The numbers vary by survey, the direction never does: a substantial share of employees use AI tools at work without the company knowing. Our experience from first conversations matches exactly — management is "still evaluating the topic", the departments have long-established routines. The condition has a name: shadow AI. And the usual answer to it — the ban — makes it worse.
Why bans fail
The ban feels like action: an email from the boss, a paragraph in the IT policy, done. Except it changes almost nothing about behaviour — for a simple reason: the tools are too useful. Whoever saves an hour a day with AI doesn't stop saving because of a company-wide email. They stop talking about it — and switch from the work computer to the private phone, where no IT department in the world sees anything. The pattern isn't new; fifteen years ago it was called shadow IT, with private USB sticks and Dropbox folders. Only the speed is new.
On top of that comes a distribution effect that's rarely spelled out: the ban hits the wrong people. The conscientious comply and work more slowly than their colleagues. The careless carry on as before — just invisibly. A ban therefore selects in exactly the wrong direction: less usage among those who would handle it responsibly, unchanged usage among those it was supposed to rein in.
The real risks
That shadow AI is a problem is still true — it's just that the problem lies elsewhere than most ban emails suggest. This isn't about alarmism: most of the shadow usage we hear about in conversations is harmless — phrasing help, translations, summaries. But the exceptions pack a punch. Three risks carry the main load (and as always with legal topics: hands-on experience, not legal advice):
- Customer data and HR data in a private account. Without a data processing agreement, on unvetted infrastructure, depending on the account type with training on the inputs. That's not a peccadillo, that's a data protection incident waiting to be filed.
- Trade secrets. Calculations, contract drafts, source code, strategy papers — once entered into a third-party system, control over them is gone. Where any of it ends up, nobody can say for sure anymore.
- Unchecked results. The contract draft with the hallucinated clause, the number nobody recalculated, the translation with the meaning flipped — adopted and sent as if it had been reviewed.
The third risk is the most underestimated, and it has a bitter punchline: it arises precisely because of the ban. Whoever isn't allowed to admit a text came from a model won't have it cross-checked either. The review step — the single most important safeguard in working with AI — fails exactly where the usage is secret.
The better way: permit, regulate, train
The way out is unspectacular and works in exactly this order. First: provide a permitted tool — company accounts with a data processing agreement, EU processing and the contractual commitment that your inputs won't be trained on. That dries up the private accounts, because the legal path is suddenly the more convenient one. Second: clear rules that fit on one page — more on that in a moment. Third: training, short and on real tasks, so that tolerated use becomes a craft.
On the order of magnitude, because the question always comes immediately: company accounts for the common tools cost a two-digit euro amount per head per month. Held against a single saved working hour per week, that's one of the simplest calculations in the entire AI topic — and yet a surprising number of companies fail at exactly this procurement step, while the risks of the private accounts have long been running.
The legal mechanics behind it — DPA, vendor checklist, EU hosting tiers up to on-prem — are written up in detail in our guide Using AI in line with the GDPR. This piece is about the part before that: getting the actual state of things onto the table honestly in the first place.
The stocktake: how the real state comes to light
The first step isn't a technical one, it's a survey — anonymous, three questions: which AI tools do you use? For what? Which of it actually helps? Anonymous isn't a detail here, it's the precondition. As long as the usage is banned or unregulated, a survey with names gets exactly the answers it deserves: polished ones. An explicit amnesty belongs with it — what happened so far happened under unclear rules, from now on clear ones apply. Whoever wants to prosecute the old cases will never get honest new answers again.
What comes to light surprises in both directions. More usage than expected — almost always. But also: better ideas than expected. The sales assistant who has quote drafts built from meeting notes; the technician who has English error messages translated instead of guessing. That list is the actual treasure of the exercise: it's the requirements catalogue for the permitted tool and the topic plan for the training in one. And in companies with a works council, it belongs at the table early — a rule that's carried along beats any rule that's announced.
An AI policy in six points
What we recommend to companies as a starting point fits on one page. Not because the topic is small — but because one page gets read and twenty don't:
- These tools are permitted. Named concretely, with company access. For work content: only these — private accounts are off-limits for company data.
- This must never go in: personal data without a clarified basis, credentials, trade secrets, anything covered by a non-disclosure agreement.
- AI results are drafts. Responsibility stays with the person using the result. Everything that leaves the building or gets booked is reviewed by a human first.
- Transparency instead of a confessional. Whoever used AI says so where it matters for the review — so the second reader knows what to look out for.
- Reporting questions and mishaps is welcome — and sanction-free. There's a named contact person. Whoever reports a mistake gets help, not proceedings.
- The policy lives. Tool list and rules are reviewed and adjusted regularly — the tools change faster than any annual plan.
The fifth point is the underrated one. A policy where the first reported mishap leads to a formal warning produces exactly the silence it was meant to prevent. The reporting culture is the difference between a policy that holds and one that sits in the intranet.
A leadership task, not an IT problem
The reflex in many companies is to delegate shadow AI to IT ("just block it") or to the data protection officer ("just ban it"). Both can only treat symptoms. The actual questions are leadership questions: which tools should our people work with? What is our data worth to us? How much review do we demand before something goes out? No firewall can answer that. IT can provide and secure tools, the data protection officer can check legal bases — but the decision of how the company wants to work with this technology can be taken off neither of them.
And whoever makes the usage visible instead of punishing it gets something for free that would be expensive to buy: the most honest picture of where automation potential sits in the company. Today's shadow users mark tomorrow's use cases — they've already found them, under real conditions, without a project budget. Some of those cases are ripe for proper tools with clean integration; most just need a permitted account and a rule.
The path from "banned, but everyone does it" to "permitted, regulated, trained" is shorter than most people think — the state of things already exists, it just has to come into the light. Exactly this clean-up work — stocktake, tool selection, policy, training — is the core of our AI consulting. The hardest part, by the way, is almost never the technology. It's the first sentence from management: "We know you're using it. Let's talk about it."