The research, which Veeam calls the Data and AI Trust Gap report, draws on responses from CEOs, CIOs, CISOs, CDOs and other senior leaders across financial services, healthcare, manufacturing, retail and technology in North America, Europe and Asia-Pacific. The central tension is one of velocity: AI adoption is scaling faster than the controls designed to manage it.
Ninety-five percent of respondents said data challenges had already slowed their AI progress. Only 28% are confident they can detect an AI system operating outside approved parameters, and just 40% are very confident they could isolate and precisely reverse an agentic AI failure.
The perception gap between boardroom and technical-team confidence is one of the starker findings. Sixty-five percent of CEOs believe their organisation has a complete AI inventory; only 48% of technical leaders agree. On data leadership, 52% of CEOs believe they actively drive it, compared with 41% of CISOs and 38% of CIOs.
Shadow AI is now the operational default rather than the exception. Ninety-five percent of respondents reported unauthorised AI use within their organisations, with 93% viewing it as a significant risk. Only 25% have approved alternatives in place, suggesting that most are trying to suppress demand rather than channel it through governed pathways.
Anand Eswaran, CEO of Veeam, described the shift as a phase change in enterprise AI: "Most organizations don't have an AI adoption problem; they have an AI trust problem. The first phase of AI was defined by infrastructure investment, experimentation, and acceleration. The next phase will be defined by trust."
In parallel with the research, Veeam announced three new AI agents for its DataAI Command Platform. The Consent Agent, generally available today, manages the end-to-end consent lifecycle — capturing opt-out signals and propagating them across analytics platforms, AI pipelines, advertising technologies and third-party ecosystems, with jurisdiction-aware risk scoring and audit-ready evidence. Two further agents are planned for Q3 2026: the Data Subject Request Agent, which cuts the time to launch a compliant DSR intake form by roughly 50%, and the Assessment Agent, which automates responses to Data Protection Impact Assessments, EU AI Act conformity assessments and vendor risk questionnaires.
Cassandra Maldini, Head of Product Strategy for Privacy and AI Governance at Veeam, described the core challenge for privacy teams: "For ten years, privacy professionals have been quietly admitting they cannot fully prove compliance with their own policies. Now they're being asked to do the same for AI, at a pace no manual program can keep up with. Compliance is no longer a point-in-time exercise."
Best Buy Chief Privacy Officer Michael Dolan, speaking at the event, put the structural shift bluntly: "Static policies and quarterly reviews were built for a world where data moved slowly, and AI didn't make decisions. That world is gone."
The EU AI Act is already reshaping investment decisions: 61% of respondents said the regulation had influenced their AI strategy in the last 12 months, with 47% citing audit trails for AI decisions as their biggest compliance concern. Fines under GDPR and the EU AI Act can reach up to 7% of global annual revenue — a financial exposure that gives urgency to the governance shortfalls the research documents.
Among organisations classified as fully AI-ready, 97% report measurable business benefits from their data and AI investments, compared with 48% overall. VeeamON continues with a Sydney event on 30 July.
To stay across the latest in cloud, AI and enterprise tech analysis from Compare the Cloud, subscribe to our weekly newsletter at https://www.comparethecloud.net/newsletter
