If you work in a regulated industry, like banking, healthcare, government, aerospace,ย youโreย likely awareย of a stark reality: your sector is deploying AI more slowly than unregulated industries. The irony is that organizations that would like to use AI most to improve operations and competitive positioning are the ones least able to use it because compliance requirements create barriers.ย Most modern AI platforms simply arenโt architected for regulated environments.ย ย
According to theย State of AI in Support Operations: Balancing Innovation and Complianceย survey we conducted this Fall,ย roughly sevenย in ten organizations (71%) have adopted AI for support operations. Yet the numbers tell a different story when examined by industry. While nearly all technology companies (92%) have deployed AI for customer support, just over half of organizations in regulated industries (58%) have done the same, a disparity that reflects a mismatch between how modern AI is commonly deployed and what regulated industries actually need from their infrastructure to safely deploy AI.ย
Security and Compliance Block AI Adoption in Regulated Industriesย
Most vendors address theย adoptionย disparity through a security lens, pointing to their platformโs comprehensive security measures. The issue, however, goes considerably deeper than their explanations suggest.
The standard AI deployment model works this way: your help desk platform runs in the cloud (typically AWS or Azure) while the platformโs AI capabilities run on a separate part of the cloud or on another cloud entirely, with unencrypted data flowing between the services.ย
The cybersecurity posture of the large public cloud services is strong, so for most organizations this architecture is just fine.ย ย But for many organizations in highly regulated industries or those with strict data sovereignty requirements, this model creates a significant problem. Unencrypted data flowing around public cloud services is simply a no-no from a security or compliance perspective.ย ย
IT Security Teams Determine AI Platform Selectionย
The adoption patterns between technology companies and regulated industries reflect fundamentally different approaches to security.ย Technology companies oftenย operateย with a reactive security posture, relying on the security infrastructure ofย the publicย cloud providers, moving fast to deployย cutting edgeย technologiesย and addressingย additionalย security concerns as they arise. Most organizations in regulated industriesย operateย under far more rigorous conditions where strict compliance requirements must be metย before systems go live.
This difference manifests directly in the purchasing process. In regulated industries, more than half (56%) rate AI security as critical compared to less than half (43%) across all industries, andย the vast majority ofย organizations (78%) involve IT or security teams in final purchasing decisions, effectively giving these teams veto power.ย
ย 
When security teams evaluate platforms with AI capabilities, theyย encounterย a limited set ofย viableย options: cloud-based solutions with modern AI features that, explicitly or not, require unencrypted data to flow between external systems, or on-premises solutions with expensive and/or limited AI capabilities. In practice, more than half (53%) of organizations currently in pilot or evaluation phases focus specifically on defining security and compliance requirements before committing to vendors, moving deliberately through their evaluation because the consequences of getting decisions wrong include regulatory fines, operational shutdowns, and reputational damage.ย
For technology companies, the question is straightforward, โwill this improve our operations?โ For regulated industries, the follow-up question is whether the organization can use it and remain compliant, and if the answer is unclear, the softwareย doesnโtย getย purchased.ย
Four Criteria to Consider when Evaluating AI-enabled Platforms in Regulated Industriesย
If you work in a regulated industry, here are some criteria to consider when evaluating AI for support operations:ย ย
- Does the platform have its own dedicated data center(s) in which it is running the AI foundation modelย servicesย or does it rely on services hosted in the public cloud?ย
- Does the platform offer deployment flexibility? Confirm that the platform can run in your virtual private cloud or data center rather than being restricted to the vendor’s public cloud infrastructure.ย ย
- Does the platform support AI model selection?ย Determineย whether you can bring your own AI provider/model or if you are locked into the vendor’s chosen foundation model.ย ย
- Does the platform meet your data sovereignty requirements? Verify that your data will remain within the relevant geofenced area or security perimeter.ย
- Does the platform meet your compliance requirements? Evaluate the governance and visibility capabilities toย confirmย you can see exactlyย what’sย happening with your data andย maintainย audit trails.
AI Adoption in Regulated Industries Requires Architectural Changeย
The AI adoption gap between technology companies and regulated industriesย isnโtย permanent; it signals that vendors have built solutions for one market while the challenges of another remainย largely unaddressed.ย This is a pattern that has historically been temporary in enterprise software.ย Eventually, the neglectedย marketโsย demand becomes large enough that vendors either adapt their offerings or get displaced by competitors who do.
The organizations that rethink their architecture to support secure AI deployment willย establishย the standard for how enterprises deploy AI-enabled tools and platforms going forward.ย Nearly three-quartersย (74%) of organizations expect to increase their focus on AI security over the next two years, a clear signal that the market is ready for this shift. As regulations evolve and AIโs role inย supportย operations and business operations deepens, the importance of security and compliance on procurement decisions will only increase.ย ย
ย
