Across boardrooms in Frankfurt, Milan, and Amsterdam, the conversation has shifted. Digital transformation is no longer a strategic ambition deferred to the next budget cycle—it is an operational imperative with measurable consequences for valuation, compliance posture, and competitive positioning. Two landmark reports published in early 2026—NTT DATA’s Cloud Maturity Index (March 2026) and Infor’s Enterprise AI Adoption Impact Index (April 2026)—provide the clearest empirical picture yet of where large organisations stand, and where the gaps are widening into liabilities.

Cloud Maturity: The Gap Between Aspiration and Execution

NTT DATA’s March 2026 research surveyed enterprise IT and business leaders across 14 countries, revealing a persistent and commercially significant divide between cloud strategy and cloud execution. While over 78% of respondents reported having a formal cloud migration roadmap, fewer than 34% classified their organisation as operating at an advanced or optimised cloud maturity level. The remaining two-thirds remain in transitional states—exposed to technical debt, fragmented data architectures, and escalating vendor lock-in risks.

For CFOs and General Counsel, this data carries direct implications. Cloud immaturity is no longer merely a technology problem; it surfaces during M&A due diligence as a valuation discount, and it creates compliance exposure under frameworks such as DORA (Digital Operational Resilience Act), which entered full application across EU financial entities in January 2025. Organisations that cannot demonstrate resilient, auditable cloud infrastructure face regulatory scrutiny and reputational risk in equal measure.

  • Action for CFOs: Commission an independent cloud maturity assessment before the next capital allocation cycle. Infrastructure debt compounds silently until it becomes a transaction risk.
  • Action for General Counsel: Map current cloud architecture against DORA ICT risk management requirements and identify contractual gaps with third-party cloud providers.
  • Action for CTOs: Prioritise workload portability and interoperability standards to reduce vendor concentration risk ahead of any potential M&A event.

AI Adoption in Enterprise: Productivity Gains Are Real, but Governance Lags

Infor’s April 2026 Enterprise AI Adoption Impact Index offers a more granular lens on where artificial intelligence is delivering measurable returns—and where the absence of governance frameworks is creating new categories of risk. Among enterprises that have deployed AI in core operational workflows, 61% reported measurable productivity improvements within 12 months, with the highest gains concentrated in finance automation, supply chain optimisation, and customer operations.

Yet the same research flags a critical structural weakness: fewer than 40% of AI-deploying enterprises have implemented a formal AI governance policy aligned with emerging regulatory standards. In the European context, this is particularly consequential. The EU AI Act—with its tiered risk classification system and obligations for high-risk AI applications—creates direct legal exposure for boards that cannot demonstrate oversight, explainability, and human review mechanisms for automated decision-making systems.

The strategic implication is clear: AI adoption in enterprise is accelerating faster than the governance infrastructure required to sustain it responsibly. For M&A Directors, this creates a new due diligence category. Acquiring an organisation with embedded AI systems and no governance framework is acquiring a regulatory liability that may not appear on the balance sheet but will surface post-close.

Implications for Business: Integrating Digital Strategy with Risk Management

The synthesis of these two data sets points toward a single, urgent conclusion for European business leaders: digital strategy and risk management can no longer operate as parallel workstreams. The organisations that will extract durable competitive advantage from cloud migration and AI adoption are those that treat governance, compliance, and technology architecture as a unified discipline.

Several practical priorities emerge for the remainder of 2026:

  • Board-level AI oversight: Establish a dedicated AI and technology risk committee, or formally extend the remit of the audit committee to cover algorithmic risk and model governance.
  • Integrated digital transformation roadmaps: Ensure that cloud migration timelines are synchronised with AI deployment plans, avoiding the common failure mode of deploying AI on immature data infrastructure.
  • Regulatory horizon scanning: Beyond DORA and the EU AI Act, the European Data Act and evolving NIS2 Directive obligations require continuous legal and technical monitoring. Reactive compliance is structurally more expensive than anticipatory alignment.
  • Innovation management discipline: Apply portfolio management principles to emerging technology investments—distinguishing between core optimisation, adjacent capability building, and exploratory innovation—to avoid diffuse spend with no measurable return.

Key Takeaway: The 2026 enterprise data confirms that the gap between digital leaders and digital laggards is no longer primarily a technology gap—it is a governance and execution gap. For CFOs, General Counsel, and board members, the priority is not to accelerate adoption further, but to ensure that the adoption already underway is structurally sound, regulatorily defensible, and strategically coherent. In an environment where AI capabilities are becoming commoditised, the durable differentiator will be the quality of the framework built around them.