HomeAI Build SprintProposition 01AI employeeProposition 02Use casesCasesInsights
About us
Plan an introduction

Insights

Shadow AI: what it is, what it costs, and how to prevent it

27 Jun 2026NewWorks11 min read
Shadow AIGovernanceAVGEU AI ActComplianceSecurity
Shadow AI: what it is, what it costs, and how to prevent it

Shadow AI plays out in the quiet of everyday work: an account manager who quickly exports a customer list from the CRM, copies it into an Excel file and then pastes it into a free AI chatbot to "quickly write a personalised campaign". No one has carried out a DPIA, there is no data processing agreement, and it is unclear where this data ends up or how long it is retained. The employee mainly experiences a time saving, but in legal terms this may already amount to a data breach and unlawful processing of personal data. This is precisely the context in which Shadow AI arises.

What exactly is Shadow AI?

Shadow AI is the use of AI tools by employees beyond the view or approval of the IT, security or compliance department. It is the AI variant of shadow IT: employees use chatbots, translation tools, code assistants and AI plug-ins with company data, without any governance, contracts or technical measures around it. Major security vendors describe Shadow AI explicitly as "the use of AI applications without formal approval from the organisation", with the pasting of sensitive data into public models as the central concern.

In practice, Shadow AI arises because employees are under deadline pressure and discover that generative AI genuinely lets them write, analyse and code faster. If there is no clear, usable and quickly accessible approved AI solution, they fall back on what they also use at home: ChatGPT, Gemini, Copilot or random browser extensions. Those tools are often free, attractively designed and immediately available, so the psychological advantage of speed and convenience outweighs the abstract risks around privacy or compliance.

It is important to note that Shadow AI rarely arises from ill intent: employees are trying to do their work better, but in doing so they bypass all the formal safeguards. Precisely because the usage is invisible, the organisation cannot choose an appropriate legal basis, cannot conclude a data processing agreement and cannot put appropriate security measures in place. That makes Shadow AI a governance problem, not just a technological risk.

How big is the problem in the Netherlands?

The 2025 Shadow AI Trend Report by Awareways shows that around 75 percent of employees already use AI tools for work-related tasks. Of this group, an estimated 78 percent use those tools without the permission or oversight of the IT department; organisations themselves have visibility into less than 11 percent of actual AI use. With that, a Dutch behavioural and security study confirms the same trend as international research: AI use in the workplace has become the norm, not the exception.

International statistics show how deeply embedded Shadow AI is in daily work. A recent overview of shadow AI figures brings together research from UpGuard, Netskope and LayerX, among others, and concludes that 81 percent of employees use unauthorised AI tools and that around 72 to 89 percent of AI use is invisible to security teams. At the same time, Gartner indicates that 69 percent of organisations have indications or concrete signals that employees are using prohibited or non-approved generative AI tools.

The Dutch context does not differ materially from this. The Awareways figures show that the click rate on AI-related phishing emails has risen from 1.2 to 6.8 percent in two years, which illustrates how strongly AI tools have become intertwined with employees' everyday digital behaviour. At the same time, interviews and sector research show that many Dutch organisations do not yet have a fully developed AI policy, or that the policy is insufficiently known among employees, so that Shadow AI slips literally through the cracks of the existing information security policy.

For directors and IT managers, this means that "our people probably hardly use it yet" is no longer a tenable assumption. There is a real chance that a substantial share of knowledge workers already work with AI, but largely out of sight of IT, the CISO and the DPO. Without an inventory it is impossible to determine whether this use is compatible with the GDPR and, where relevant, with the upcoming obligations under the EU AI Act.

The three biggest risks (GDPR, data exfiltration, reputational damage)

The first major risk is purely legal: the GDPR. The moment an employee pastes customer files, employee data or other personal data into an external AI service, processing takes place by a third party that is often established outside the European Economic Area. Without a clear division of roles (controller versus processor), without a data processing agreement and often without appropriate safeguards for transfers to third countries, it is hard to maintain that this processing complies with Articles 5, 28 and 44 to 49 of the GDPR. Moreover, the European Data Protection Supervisor (EDPS) stresses that organisations must establish explicit, specific purposes and an appropriate legal basis for each phase of a generative AI system, and that they must be able to demonstrate that the models used were not trained unlawfully with personal data.

The second risk concerns data exfiltration and data breaches. IBM's research into the cost of data breaches shows that incidents in which Shadow AI plays a role are on average 670,000 dollars more expensive than data breaches at organisations with little or no Shadow AI use, with an average total cost of around 4.6 million dollars per incident. In about 20 percent of the data breaches studied, Shadow AI was involved, and in 65 percent of those cases customer PII was exposed. In addition, IBM and partners found that in 40 percent of Shadow AI incidents intellectual property was compromised, which further increases the economic damage to organisations.

The third risk is reputational damage, certainly in regulated sectors. When it emerges that a municipality had youth-care files analysed in public AI chatbots without any protection, the social and political reaction is predictable, quite apart from the legal aftermath. The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) notes that the number of data breach reports caused by the use of AI chatbots in the workplace is rising rapidly, and that these often involve employees experimenting with free tools on their own initiative. For organisations in healthcare, education, financial services or government, a single Shadow AI incident can moreover be weighed in supervision of broader compliance with both the GDPR and, in the near future, the EU AI Act.

What do regulators say?

The AP warns explicitly about data breaches caused by the uncontrolled use of generative AI chatbots in the workplace. In reporting on a series of incidents, including a case in which employees of a Dutch municipality entered large volumes of confidential documents, CVs and youth-care files into public chatbots over a period of thirty days, the regulator states that this is leading to a growing number of data breach reports. The AP has a privacy lawyer use the term "shadow AI" for this kind of uncontrolled deployment and advises organisations to draw up clear guidelines on which data may and may not be shared with AI systems.

