IT Has Surrendered — Why 56% of IT Leaders Can’t Explain GenAI (And What That Means for Your Governance)

BySven Vollmer

According to a recent Gartner study (2026), 56% of IT leaders admit they cannot explain the outputs of their GenAI systems.

The number is alarming. But it doesn’t surprise me.

Because if I’m honest: many IT departments couldn’t explain the cloud either — at least not in the language that boards, auditors, and works councils need.

What we’re witnessing isn’t IT failure. It’s the result of three tectonic shifts that hit IT organizations back-to-back — without anyone updating the governance model.

Wave 1: The Cloud — Loss of Control as a Service

For decades, IT departments were masters of their infrastructure. Servers in the basement, data on their own disks, updates on their own schedule. The world was deterministic, auditable, controllable.

Then came the cloud.

On paper, an efficiency gain. In reality, a paradigm shift: control over hardware — surrendered. Control over patch cycles — surrendered. Control over physical data locality — surrendered.

Many large enterprises managed this transition professionally. But the industrial Mittelstand? Let’s be honest: a significant portion has yet to complete their cloud migration cleanly. Hybrid landscapes, unclear responsibilities, shadow IT sprawling across Azure tenants that nobody has consolidated.

And before that construction site was closed, the next wave hit.

Wave 2: Data Sovereignty — The Question Nobody Asks Out Loud

The cloud is running. But on whose infrastructure?

AWS. Azure. Google Cloud. Three US hyperscalers dominate the European market. That’s no secret — but the strategic implications are discussed with surprising infrequency.

The questions are on the table:

  • Where does my data physically reside? And is “Frankfurt (EU)” really as sovereign as it sounds when the operator is subject to the US CLOUD Act?
  • Who has access? Not theoretically per contract — but practically, in an emergency, when a US authority comes knocking?
  • What happens during a political regime change? We’ve learned in recent years that transatlantic data agreements are more fragile than we’d like to believe.

The uncomfortable truth: there are virtually no European cloud alternatives today with the production quality and scalability required to reliably run an SAP S/4HANA or an industrial IoT backend. GAIA-X is a political signal, not an operational product.

IT departments face an impossible dilemma: they’re expected to guarantee data sovereignty — on infrastructure they don’t own, don’t control, and whose legal framework can change at any moment.

And then the third wave arrived.

Wave 3: GenAI and the EU AI Act — Compliance for the Inexplicable

Generative AI breaks the last foundation on which classical IT governance stands: the assumption of determinism.

SAP is deterministic. Same input, same output. Always. That’s the basis of every audit, every SOX compliance, every IATF 16949 certification.

GenAI is probabilistic. Same input, different output. That’s not a bug — it’s the operating principle. And it breaks every governance model built on traceability and reproducibility.

Simultaneously, the EU AI Act is coming into force. It requires:

  • Risk classification of deployed AI systems
  • Transparency obligations toward users and regulatory authorities
  • Documentation of decision logic

In principle, sensible. In practice, the question is: How do you document the “decision logic” of a system that has no deterministic logic? How do you explain to an auditor why the AI made this supplier recommendation and not another — when the honest answer is: “Because the model calculated this probability distribution on this particular run”?

The EU AI Act establishes guardrails. But the tools to operationalize those guardrails in an industrial context barely exist today. Not as prototypes — as production-ready solutions with SAP integration, audit trails, and approval workflows.

The Diagnosis: Three Waves, Zero Governance

Let’s step back.

In less than a decade, IT departments have been confronted with three fundamental paradigm shifts:

  1. Cloud: Loss of control over infrastructure
  2. Hyperscaler dominance: Loss of sovereignty over data
  3. GenAI: Loss of explainability over outcomes

Each one would have required a new governance model. IT received none. Instead, each wave was bolted onto the existing model — a model designed for on-premise SAP systems in a German data center.

No wonder 56% have surrendered.

In regulated industries — automotive, pharma, aerospace — this governance vacuum isn’t a cosmetic issue. It’s an audit killer. If nobody can explain why the AI made a particular recommendation, who is liable? The CTO? The business unit? The vendor?

What’s Needed Now: Adult Supervision

The solution isn’t sending IT departments through AI bootcamps. The solution is a fundamentally different understanding of who owns GenAI accountability.

GenAI governance is not an IT task. It’s a leadership task.

The CTO doesn’t need a whitepaper on transformer architectures. They need a decision framework:

  • Where may AI act autonomously? (e.g., summarizing meeting notes)
  • Where does it require human approval? (e.g., supplier recommendations in sourcing)
  • Where is it prohibited? (e.g., safety-critical process decisions in manufacturing)

This is what I call “Adult Supervision.” Not technophobia. Not braking for the sake of braking. But the strategic decision about where the machine may run — and where an experienced human with process knowledge keeps their hand on the wheel.

To stay with the metaphor: you don’t need to be an engine builder to know when to brake. But you need to know that the engine under the hood is no longer running deterministically — and that this has consequences.

The Real Question

It’s not: “Why can’t IT explain GenAI?”

It’s: “Who in your organization is accountable for decisions that no human can fully comprehend?”

If the answer is silence — then you don’t have an IT problem. You have a leadership problem.

E-Mail: sven.vollmer@business-quotient.com

Sven Vollmer is “The Industrial Translator.” He bridges the gap between industrial operational reality (SAP, supply chain) and the possibilities of generative AI. His focus is on value-creating applicationsbeyond the hype.

Transparency Note: This article was created with editorial support from AI (Gemini/Claude). The ideas, technical validation, use case selection, and adult supervision were 100% authored by Sven Vollmer.

LinkedIn: www.linkedin.com/in/sven-vollmer-bq

Similar Posts