As you read this sentence, someone in your company is pasting a customer letter into a free AI tool – quickly, with good intentions, and bypassing every approval. Shadow AI is exactly that: the use of AI tools such as ChatGPT, Gemini or Claude without the company’s approval, control or knowledge. This is no fringe phenomenon. According to Bitkom (October 2025), roughly four in ten companies in Germany assume that employees use private AI accounts for work – and the most robust employee-level data suggests the true figure is higher.
I write this from two perspectives that rarely meet in one place: as a business lawyer who has to answer for the liability and data-protection questions, and as a developer who then builds the safe alternative. It is precisely at this seam – between legal obligation and technical enforcement – that it is decided whether shadow AI stays a risk or becomes a controlled lever for productivity.
Note: This article offers general information and a practical guide, not individual legal advice. As of December 2025. For an assessment of your specific situation, speak with someone who can take legal responsibility for it.
What is Shadow AI?
Shadow AI is the use of AI applications by employees without the organization’s authorization, oversight or visibility. A typical case: someone copies a customer letter, a draft contract or source code into a free AI tool to get done faster – bypassing data protection, IT, and every policy.
Shadow AI is a special case of the older shadow IT (unapproved software/devices). The decisive difference: with shadow AI, data is not merely used locally but actively transmitted to external providers – where, depending on the plan and the provider, it may be stored, analyzed, or used for model training. That is precisely what makes shadow AI riskier than classic shadow IT.
How widespread is Shadow AI really?
The most robust German source is the representative Bitkom survey of 604 companies with 20 or more employees (fielded in summer 2025, published October 2025):
- In 8% of companies, private AI use is widespread (2024: 4%).
- In 17%, there are isolated cases (2024: 13%).
- A further 17% suspect private use but are not certain.
- Only 29% are confident that no private AI use is occurring (2024: 37%).
In short: four in ten companies reckon with private AI use on the job. At the same time, only 23% have established any rules at all, and just 26% provide their own generative AI.
This gap is the core of the problem: a ZEW study commissioned by the BMAS (German Federal Ministry of Labor and Social Affairs) (DiWaBe 2.0, around 9,800 employees, 2024) shows that over 60% of employees in Germany use AI at work – “most AI applications are not introduced by the employer but used informally.” Where the company provides nothing, employees simply bring the AI themselves.
International surveys cite considerably higher figures in some cases (78–80%). These rest on differing methodology and are not directly transferable to Germany – but they do point in the same direction: shadow AI is global.
Why does Shadow AI arise?
Shadow AI is rarely ill intent. It arises because the need outpaces the supply:
- No approved tool is available – so people reach for the free consumer account.
- Blanket bans without an alternative – they merely push usage into the dark.
- Productivity pressure – whoever can save time does so.
- Convenience – the private tools are often easier to use than the internal ones.
Put differently: shadow AI is primarily a provisioning and culture problem, not an employee problem. That is the most important insight for the solution further down.
What concrete risks does Shadow AI pose?
This is where a diffuse unease turns into a concrete set of obligations. The matrix below classifies the risks both legally and technically.
| Risk dimension | What happens | Legal/technical anchor |
|---|---|---|
| Data protection / GDPR | Personal data reaches providers uncontrolled, often in third countries, without a data processing agreement or legal basis | Art. 5, 6, 24, 28, 32 GDPR; accountability principle |
| Trade secrets | Internal information entered into open tools – protection can lapse because “reasonable secrecy measures” are missing | secs. 2, 4 GeschGehG (German Trade Secrets Act) |
| Professional confidentiality | Client, patient or matter data leaves the protected sphere | sec. 203 StGB (German Criminal Code); professional duties (e.g. BRAO, German Federal Lawyers’ Act) |
| Cybersecurity | Prompt injection, data exfiltration via compromised accounts, token leaks | Egress control, account hardening |
| Quality & liability | Hallucinations flow unchecked into customer communications or decisions | Duties of care/review, four-eyes principle |
| Governance / AI Act | No AI inventory, no oversight, AI literacy not demonstrable | Art. 4 EU AI Act (training obligation), general governance |
A documented real-world example: in April 2023, Bloomberg and Fortune, among others, reported that Samsung engineers had entered confidential source code and internal meeting notes into ChatGPT; the company responded with a usage ban and plans for its own internal tools. The case is emblematic of how quickly and unspectacularly sensitive data leaks out – not through an attack, but through helpfulness.
For context: GDPR violations can entail sanctions, but this is neither automatic nor a blanket threat. The training obligation under Art. 4 of the EU AI Act is not independently subject to a fine in the AI Act’s penalty catalog; it takes effect indirectly through the general governance and due-diligence posture.
A single careless prompt leaves the company and hits several protected interests at once – which is what makes shadow AI riskier than any individual breach would suggest.
Which data must never go into uncontrolled AI?
A short, hard list – suitable as a notice posted next to every screen:
- Personal data (customer, HR, health data)
- Client, patient and matter data (professional confidentiality)
- Source code and trade secrets
- Unpublished financial, contract and M&A data
- Credentials, tokens, keys
Which data may go into AI tools at all, and under what conditions, is clarified in the article on what happens to your data inside the prompt.
Is secretly using ChatGPT at work permitted?
In short: usually not. Without approval and without a clear directive, using private AI tools for business data is regularly impermissible – the employer remains responsible under data protection law, and under employment law the employer’s right to issue instructions applies. This cannot be stated categorically for every individual case, however; it depends on the data, the tool, the plan and the company’s internal rules.
