit.

How pursuit of productivity kills strategic AI adoption

Many organizations, in their relentless pursuit of productivity metrics and efficiency gains, are creating an environment where employees feel compelled to hide their AI usage to meet impossible expectations. This creates a vicious circle where leadership demands productivity improvements while threatening job cuts, employees discover AI tools that help them meet unrealistic expectations, IT blocks access, so employees use unauthorized tools to avoid becoming the next layoff statistic.

The result? Organizations end up with lower overall AI adoption rates than they could achieve, precisely because they created a fear-based environment where survival instinct eats strategy for breakfast. Define irony: companies that publicly celebrate AI’s potential to replace human workers are simultaneously frustrated by their inability to achieve coordinated, strategic AI implementation.

The education paradox or one-time is here to fail you

And here’s where most organizations spectacularly miss the mark. They roll out a single “AI Awareness” training session, check the compliance box, and wonder why employees still go rogue.

Basic communication theory tells us that people need to hear a message seven times before it truly registers. Yet organizations treat AI education like a software update: deploy once, assume adoption. The learning curve for responsible AI usage isn’t a gentle slope. Or maybe gentle but the road will be long and winding. Employees need ongoing, contextual education that evolves with the changing AI landscape. They need to understand not just the “what” and “how,” but the “why” behind AI governance policies. (And you need AI governance, do we even need to say that?) When people understand the reasoning behind restrictions, compliance rates soar. When they don’t, Shadow Everything thrives.

Smart organizations recognize that AI literacy requires sustained and strategically planned education programs. They build comprehensive learning pathways that revisit core concepts with increasing depth over time, ensuring employees develop genuine understanding rather than superficial compliance. This investment isn’t just about risk mitigation – it’s about creating a workforce capable of strategic, responsible AI adoption.

Hope for the transparency solution? BYOAI!

The IEEE Computer Society proposes a solution that might make traditional IT nervous: BYOAI (Bring Your Own AI). This approach emphasizes transparency, risk assessment, and responsibility while allowing employees to work with their preferred AI tools.

The concept acknowledges a fundamental truth that many organizations refuse to face, although they should have learnt already: you can’t stop Shadow AI, or anything else for that matter, adoption through prohibition. Prohibition will only drive it deeper underground, where it becomes even more dangerous. Think about Chicago, Valentine’s Day, circa 1929, So if a ban is not the answer, then what? The easiest, yet most reliable, way to mitigate risk is good old, albeit boring, education…

Embrace reality, manage risk

Shadow AI isn’t going away. The productivity gains are too compelling, the tools are too accessible, and the competitive pressure too intense. Organizations have two choices: build frameworks for managing Shadow AI or watch it manage them.

What will smart companies do?

  • Invest heavily in ongoing employee AI education (not one-shot training)
  • Create transparent AI governance frameworks
  • Design security policies that enable rather than restrict innovation
  • Build trust through collaboration rather than control
  • Measure success by strategic AI adoption, not just productivity metrics

The question isn’t whether Shadow AI is a threat or an opportunity – it’s whether your organization will respond with wisdom or wishful thinking. Choose wisely!

Listen back to Ewa on the following webcast: AI in 2025: Deliver or Wither

To learn more about how International Data Corporation (IDC) can support your technology market data needs, please contact us.

Ewa Zborowska - Research Director, AI, Europe - IDC

Analyst Profile
Ewa Zborowska is an experienced technology professional with 25 years of expertise in the European IT industry. Since 2003, she has been a member of the IDC team, based in Warsaw, researching IT services markets. In 2018, she joined the European team with a specific emphasis on cloud and AI. Ewa is currently the lead analyst for IDC’s European Artificial Intelligence Innovations and Strategies CIS.