2026: Less hype. More impact.
Today, companies are caught between two forces: more opportunities thanks to the cloud, AI, and automation—and at the same time, more complexity, more vulnerabilities, and more requirements. In 2026, it will be all about finding the right balance. The question is no longer: What is technically possible? But rather: What really helps us move forward – and how can we implement it securely? We take a look at the important IT trends of the year – focusing on our core topics of workplace management, IT security, and AI.
WORKPLACE MANAGEMENT: Hybrid is the norm
By 2026, the question of “cloud or on-premises?” will hardly arise. Modern IT landscapes are hybrid and dynamic. Applications and data run where it makes the most sense from a functional, technical, and regulatory perspective and where the sovereignty described above is guaranteed.
Instead of a universal model, a portfolio of operating models is needed, which could look like this:
- Sensitive data in your own data center
- Scalable applications in the public cloud
- Regional or sovereign cloud environments for compliance and to relieve your own infrastructure
- Edge infrastructures for time-critical applications
In the context of AI, too, more and more companies are consciously opting for multiple platforms or model providers. This is necessary for risk management, as compliance requirements, data residency, geopolitical tensions, and strict requirements for latency and availability make it essential.
Geopatriation is the keyword here, referring to the shift of workloads from global hyperscale clouds to sovereign or local environments. According to Gartner, 75% of companies will geographically outsource their workloads by 2030. Accordingly, the range of sovereign clouds offered by hyperscalers and local providers is currently growing rapidly.
The real challenge today is no longer the technology itself, but its orchestration: integration, transparency, and unified management determine whether hybrid IT becomes an advantage or a burden.
AI: From toy to tool
By 2025, many companies will have tried and tested AI – in 2026, AI will move from being an experiment to becoming part of business operations. This requires stable processes and measurable benefits. The key lies not only in the model, but also in data preparation and integration – and ultimately in acceptance among colleagues.
The aim is to make AI accessible as an efficient tool and to use it actively, as well as to structure data responsibly, create transparency, and develop ethical guidelines.
For AI to be effective, the current motto at many medium-sized companies is: tailor-made is more productive. Instead of large LLMs, smaller, specialized models are preferred – because they are easier to operate, quicker to integrate, require significantly less computing power, and are simply cheaper than a large LLM. They also score points with shorter response times, more control over data, and stable operation even without complex infrastructure. Platforms such as IBM watsonx are particularly impressive in this regard. With ready-made building blocks for data preparation, model training, and governance, they can be seamlessly integrated into existing IT environments, allowing companies to test use cases within a short time and put them into operation. This is particularly useful for organizations that want to see results quickly and scale AI step by step in a safe and controlled manner. With the right project approach, AI becomes an efficient tool.
Broadly speaking, cybernetic enterprise is a concept that is currently the subject of much discussion. It refers to an organization that continuously adapts and evolves—through the firm anchoring of AI as a feedback and learning enhancer. Rather than viewing AI in isolation or as an add-on, it is an integral part of the organizational operating system. Strategy and operational implementation are directly interlinked and include feedback from all relevant perspectives – from customers to operations to risk and business value.
AI agents are thus not only viewed as experiments, but treated like productive software: with clear responsibilities, measurable results, and defined security and quality standards.
IT SECURITY: Security First: Protection before something happens
Cybersecurity has long been a technical discipline, but in 2026 it will increasingly become a matter of survival. We are living in an age where cybercrime is insidious and relentlessly fast. Anyone who is still in reaction mode instead of taking precautions is simply too late. Security belongs in top management – as strategic protection for trust and business. This involves permanent, preventive, and automated threat prevention.
Preemptive security, which focuses on employee awareness, smart identity and access management, and LLM security, is crucial. We have noticed that companies are more willing to risk “breaking something” than to take a security risk. This means that patches for security vulnerabilities are installed as quickly as possible – even without extensive testing – and security is thus made a top priority. However, this focus does not continue when it comes to security technologies. We have noticed that many companies invest too little in security technologies that help defend against attacks, and their own staff are not trained sufficiently to really master the software they use. If the expertise is not available internally, it is all the more important to be able to ensure the highest possible level of security and, in the event of an incident, to respond correctly with the help of external partners.
Whether it’s security, workplace management, or AI, digital sovereignty will be an unavoidable topic in 2026. It’s about using, controlling, and developing technologies, infrastructures, and data in a self-determined, secure, and independent manner. Dependencies on individual providers, especially those outside the EU, should be reduced. Currently, however, the range of options is still too small and comparable solutions are often lacking – but there is a clear trend towards the expansion of sovereign solutions: for example, Schwarz IT is building a data center for €11 billion, and Telekom is building an AI factory with 10,000 GPUs in Germany. This is an important step because companies that operate their solutions in their own data centers or rely on hosting providers from the EU or even Germany are already one step ahead in terms of sovereignty – even if the solutions themselves still come from American providers, for example. We expect that in the coming months and years, there will be many more European offerings that will gradually establish themselves as genuine alternatives to existing solutions.
According to Gartner, the number of documented security vulnerabilities is likely to exceed 1 million by 2030. And 50% of spending on security software will be spent on preventive solutions.
Conclusion
In 2025, cybersecurity became a hot topic and sovereign solutions were put on the agenda – politically initiated and actively taken up by the market. Nevertheless, Europe is still in its infancy in this area.
Digital sovereignty and compliance are increasingly becoming standard rather than a special topic: in the future, they will have to be considered in every IT decision. This also applies to AI, where the additional challenge is to create measurable and traceable benefits and to noticeably reduce the burden on processes and people.
After all, 2026 will be measured in terms of results and experiences – not devices or licenses. Only companies that are securely positioned, operate independently, and noticeably reduce their employees’ workload will be able to win and, above all, retain them. Prose no longer helps; this year, it’s all about action!