The second half of the sentence matters more: a ban alone solves nothing. Prohibiting without offering a safe alternative drives usage into the shadows. This is exactly where the solution part comes in.
How do I detect Shadow AI in the company?
Visibility arises along two paths – both belong together:
Organizationally: an anonymous needs survey instead of an interrogation, an open conversation instead of the threat of sanctions. Whoever asks “Which tool would help you?” learns more than whoever threatens.
Technically: network and proxy logs, a CASB/secure web gateway and DLP telemetry make access to known AI services visible.
To be honest: complete detection is hardly achievable – browsers, smartphones and new tools emerge faster than they can be blocked. That is why the more effective strategy is to make the permitted alternative more attractive than the shadow path.
Why pure bans fail
Bans without an alternative produce three effects: usage does not disappear, it merely becomes invisible. Those responsible lose all control over the data flowing out. And the culture learns that the best thing to do is to circumvent rules. A ban is a wall – shadow AI finds the way around it. Governance only becomes effective when the safe path is also the more convenient one.
Reining in Shadow AI – the action plan
Reining in shadow AI does not mean hunting it down but steering it into safe channels. This succeeds only when the organizational rule and its technical enforcement come from a single mold – otherwise you get exactly the gap through which data leaks out today.
| Organizational | Technical |
|---|---|
| AI usage policy with clear do’s & don’ts | Provide approved AI tools with EU/on-premise hosting and a no-training guarantee |
| Training & building AI literacy (Art. 4 EU AI Act) | Allowlisting safe tools instead of a blanket total block |
| Clear owners (who approves, who reviews?) | SSO + role-based access control (RBAC) |
| Open culture: report needs instead of hiding them | DLP / CASB / egress filtering against data exfiltration |
| Fast self-service approval process | Logging & auditability of prompts and outputs |
| ”AI lab” / sandbox for safe experimentation | Enterprise contracts with proper data processing terms (Art. 28 GDPR) |
The difference lies at the seam: a policy that no one enforces technically is just paper; a tool without legal approval is a risk. It makes sense to have both from a single source – from the business lawyer who takes legal responsibility for the approval and builds the secure tool environment themselves. For the technical side, it is worth looking at EU-hosted versus US LLMs and data sovereignty; for governance overall, at the AI usage policy for companies.
To be honest here too: no tool and no measure guarantees 100% detection. The most effective lever is not perfect monitoring but better provisioning.
What role do an AI policy and training play?
The AI usage policy is the organizational foundation: it defines permitted tools, prohibited data and the approval path. In addition, Art. 4 of the EU AI Act requires a sufficient level of AI literacy among everyone who operates AI systems or has them used – so training is not “nice to have” but a mandatory component. This obligation has applied since 2 February 2025 (the same date as the prohibited practices under Art. 5 of the EU AI Act); it is therefore already in force, regardless of the fact that shadow AI effectively undercuts it. What such a policy looks like in concrete terms is covered in the article on the do’s and don’ts of an AI usage policy; the training obligation is explored in depth in the article on the AI literacy obligation under Art. 4 of the EU AI Act.
Does the works council have to be involved?
Often, yes. As soon as a technical system is suitable for monitoring the behavior or performance of employees – and logging/monitoring of AI use can be – the co-determination right under sec. 87(1) no. 6 BetrVG (German Works Constitution Act) applies. The mere suitability for monitoring is enough; an actual intention is not required. For training measures, sec. 98 BetrVG may also be relevant. Involve the works council early – this speeds up the rollout rather than blocking it.
FAQ
What is shadow AI in one sentence? The use of AI tools by employees without the company’s approval, control or knowledge.
Why is shadow AI more dangerous than shadow IT? Because sensitive data is not merely used locally but actively transmitted to external providers, where it may be stored or processed.
How widespread is shadow AI in Germany? According to Bitkom (October 2025), roughly four in ten companies assume private AI use, while only 23% have rules and just 26% provide their own generative AI.
Can I solve shadow AI with a ban? No. Bans without a safe alternative merely shift usage into the dark. What works is the combination of policy, training and approved, secure tools.
What is the first concrete step? Provide a secure, approved AI environment and, in parallel, set up an AI usage policy – provisioning beats prohibition.
As of December 2025. This article is general information and does not replace individual legal advice; the assessment depends on the individual case, and the regulatory framework (including the AI Act) continues to evolve.
Author: Leon Lotz, business lawyer & developer — more about me.
Do you want to rein in shadow AI instead of chasing after it? Have a secure AI environment introduced & an AI policy created.
Sources — as of 05.12.2025
- Bitkom e. V. — Beschäftigte nutzen vermehrt Schatten-KI (Presseinformation, 21.10.2025)
- Bitkom Research — Beschäftigte nutzen vermehrt Schatten-KI
- ZEW Mannheim / BMAS (DiWaBe 2.0) — Employees use AI even without formal introduction by their employers
- Bloomberg — Samsung Bans Generative AI Use by Staff After ChatGPT Data Leak (02.05.2023)
- Fortune — Samsung bans employee use of ChatGPT after data leak (02.05.2023)
- Regulation (EU) 2024/1689 (EU AI Act), in particular Art. 4 — EUR-Lex
Leon Lotz
Leon Lotz is a business lawyer and founder of MusketierSoftware. He combines legal depth with real software craft.
