New research from Veeam® Software shows a growing data disconnect across EMEA organisations. While 99% of enterprise decision-makers agree that data sovereignty is critical, at the organisational level, the majority (72,5%) are actively deprioritising it in favor of accelerating AI.
The result: AI workflows have become the region’s biggest data visibility gap, with 40% of leaders calling “data used for AI or analytics” their top operational blind spot.
“Organisations across EMEA are accelerating AI adoption, recognising its potential to drive innovation and growth,” says Tim Pfaelzer, GM and senior vice-president: EMEA at Veeam. “But many now face a critical trade off: move quickly with AI without fully understanding, protecting and managing their data, or slow progress to meet sovereignty requirements.
“Our research highlights the need for greater visibility and control. By ensuring data is understood, governed and trusted, organisations can confidently accelerate AI adoption while reducing risk and meeting sovereignty expectations.”
Veeam’s recent Data & AI Trust Gap Report highlighted a growing disconnect between AI adoption and governance, with 88% of enterprises already running AI agents, yet just 7% fully prepared to manage them. Against this backdrop, this new research reveals how the gap is materialising across EMEA.
While approaches vary, the research shows a consistent challenge across EMEA: visibility isn’t keeping pace with innovation.
- UK: Risk avoidance is the leading sovereignty driver. 58% of UK respondents cite preventing data breaches as the primary reason for sovereignty efforts. Yet 45% of UK organisations – the highest in Europe – admit their biggest blind spot is the data used for AI and analytics, highlighting a widening gap between intent and execution.
- Germany: German organizations are attempting a difficult balancing act, to reconcile defensive priorities, including data sovereignty and breach prevention, with strategic priorities such as AI innovation. However, when forced to prioritize, speed is winning out over Data and AI Trust. A staggering 82% of German leaders admit that accelerating AI development takes priority over establishing data controls.
- France: French leaders are less likely to label sovereignty “critical,” and are more motivated by protecting intellectual property and sensitive information (46%), a key concern for innovation-led sectors.
- Middle East and Africa (MEA): Organisations in MEA are the most mature in their data sovereignty execution (60% fully operationalised) and the least likely to sacrifice data control for AI speed. However, they report the highest reliance on third-party ecosystems and vendors (38%), creating significant supply-chain blind spots and increasing sovereignty complexity.
While data sovereignty remains a strategic priority, immediate action is still largely driven by compliance pressures rather than proactive governance. The top motivators include reducing the risk of data breaches (44%) and gaining greater control over data (43%).
However, execution remains largely reactive over strategic. Internal audits and compliance reviews (33%) and market expansion (32%) are the main triggers for action.
Organisations are also struggling to understand where data sovereignty sits within evolving regulation, reporting high confidence in established frameworks such as GDPR (90%), but significantly lower clarity around newer regulations, including the EU AI Act, widening the potential governance gap.
While 68% of organisations are prioritising broader digital transformation initiatives over establishing strong data controls, this is causing major infrastructural blind spots. Beyond AI workflows, organisations identified massive visibility gaps across:
- Public cloud environments (38%)
- Cross-border data flows (34%)
- Third-party vendors (33%)
Alarmingly, 32% report major challenges with shadow IT, where systems are deployed outside of IT governance entirely.
“AI doesn’t have to slow the business down, but it does demand operational clarity,” says Andre Troskie, EMEA field CISO at Veeam. “If you can’t see where data is going, who can access it, and what AI systems are doing with it, you don’t have control. And without control, AI quickly becomes a board-level liability.”