In April 2023, Samsung engineers pasted proprietary source code into ChatGPT to debug it. The code is now sitting in OpenAI’s training data. Samsung’s response: ban generative AI for all staff. The damage was already done (Bloomberg, May 2023).
This isn’t a Samsung problem. It’s happening in every European enterprise right now. Contract drafts go into Claude. Customer lists go into ChatGPT. Job applications get pre-sorted by whatever free tool an HR manager found last week. IT doesn’t see it. The works council wasn’t asked. No DPIA exists. And legal won’t know until the breach notification lands on their desk.
That’s shadow AI.
What shadow AI actually is
Shadow AI is what happens when employees use AI tools the IT department never approved. It’s the sequel to shadow IT — but with much sharper teeth.
Shadow IT was a software workaround. Someone used Dropbox instead of SharePoint, Trello instead of Jira. Annoying, mostly contained. Shadow AI is different: company data leaves the building, ends up on US servers under the CLOUD Act, and may get baked into models a competitor uses next quarter.
Five things people are doing right now without telling anyone:
- Pasting a customer list into ChatGPT for a “quick segmentation”
- Uploading contract drafts to Claude to “check the indemnification clause”
- Feeding internal brand guidelines into Midjourney as a prompt
- Putting proprietary code into Copilot to “fix the bug faster”
- Pre-sorting job applications with a free AI tool whose terms nobody at HR has read
Every one is a data transfer outside the company. Permanent. Irreversible. Often training data for someone else’s model.
Why shadow AI is worse than shadow IT ever was
GDPR violations — and they are not theoretical
Every time someone enters personal data into a cloud AI tool, that’s a transfer under Art. 28 GDPR. No DPA in place? It’s already unlawful. Add the Schrems II ruling and Standard Contractual Clauses won’t save you from the CLOUD Act either.
The enforcement is real:
- Italy’s Garante banned ChatGPT in March 2023.
- France’s CNIL and Italy’s Garante have ongoing investigations against AI providers.
- Germany’s BfDI is now picking up AI-specific complaints.
Art. 83 GDPR ceiling: EUR 20 million or 4% of global revenue. Whichever hurts more.
EU AI Act: a documentation problem you can’t solve
The EU AI Act raises the bar. You have to be able to show which AI systems you deploy, how each is classified, and what risk analysis you ran. Shadow AI is undocumented by definition. You can’t risk-assess what you don’t know exists.
Penalty ceiling: EUR 35 million or 7% of global revenue. Plus the AI literacy obligation in Art. 4, which requires training employees on AI use — and which assumes you actually know what they’re using.
Works council — a co-determination problem you can’t fix retroactively
Most compliance teams miss this one. Under § 87 (1) Nr. 6 BetrVG, the works council has co-determination rights over any technical system that can monitor employee behavior or performance. AI tools fit that definition almost every time.
When IT finally discovers that half the company has been using ChatGPT for 18 months, the works council doesn’t say “let’s regulate it going forward.” They say “you bypassed our co-determination right.” And the employer — not the employee — is liable.
Your data is now training data
Whatever an employee types into a free ChatGPT account can be used to train future models, unless they explicitly opted out. The free tier doesn’t let you opt out cleanly. Samsung’s confidential code reportedly surfaced in another user’s session before they pulled the plug.
The numbers, before anyone says “it’s not that bad”
- 75% of knowledge workers use AI at work — most without official approval (Microsoft Work Trend Index 2024)
- 38% of employees feed sensitive work data into AI tools their employer doesn’t know about (Salesforce 2024)
- 60% of IT leaders flag shadow AI as a serious security risk (Bitkom 2025)
- 12% of German mid-market firms have a binding AI policy (DIHK Digital Survey 2025)
Translation: adoption ran ahead of governance. By a lot.
Five things that actually work
Bans don’t. Block ChatGPT at the corporate firewall and people use it on their phones during lunch. The only strategy that sticks: give employees a controlled tool at least as useful as the one you just took away.
