AI is spreading fast across European businesses, but many companies are flying blind.
The study conducted by IBM’s Institute for Business Value in partnership with Oxford Economics found that around 90% of executives in EMEA do not fully understand their organizations’ dependencies across AI vendors, models, and infrastructure. At the same time, nearly three-quarters said switching their main AI provider or model would be difficult.
That lack of visibility is becoming a major concern as enterprises move from isolated AI projects to broader deployments involving AI agents capable of making decisions and taking actions with limited human intervention.
The IBM report found that only 9% of the 1,000 executives surveyed globally believe they have an excellent understanding of their AI dependencies. Meanwhile, 71% said replacing their primary AI vendor or model would be difficult if they had to do so today.
The findings come as executives expect AI to play a much larger role in business decisions over the coming years. According to the research, surveyed CEOs said AI currently influences about a quarter of operational decisions, a figure they expect to rise to nearly half by 2030.
The cost of not knowing
A central concern raised in the research is the financial and operational impact of poor visibility into AI systems.
Many enterprises face unpredictable costs when AI workloads are misaligned with where data is stored or processed. The report notes that such mismatches can significantly increase token-processing expenses, adding millions in extra costs for large enterprises.
Beyond cost, resilience is also at stake. A large share of executives say that even a short outage at a primary AI provider would have severe consequences for business operations, potentially halting critical workflows. In EMEA, this concern is especially pronounced, with respondents warning that a seven-day disruption could trigger critical operational breakdowns.
Against this backdrop, AI sovereignty has become a central theme for executives and policymakers in the region. But IBM’s research suggests that sovereignty is often misunderstood.
Rather than simply owning infrastructure or keeping data within borders, AI sovereignty is increasingly defined as the ability to maintain control when conditions change, whether due to technical shifts, vendor decisions, or regulatory pressure.
The report argues that many organizations remain focused on fragmented governance approaches rather than treating AI systems as interconnected ecosystems requiring coordinated control across data, models, and infrastructure.
More must-read AI coverage
Governance gaps in an expanding AI landscape
As AI deployment expands, governance is emerging as another weak point.
IBM notes that many organizations lack structured oversight of their AI models and agents, even as these systems proliferate across departments. This creates challenges in tracking access, managing data flows, and ensuring compliance with evolving regulations.
The complexity is compounded by hybrid environments that mix on-premises systems, cloud providers, and open-source components. While this diversity can improve flexibility, the report suggests it is often not the result of a deliberate strategy but rather the accumulation of decisions over time.
Selective control, not full ownership
The IBM study concludes that full control of every layer of the AI stack is neither realistic nor cost-effective. Instead, it introduces the idea of “selective AI sovereignty,” in which organizations focus their control efforts on the most critical systems.
This means prioritizing strict governance for high-impact applications such as fraud detection, risk management, and core decision systems, while allowing greater flexibility in lower-risk areas such as translation or routine automation.
The research also finds that organizations with stronger AI control frameworks are significantly more resilient, protecting a substantially higher share of operating profit during disruptions compared to less prepared peers.
Also read: For another look at how weak visibility and governance can create risk, see our coverage of ShinyHunters’ claimed theft of Council of Europe data and what it signals for organizations across EMEA.
