In most companies running 50 to 500 people right now, 2 to 5 AI clients are running side by side. Claude in marketing. ChatGPT in sales. A custom GPT or two in operations. A handful of agents the engineering team built and forgot to tell anyone about. Ask the CEO which AI tools are in use, and the answer is probably incomplete. Ask what those tools are doing, and the room goes quieter.

Shadow IT is not new. Departments have been buying SaaS without IT for fifteen years. Shadow AI is categorically different, on three counts.

1. The tools rotate every few quarters. AI clients ship faster than any software category before them. We picked one provider lasts about a quarter. The team that standardised on one vendor in March is standardising again in June.

2. The tools share nothing with each other. What an employee teaches Claude, does not transfer to ChatGPT. What ChatGPT remembers today, your next AI tool will not know tomorrow. Your team's accumulated expertise lives across five vendor accounts and as many personal prompt libraries. When that employee rotates, the IP rotates with them. Until the registry layer treats prompts and agents as the same shared asset, they walk out with each person who used them.

3. The tools act, they do not just advise. An agent connected to your CRM can update records. An agent connected to your email can send messages. An agent connected to a billing system can issue invoices. One sentence (update all 2026 opportunities to closed-won) moves more data in three seconds than a person would touch in a quarter. The pull side is worse. A prompt asking for all customers above €100k revenue pulls every matching record into the model's context in milliseconds, including PII you did not intend to expose. There is no rate limiting, no row-level audit, and no way to recall what was sent once it has left.

The company is accountable, not the employee

Belgian and EU law do not need to change to make this a problem today. They already have. Shadow AI is not a legal question, it is a governance question, says Étienne Wery, a lawyer at the Brussels and Paris bars who specialises in technology law, in a recent Trends piece on employer responsibility. The legal frame is clear: the employer is accountable for what employees do with AI, unless they can demonstrate appropriate policies, adequate training, and that the instructions were correctly applied and followed.

An employee feeding personal data into a non-frameworked AI tool, against GDPR, exposes the employer to direct liability. The European Court of Justice reinforced this in April 2024. Accountability sits with the company, not the employee.

There is a more sympathetic reading. When an employee uses AI without informing their manager, it is usually not to bypass the rules. It is because no rules have been issued. In 2026 it is hard to call these tools marginal. Without a written framework, silent tolerance becomes the default, and silent tolerance is exactly what turns into employer liability the day something goes wrong.

What AI reads, is harder to catch than what it writes

AI tools both read and write. Most governance attention goes to the write side: what changed, who approved it, what the log says. The read side slips through. The same agent that helped you draft a quarterly summary just pulled the full revenue history into a third-party model. GDPR Article 5 data minimisation does not survive that cleanly. The query is technically legitimate. The audit story is much harder to produce.

Most teams will not catch it. The AI usage log, if it exists at all, lives inside the vendor that ran the query. Your audit posture is only as good as the weakest vendor's record-keeping, and you cannot reconstruct what a model saw after the fact.

The deadlines that did not move

The EU AI Act bought you a year on the heavy stuff: high-risk obligations moved from August 2026 to December 2027 in the May 2026 political agreement. Two things did not move. Article 4 on AI literacy has been live since February 2025. Article 50 transparency lands on August 2026. The evidence both articles ask for has to exist before the deadline, not on it.

Write the rules

A one-page AI policy is the first artifact a regulator, an auditor or a worried CEO will ask for. Keep it light and visual. A policy that fits on one page, with a clear layout people can scan in a minute, is one they will actually remember and apply on a Tuesday afternoon. A twenty-page binder is one nobody recalls when it matters. Seven short clauses, one page, signed by management:

• Scope. Anyone using AI for work, including contractors and interns. AI includes anything generative or agentic, including features already baked into tools you use (Office, Salesforce, your CRM).
• Approved tools, by data tier. A short named list of approved tools, mapped to the data each can handle. Public and internal data go into any approved tool. Confidential and personal data only into tools with a signed DPA. Special-category data (health, biometrics, opinions) needs DPO sign-off.
• Prohibited uses. The EU AI Act Article 5 list (no social scoring, no workplace emotion recognition, no biometric mass surveillance). Plus your own house rules, for example: no AI for hiring decisions without human review.
• Customer disclosure. If a customer talks to AI, label it. If a customer reads AI-generated content, label it. Article 50, due 2 August 2026.
• Oversight and incidents. Outputs with legal, financial, hiring or client-facing weight need a named human reviewer before they leave the company. Incidents go to one named channel (Slack or email) within 24 hours.
• Training and roles. Every AI user completes an AI literacy module before access, refreshed yearly, attendance documented. Name the AI lead, the DPO, and the person who approves new tools by name, not by role.
• Review. Every six months and after any incident or significant regulatory change.

That is the minimum. You can write it in Word in an afternoon. If you want a head start, we built a five-minute chat interview that drafts a light, visual one-pager for you, free, no card. It is your draft. Take it to your management and your DPO.

Draft your one-page AI policy in five minutes.

What comes next

Once the policy is signed, the operational habits follow naturally:

• a use-case register per team,
• prompts and agents as shared assets,
• an approval gate between AI and any irreversible action.

We are building the operational checklist for these habits as the next artifact in the series. Subscribe and we will send it the day it ships.

Already have a policy and want the operational layer earlier? Email mathieu@air-lock.ai with one line about your setup. Early draft back within 24 hours.

When all of this outgrows a spreadsheet and you need the cross-vendor audit log, policy enforcement, versioned agents and rate-limited reads in one governed layer, that is what airlock is for.

One question

The employer is accountable for what employees do with AI, unless the policy is in writing and the training was actually done.

Have you written any?