Run less, govern more: what European CIOs are planning for 2026
Every autumn, our field teams sit down with IT leaders across France, Germany, Benelux, and the Nordics to talk about the year ahead. The conversations are informal and off the record, which is precisely why they are useful. This year, across sectors as different as retail banking and regional government, the same two themes kept returning: run less, and govern more.
Neither is a slogan anyone would put on a strategy slide, and that is rather the point. The mood in these rooms has shifted from ambition to consolidation, from adding capability to reducing the number of places the same capability lives. Below is what we heard, and what we think it means for the year.
Run less
The expansive platform portfolios assembled between 2020 and 2023 are being quietly rationalized. Nobody we spoke to plans a dramatic rip-and-replace program. Instead, budgets for 2026 favor consolidation: fewer gateways, fewer overlapping integration tools, fewer contracts to renew and teams to staff. One CIO of a large French insurer put it plainly: "I am not looking for new capabilities. I am looking for fewer places where the same capability lives three times."
The driver is only partly cost. Just as often it is people. Platform engineers are hard to hire everywhere in Europe, and every redundant system is a claim on a team that has better things to do. Several leaders framed rationalization explicitly as a talent strategy: the way to give scarce, expensive engineers work worth doing is to stop spending their attention on keeping four overlapping tools alive.
There is a risk-reduction argument underneath it too. Every platform is an attack surface, an audit scope, and a source of drift. Fewer of them means fewer things to patch, fewer places for policy to diverge, and a smaller, more defensible perimeter, which leads directly to the second theme.
Govern more
The second theme follows from the regulatory calendar. DORA is now supervised in earnest, NIS2 transpositions are biting, and the EU AI Act's obligations arrive in stages through 2027. What leaders told us they need is not more policy documents but better evidence: the ability to answer a supervisor's question from production records rather than from a working group.
The estates that will feel calm in 2026 are the ones where governance is a property of the infrastructure, not a quarterly project.
The distinction leaders drew, again and again, was between governance you perform and governance you possess. Governance you perform is the scramble before an audit: the working group, the evidence hunt, the reconstructed timeline. Governance you possess is the log that already exists, the inventory that is always current, the policy enforced in one place. The first consumes a team every quarter. The second costs almost nothing to answer because the answer was never assembled, it was simply recorded.
Where AI fits
AI budgets are growing, but the mood has changed since 2024. Experimentation is no longer interesting for its own sake; what gets funded is AI that reaches production under the same controls as everything else. Several leaders described pausing pilots not because the results were poor, but because nobody could say what data left the building. Bringing model access under governed, observable infrastructure was cited again and again as the unblocking move.
Notably, this connects the two themes rather than competing with them. The leaders who had solved the "run less" problem, one platform, one policy engine, one audit trail, found they already had the natural home for AI traffic. Those still running fragmented estates faced a choice between adding yet another silo or delaying AI until the estate was in order. More of them are choosing to fix the estate first than would have a year ago.
None of this is glamorous. That may be the most European thing about it: 2026, for most of the leaders we spoke to, is a year for making the estate smaller, quieter, and easier to defend in front of a regulator. We think that is exactly right.