1. Write an AI policy people will actually follow
Not a 40-page PDF nobody opens. A short document that says exactly which tools are allowed, what data is allowed where, and what happens if you ignore it. To work, the policy needs:
- Sign-off from the works council (you can’t skip § 87 BetrVG)
- A whitelist of approved tools — not just a blacklist of forbidden ones
- Data classification (“public / internal / confidential / regulated”) and which tier goes into which tool
- A training plan that satisfies Art. 4 EU AI Act
2. Provide an alternative that beats the forbidden one
This is the part most policies skip. Employees don’t reach for ChatGPT because they’re reckless. They reach for it because their internal tools are worse.
Give them something better. On-premise platforms like contboxx Vault connect directly to existing systems — SharePoint, Confluence, SAP — and run inference on your own infrastructure. No data in someone else’s cloud, no DPA scramble, no Schrems II problem.
3. Add technical controls — but don’t rely on them
- DNS blocks for known AI services. Useful as a tripwire, not a barrier.
- DLP rules tuned for AI uploads. Catches the bigger leaks. Won’t catch a screenshot.
- Network monitoring on AI API endpoints. Tells you which teams are using what.
These are sensors, not solutions.
4. Train people. Don’t punish them.
The Art. 4 training obligation is the rare compliance rule that’s also good change management. Employees doing shadow AI aren’t malicious. They want to ship faster. Show them the real risk — Samsung, customer-data leaks, GDPR fines that hit the employer not them — and show them the sanctioned alternative.
Hands-on workshops > PowerPoint > nothing. In that order.
5. Build an AI inventory before someone asks for one
The EU AI Act will require this anyway. Get ahead of it: document every AI system in use, official or not. Tools like Microsoft Purview help; so does walking around and asking. The goal isn’t a perfect inventory on day one. It’s moving from “we have no idea” to “we know, and we’re steering.”
Want to know how to use AI without losing control of your data? contboxx Vault is the sovereign AI platform where nothing leaves your network. GDPR-compliant, EU AI Act-ready, live in 6 weeks.
Shadow AI vs. controlled AI: side by side
| Criterion | Uncontrolled cloud AI | Controlled enterprise AI |
|---|---|---|
| Data storage | US cloud, CLOUD Act applies | On-premise, your infrastructure |
| GDPR compliance | Questionable to unlawful | Fully compliant |
| EU AI Act | Cannot be documented | Fully auditable |
| Works council | Not involved (and now you have a problem) | Co-determination from day one |
| Cost | Per user, per month, per token | One-time, no per-user fees |
| Data leak risk | High — training data, logs, breaches | No external data flow |
| Integration | Copy & paste | Direct connectors (SharePoint, Confluence, SAP, ~40 more) |
FAQ
What's the difference between Shadow IT and Shadow AI?
Shadow IT was unauthorized software — Dropbox, Trello, the usual. Shadow AI is sharper: employees feed company data into AI tools the employer never approved. That data leaves your network, may become training data, and triggers GDPR, EU AI Act, and works-council exposure at the same time. The compliance bill is steeper.
Is using ChatGPT at work a GDPR violation?
Asking general questions with no personal data? Fine. The moment customer names, email addresses, or employee data goes in, you’ve transferred personal data to OpenAI in the US — without a DPA, without a DPIA. That’s an Art. 28 and Art. 35 GDPR violation. The employer is liable, not the employee who pasted the spreadsheet.
How do we even detect Shadow AI?
Network monitoring on AI API endpoints catches the obvious traffic. DLP rules tuned for AI uploads catch the larger leaks. Anonymous employee surveys catch what tools won’t. None of these works as well as providing a sanctioned alternative — shadow AI exists because the official option is missing.
What does it cost to replace Shadow AI with a controlled solution?
It depends on company size, integrations, and how much knowledge work you actually run. The real question isn’t the platform cost — it’s the cost of one GDPR incident: up to EUR 20 million or 4% of revenue. One avoided breach pays for the platform several times over.
Bottom line
Shadow AI can’t be banned. It can only be channeled. Every organization that doesn’t offer a controlled alternative today is going to have a data protection problem, a compliance problem, and a works council problem — usually in that order, usually within the same quarter.
The fix isn’t less AI. It’s better AI: sovereign, local, under your control. Companies that move now win twice — they cut the legal exposure, and they give employees a tool that actually knows their data, not just the public internet circa 2024.
How sovereign AI works in practice → | AI in the office — 8 real applications →