Crunch time: Evolve or face being left behind

The honeymoon period is over and the time of "set and forget" compliance technology is gone. For those operating at the intersection of privacy, artificial intelligence governance and broader digital governance, the complexities of meeting changing regulatory requirements have transformed compliance from a legal hurdle into a higher-stakes data engineering and business-defining challenge and opportunity.

In previous years, simply having an off-the-shelf tool was enough to tick the box and satisfy the board that compliance was being handled. Today, in a maturing market, the questions have become more pointed: Is it actually working? Is it worth the cost? Are we using the right tool for the right task? And, crucially: Are there better providers?

This is why this year's annual IAPP Governance Survey is taking a more specific look at compliance technologies. 

Beyond the hype: Moving to meaningful automation

The term automation has been bandied about for years, often masking simple workflows as highly sophisticated AI. In a maturing market with ever present pressures on budgets, senior leaders need to have a clear picture of compliance technology performance.

This year's governance survey again asks professionals to categorize their specific tasks and rank the extent of automation in their work. These results should allow compliance professionals to explore whether and how peers have successfully automated work, freeing up human power to prioritize higher-risk and higher opportunity work. 

The engineering dilemma: Build or buy

An ongoing tension in 2026 is the debate over whether solutions should be built in-house, bought off the shelf or customized to meet specific organizational requirements. Historically, for some organizations, vast compliance budgets combined with complexities of business operations and the availability of internal expertise has meant that in-house development has been the only way forward. Other organizations may have had little choice but to go with off-the-shelf solutions and face little choice but to accept vendor-provided configurations. 

Organizations with in-house solutions now may struggle with the technical debt and ongoing maintenance costs of built solutions while those with off-the-shelf SaaS solutions lack the granularity required to meet complex compliance requirements.

Therefore, we're keen to explore the DNA of your solutions this year. What is the origin of the solution? To what extent are you leaning on third-party vendors or have you engineered a proprietary solution? How did implementation take place? Was it an internal engineering feat or did it have different levels of input from external consultants?

Understanding the labor behind the tool is as important as the tool itself. If the majority of equivalent peers are using internally developed solutions to save on license costs, that is a trend that every decision maker will want to know.

The satisfaction gap: Price, support and ultimately loyalty

In a maturing market, buyer's remorse is a growing phenomenon. Initial contracts signed under the pressure of looming regulatory deadlines are now coming up for renewal, and the criteria for success have changed.

We're therefore asking you to grade your automated tasks across four clear metrics:

• Overall satisfaction — Does the solution deliver on its core promise? Has it met your requirements over the lifecycle of the contract? 
• Price satisfaction — Does the solution provide value for money? Given pricing models based on "per-seat" or "per-API call," is the solution still providing return on investment?
• Ongoing support — When a new regulation drops or a change is required, is your vendor in the trenches with you or are you redirected to a backlog?
• Vendor loyalty — Ultimately, how likely are you to move to a new vendor in the next 12 months?

High dissatisfaction scores for specific tasks across the industry could signal a market failure in automation capabilities and capacities of particular tasks — information that can give you leverage in your next procurement negotiation.

Ownership and accountability

As digital domains converge in response to increasing digital entropy, underlying organizational models are reacting with internal budgets and ownership of vendor relationships becoming sources of internal frictions. Does the chief privacy officer own the privacy tech solutions while the chief AI governance officer owns AI governance, and the chief information security officer owns siloed tools with a security focus? Or, in the age of digital governance, is a new function emerging to manage the whole ecosystem and looking to streamline technology estates and combine bargaining power?

We're looking to identify who manages the day-to-day relationship with these vendors. This isn't simply about administrative titles and responsibilities but identifying where power and budget sit within your organization. For senior professionals, this gives the opportunity to reveal how peers are restructuring their departments to handle, amongst a multitude of other challenges, the multivendor environment.

Why your voice matters

This year's survey is an opportunity to contribute to collective intelligence and lived experience with compliance technology.

By contributing 20 minutes of your time, you help ensure that the research delivers the insights that you need to identify gaps, benchmark your compliance technology and negotiate more effectively with your compliance technology vendors.

Saz Kanthasamy, CIPP/E, CIPM, FIP, is the principal researcher, privacy management for the IAPP.