There’s no shortage of AI commentary right now. Every conference, every board meeting, every LinkedIn feed; it’s wall to wall. But most of it describes a version of AI adoption that doesn’t match what we’re hearing from the technology leaders we work with.
The CTOs we speak to aren’t debating whether AI is transformative. They’re dealing with something harder: making it work inside complex, regulated estates where the systems are business-critical, the data is messy, and the margin for error is slim.
That gap, between the public narrative and the operational reality, is why we commissioned this research report.
What we did
We partnered with CINT to survey 205 CTOs and senior IT decision-makers across the UK, the majority working in regulated or quasi-regulated industries including financial services, insurance, pensions, and healthcare. 74% work in organisations with more than 200 employees, with a focus on mid-market firms.
We wanted to understand what AI adoption actually looks like when it’s running against live data, inside legacy landscapes, and under genuine regulatory pressure – not in a sandbox or a pitch deck.
What we found
The findings paint a picture that’s more complex (and more honest) than most of the AI conversation right now.
AI is already in production, and the incidents have started
The vast majority of organisations aren’t sitting on the sidelines. AI is live, inside business-critical systems. But deployment has come with consequences that most teams weren’t fully prepared for.
Shadow AI is a governance problem hiding in plain sight
Employees are already using AI tools outside of any sanctioned framework — pasting internal data into public models, making decisions based on unvalidated outputs, filling capability gaps with tools nobody’s approved. Most CTOs know it’s happening. Many can’t yet quantify the exposure.
Boards are writing cheques the operating model can’t cash
AI budgets are climbing fast, but the governance, ownership, and accountability structures haven’t kept pace. The result is a widening gap between what leadership expects and what technology teams can safely deliver.
The real constraints aren’t what you’d expect
Legacy infrastructure is the usual suspect — but the data tells a different story. The biggest blocker to AI adoption isn’t old systems. It’s something more fundamental, and harder to fix.
Why this matters
If you’re a CTO or technology leader in a regulated organisation, you’re probably navigating some version of this right now: pressure to move fast, systems that weren’t designed for AI, governance that’s still catching up, and a team that’s already experimenting whether you’ve sanctioned it or not.
We built this report to give you an honest baseline. A clear picture of where the market actually stands, and a practical foundation for what to prioritise next.
Read the full report
The full report breaks down the data across five areas – from production incidents and shadow AI, to what’s actually holding adoption back – with practical guidance for technology leaders navigating each one.
Building AI in a Regulated Environment? Start Here
Get direct insights from UK CTOs on the operational, technical, and regulatory realities of deploying AI in live environments.
Download the report
