Organisations in Europe are redefining their approach to implementing artificial intelligence in IT service management. Performance is no longer the only criterion – compliance, transparency and data control are now equally important.*
Artificial intelligence has entered the world of ITSM – IT service management – with momentum. It promises to automate requests, reduce response times and make IT teams more efficient. In an era of budget cuts and pressure to optimise, AI appears to be a natural ally for the CIO. However, where technology comes in, there are also questions: what about the data? Where is it being processed? Do we know how the model that makes decisions in our IT environment works?
In Europe, these questions carry particular weight. Unlike many global markets, the continent is confronted with a wave of regulations that not only define the framework for AI, but also change the way in which it can be implemented at all. ITSM is today becoming one of the first areas where these requirements are materialising in practice.
Data sovereignty is not a slogan
Regulations such as RODO, NIS2, DORA or the upcoming EU Artificial Intelligence Regulation (AI Act) introduce specific obligations: data must be properly protected, the user has a right to information and the AI system must operate in a transparent and predictable manner. In the context of ITSM – where incident data, access data, logs or employees’ personal data are processed – these are not details.
While in many cases companies are used to a SaaS model with servers ‘somewhere in the cloud’, AI in ITSM is setting the bar higher. IT teams are increasingly asking: is our data being used to train external models? Is it possible to explain why an AI assistant has made one decision and not another? Do we have a guarantee that the data is not leaving Europe?
The black box is not enough
One of the main criticisms of many AI solutions is their opacity. Black box models can work effectively, but they do not explain on what basis they make decisions. In the ITSM field, this is a big problem – not only technically, but also legally and organisationally.
Example? AI’s automatic classification of incidents. If the model assigns a priority of ‘low’ to a report of a security issue, and it later turns out to be a major incident – the organisation needs to demonstrate why this happened. The requirement to document the logic behind the model and ensure its ‘explainability’ becomes a key element of the implementation strategy.
The European alternative – more than compliance
Against this backdrop, there is a growing demand for AI solutions that are ‘designed for Europe’ – that is, those that are not only compliant, but also offer customers real control over their data and model. More and more providers are emphasising that their systems:
- store data exclusively in European data centres,
- do not use user content to further train models,
- offer local deployment or operation in a private cloud,
- support the explanatory power of models under the AI Act.
This approach is not just a matter of legality. Organisations are beginning to recognise that localisation translates into better control, faster response to regulatory changes and adaptation to local realities – both linguistic and operational.
AI that knows its place
For ITSM, specialisation is proving particularly important. Generic AI models – for example, generative chatbots that do not understand the context of the IT team – often fail. Therefore, effective AI in this area is one that:
- understands the structure of IT systems,
- supports specific roles (e.g. technical support agent, IT administrator, incident analyst),
- operates within clearly defined processes (in line with ITIL, DevOps, etc.),
- automates repetitive tasks, but does not make decisions without human control.
It is a change in approach – from ‘intelligent omniscient helper’ to ‘competent tool to support a specific process’.
CIO: between innovation and responsibility
For IT leaders, the choice of AI for ITSM is no longer simply a matter of technology or price. It is becoming a strategic decision that touches on issues of reputation, compliance and user trust. Increasingly, we are hearing the question “does this solution support our values and organisational strategy?” rather than just: “does it work?”.
From this perspective, investing in European AI solutions is no longer just an option – it is a requirement if an organisation wants to innovate without risking a breach, loss of data or employee trust.
