Nearly all firms adopting artificial intelligence in software development are running into serious oversight problems. A GitLab study reveals that while 78% of developers report faster output, 85% now struggle with bottlenecks in code review. Already 40% of all new code comes from AI, and 92% of organisations acknowledge governance gaps. One in five companies has already recorded a serious incident involving AI-generated code.
The findings land as IT modernisation projects increasingly depend on automated generation. Many of today’s outsourcing deals centre on migrating legacy systems to SAP S/4HANA. The ISG Provider Lens Report 2026 ranks Atos and NTT DATA as leaders in cloud transformation and AI-driven automation.
Shadow risks in finance and beyond
AI agents are also taking over tasks such as monthly closing and contract management in the finance sector. Providers like BlackLine, Trintech and Qurrent report efficiency gains. Yet Gartner warns that by 2027 more than 40% of agentic AI projects could fail – unless companies get their strategy right.
The crisis comes at a time when businesses are already grappling with a severe talent shortage. ManpowerGroup data shows that 69% of US organisations struggle to fill positions, while Gallup puts global employee engagement at just 20%. That mismatch is driving firms to look beyond traditional outsourcing destinations.
New talent pools: Poland, South Africa and the EOR boom
Poland is emerging as an operational hub for clinical research, attracting specialists in study monitoring, data management and regulatory affairs. South Africa is also drawing attention for its skilled workforce at manageable cost. The Asia-Pacific region is growing fastest, with the global employer-of-record (EOR) market projected to reach $5.97 billion by 2026 and APAC expanding by more than 17% annually.
But expanding globally means navigating a thicket of local rules. In Germany, works council co-determination rights kick in as soon as a company employs five people. The Federal Labour Court sharpened the rules further with a ruling on 23 September 2025 (case reference 1 ABR 25/24), clarifying co-determination criteria for so-called matrix managers – a persistent headache for international groups.
Regulatory pressure mounts
Data protection and cybersecurity regimes like the GDPR, NIS2 and KRITIS are pushing security requirements higher. Cloud-based communication platforms (UCaaS) are especially affected. Among German mid-sized firms, AI adoption in this area nearly doubled between 2024 and 2025, reaching 36%.
Technology is also enabling a new form of outsourcing: teleoperation. Workers now control industrial machinery – forklifts, excavators – remotely via 5G or satellite links. In Japan, automated systems restock convenience stores; at Düsseldorf Airport, shuttle systems run on remote steering. Researchers warn that such developments could devalue local jobs and create novel forms of offshoring.
Deepfakes and digital identity
Wider remote hiring also raises the risk of industrial espionage and identity fraud. Recruiters are turning to multi-step verification tools: digital ID checks and liveness detection designed to spot deepfakes during interviews. The goal, especially in the DACH region, is to establish a consistent digital identity for every applicant.
