← Other Blogs

Your EU AI Act Classification Is Complete. Shadow AI Isn't on the List.

The EU AI Act requires organizations to classify every AI system they run by risk level. That requirement assumes a complete list of systems exists. Gartner's own research says it usually does not: 69% of security leaders already suspect employees are using generative AI tools nobody approved, and Gartner expects more than 40% of enterprises to face a security or compliance incident tied to unauthorized shadow AI by 2030. This post argues that the real compliance gap is not legal — it is behavioral, and it is measurable before it becomes an incident.
Compliance
Human risk management
GenAI and security
Zepo Intelligence

A compliance team finishes its EU AI Act system inventory. Four tools, each mapped to a risk category under the Act, each with a documented owner. The exercise is thorough, defensible, and complete — on paper.

It is also answering the wrong question. The inventory captures every system procurement knew about. It says nothing about the AI tool a marketing employee opened in a browser tab last Tuesday to finish a deck faster — the one nobody asked about because nobody knew to ask.

The blind spot EU AI Act classification cannot see

Shadow AI — generative AI tools used without organizational approval or visibility — is not a new category of risk. It is the same shadow IT problem organizations have managed for years, except the tool now writes, summarizes, and reasons over whatever data an employee gives it, which changes how quickly a small convenience turns into an exposure nobody planned for.

Gartner surveyed 302 cybersecurity leaders in November 2025. 69% already suspect or have evidence that employees are using generative AI tools that were never approved. That number describes the present, not a future risk.

"Every CISO I talk to has discovered some form of shadow AI," says Andrew Walls, VP Analyst at Gartner (CSO Online, March 2026). The quote is notable less for what it reveals about any single organization and more for how universal the pattern has become.

The tools involved are rarely exotic. They are the same consumer-grade chat assistants and writing aids that show up in personal use, adopted at work because they solve a real problem faster than the approved alternative — or because there is no approved alternative for that specific task.

What the data says is coming

Gartner's research goes further than describing the current state. The firm expects more than 40% of enterprises to experience a security or compliance incident tied to unauthorized shadow AI by 2030 (Gartner, November 2025). That is a prediction that this will be the way a meaningful share of AI-related incidents happen — not through the systems that were classified and monitored, but through the ones that were not.

That future is already visible in the present. IBM's 2025 Cost of a Data Breach Report found that shadow AI is already involved in 20% of breaches, adding an average of $670,000 to the cost of an incident. Among the organizations that suffered one of those breaches, 63% had no AI governance policy at all.

Where EU AI Act classification and shadow AI collide

Article 6 of the EU AI Act sets out how organizations classify AI systems by risk level. The classification process works only against systems an organization knows it runs. It has no mechanism for a tool nobody registered, because the article assumes the list it is applied to is complete.

An organization can have a fully documented, Article 6-compliant classification of every system on its official inventory and still carry the exposure Gartner describes — because the tools driving that exposure were never on the list in the first place. The compliance program is not wrong. It is answering a narrower question than the one that determines actual exposure.

What EU AI Act enforcement looks like

This is not a theoretical gap. The Act's penalty provisions give regulators the power to fine organizations for non-compliance with operational obligations — including classification failures — at tiers reaching €15 million or 3% of global annual turnover, whichever is higher. Those enforcement powers apply regardless of whether the exposure came from a system the organization knew about or one it did not.

That distinction matters for how a board should read this risk. A system that was never classified because nobody knew it existed does not carry a lighter penalty than one that was classified incorrectly. From a regulator's perspective, both represent the same underlying failure: an organization that cannot demonstrate it knows what AI it is running.

Key insight: the shadow AI compliance gap is behavioral, not administrative

The instinct when this gap surfaces is to write a better policy, or run another awareness campaign reminding employees which tools are approved. Neither addresses why the gap exists.

Employees adopt unapproved AI tools for an ordinary reason: the tool makes a task faster, and the approval process — if one exists — is slower than the deadline. Most employees using an unapproved tool know a policy exists. They are making a judgment call under time pressure about which risk feels more immediate: missing a deadline or breaking a rule that feels abstract and distant.

Closing that gap requires seeing the behavior as it happens — in network traffic, in browser activity, in the pattern of what data moves where — not describing it after the fact in a policy document. A tool in active use produces a real signal well before it produces an incident.

For compliance and security leaders building an EU AI Act program, four things follow from this.

First, an AI inventory built entirely from procurement records will always undercount. It reflects what was approved, not what is running — and any classification exercise built only on that inventory inherits the gap.

Second, detecting shadow AI usage is not primarily a technology procurement decision. It is a visibility problem that has to be solved before classification can be complete, because an organization cannot classify a system whose existence it has not confirmed.

Third, the response to a discovered shadow AI tool matters as much as the discovery itself. Treating every instance as a disciplinary event pushes usage further underground. Treating it as a signal — asking why someone reached for this tool and what need an approved alternative failed to meet — closes the gap faster than a stricter policy does on its own.

Fourth, treat the finding as an input to the classification process, not a one-time cleanup. A tool discovered and removed today does not prevent the next one from appearing next month under the same pressure that produced the first. The visibility has to be continuous, not a single audit exercise run once ahead of a deadline.

The EU AI Act gives organizations a real structure for managing AI risk. That structure was never designed to solve the problem of not knowing what AI is in use.

The organizations that reduce this exposure over the next few years will not be the ones with the most complete classification paperwork. They will be the ones that can see what their people are actually using — before a regulator, or an incident, does the discovering for them.

Subscribe to our newsletter
Blog content:
Act now before attackers do
Unify deepfake simulations, personalized training, and risk analytics into a single platform that builds measurable defense.
Talk to an expert

How Zepo helps companies

When everything connects, results follow

Nadia Cappelletti

Digital Information Security Manager

I would recommend Zepo to colleagues at other companies because I believe it has met all our needs. It has allowed us to run three types of campaigns that other tools we have tried simply cannot do. And beyond the product itself, the support from the whole team has helped us get far more out of it.””

+9K

Employees Protected

–10%

Click Rate on Attacks

+18%

Training Completion Rate

Ramon Fernandez Blanco

Cybersecurity & Digital Product Manager

Since implementing Zepo, employee awareness has increased significantly. Employees now actively discuss cybersecurity and phishing campaigns, and suspicious emails are quickly reported instead of ignored.””

+600

Employees Protected

–15%

Credentials Submitted

+26%

Training Completion Rate

Jonathan Nelson

Director of Risk Intelligence

Zepo’s vision for a real-time, hyper-personalised, multi-platform cybersecurity solution is truly unique and stands head and shoulders above the competition”

+100

Employees Protected

Get Smarter Before Attackers Strike.