At European level, the EDPS published guidelines in June 2024 for the use of generative AI by EU institutions, and in 2025 updated "orientations" that emphasise lawfulness, data minimisation and continuous monitoring. The EDPS states that generative AI is not prohibited, but that use is only possible if there is a solid legal basis, a DPIA where necessary and robust safeguards for transparency, security and the exercise of data subject rights. Specifically around model training and web scraping, the regulator stresses that organisations must be able to demonstrate that personal data was collected lawfully and that, where possible, synthetic or anonymised data is used.

In addition, the European Data Protection Board (EDPB) has issued an opinion on the data protection aspects of AI models, underlining that developers and users of AI systems are each separately responsible for compliance with the GDPR. This means that even an organisation that "merely" deploys an external model, for example via an API, must be able to demonstrate that it has made appropriate processing arrangements, that transfers to third countries are lawful and that the principles of purpose limitation, minimisation and storage limitation are respected. In the Netherlands it has moreover been laid down that the AP will become the competent regulator for the AI obligations under the EU AI Act, which further shortens the line between privacy and AI supervision.

The combination of warnings about Shadow AI data breaches and the tightening of European AI policy shows that "we turn a blind eye as long as nothing goes wrong" is no longer a tenable strategy. Regulators expect demonstrable control over AI use, including visibility of unofficial tools, and attach both privacy and AI legal obligations and sanctions to it.

How to tackle Shadow AI without stifling innovation

An obvious reflex is: "We ban all public AI tools." Research into Shadow AI shows, however, that strict bans often backfire: employees keep using AI but switch to private accounts and personal devices, so that the usage disappears from view entirely. The Awareways data mentioned earlier illustrate that 89 percent of employees know the rules around software use, but that 54 percent ignore those rules anyway when they need a tool to get their work done. Without an alternative, a ban will therefore strengthen Shadow AI rather than reduce it.

An effective approach starts with visibility. That means taking inventory of which AI tools are used in the organisation, both through formal channels and through, for example, browser extensions and personal accounts. Technical monitoring (for example via a CASB or proxy logging) can be combined here with awareness campaigns and internal surveys, so that organisations not only see the traffic but also understand which tasks employees use AI for. This is moreover a necessary step in order to determine, under the EU AI Act, which systems may fall into a high-risk category and thus become subject to the strictest obligations.

Next, a clear, practical AI policy is needed that matches the reality on the work floor. Such a policy describes which AI applications are allowed, with which data categories, and which safeguards apply (for example: no special categories of personal data in generative AI, no customer files in public chatbots). Research by IBM and others shows that only around 37 percent of organisations have a formal policy to detect and control Shadow AI, while organisations with clear rules and controls demonstrably report fewer AI-related incidents. Awareness training around AI, including concrete examples of what is and is not allowed, is essential here, especially because many employees underestimate the risks of pasting raw data into prompts.

Finally, governance must connect to existing structures for information security, privacy and risk management. This means, among other things, linking AI use to existing records of processing activities, DPIA processes and security controls, rather than treating AI as a standalone "innovation project". Gartner predicts that by 2030 more than 40 percent of organisations will face security or compliance incidents that can be traced directly to unauthorised AI use, which underlines that AI governance is a board-level topic and not just an IT question.

The role of approved AI solutions

A structural way to reduce Shadow AI is to make approved, secure AI solutions available that are at least as usable as the public alternatives. Various studies show that when organisations offer accessible, enterprise-grade AI tools, the use of unauthorised tools falls sharply; in one sector study, unauthorised AI use dropped by almost 90 percent as soon as an approved, user-friendly AI assistant became available. This confirms that Shadow AI is often a symptom of a missing or insufficiently attractive "official" alternative.

For European organisations, "approved" means not only functionally but also legally and technically well thought out. That starts with data minimisation and clear arrangements across the chain: AI solutions that run on EU-hosted infrastructure, with data processing agreements that explicitly exclude the use of customer data to further train models. In addition, it is crucial that access and authorisations are properly set up (for example via Single Sign-On and role-based access) and that input and output can be logged, so that it can be checked afterwards which data was used and which answers the AI gave.

Transparency is a core value here. The EDPS stresses in its guidelines that users must know that they are working with an AI system, which data is processed and what the limitations of the system are. In practice this means that an AI assistant preferably explains which documents and sources were used for an answer, and that organisations can internally explain how the underlying models work, which risks have been identified and which mitigating measures have been taken. Such "glass-box" solutions make it easier for compliance officers and DPOs to assess whether use is compatible with the GDPR and, where applicable, with the EU AI Act.

For the EU AI Act it is moreover important that organisations can classify and document their approved AI solutions. From 2 August 2026, the full obligations for high-risk AI systems apply, including strict requirements around risk management, data governance, logging, human oversight and technical documentation. Anyone already working with internal, traceable and EU-hosted AI solutions creates the conditions to later demonstrate that the deployment of AI takes place in a controlled manner and in line with the regulations, something that is by definition impossible with invisible Shadow AI.

Towards controlled, transparent AI

Shadow AI shows that the question is not whether employees use AI, but how and under what conditions. The combination of rising data breaches, firm warnings from the AP, stricter European guidance and the approaching EU AI Act deadline means that control over AI use is not a luxury but a governance precondition. An approach that focuses on visibility, realistic policy and approved, EU-hosted AI solutions with a data processing agreement, no model training on customer data and a glass-box character, in which you can see which sources an answer is based on, helps organisations to reduce Shadow AI without blocking innovation. That is precisely the tension in which parties such as NewWorks operate: bringing AI from experiment to production, but with transparency, control and European compliance as the starting point.

Sources

Share

Curious how this would work for you?

Plan an introduction