In many Belgian public organisations, AI is already present. Not the AI that was officially decided upon and deployed. The AI that teams use on their own, without a framework, without approval, without sharing. This is what we call shadow AI.
The outcome is predictable. Isolated experiments that lead nowhere. Frustrations that pile up and a collective sense that “it doesn’t work”. In that case, the problem isn’t the tool, it’s the absence of any structure around it.
Two obstacles come up consistently. First, a lack of clarity about what is permitted: which tools, which types of data, which limits. Second, uncertainty about organisational support: are licences covered? Is there an allowance to take time for experimentation? Without clear answers to these questions, sharing feedback becomes almost impossible.
And behind these obstacles lies a concrete risk that many organisations underestimate. Without governance, without information, without training, employees use whatever they can find.
According to a 2025 KPMG study conducted with the University of Melbourne and cited by Trends-Tendances (14 May 2026):
- 73% of employees who use AI at work rely on consumer-grade tools such as ChatGPT or Gemini
- 70% access them through free versions with no enterprise-level security framework.
Only 2 in 5 employees report that their organisation has a formal policy governing the use of generative AI. Personal data, commercial information, and sometimes confidential citizen data are flowing through tools that store data on servers outside European jurisdiction and outside any form of organisational control.
The AI Act only heightens the urgency: the absence of a framework is no longer merely an organisational risk. It is a genuine legal exposure.
What this actually requires
Introducing AI into an organisation is not an IT project. It is a transition and like any transition, it must be managed at three levels: vision, framework, and governance.
Vision comes first. It must be validated collectively, not imposed from the top down. Next, an evolving legal framework that makes room for voluntary experimentation and organises the circulation of learnings. Finally, light but regular governance: not heavy committees, but structured check-ins to build on what works and maintain the balance between security and learning.
This transition plays out across three complementary levels.
Frameworks such as Sociocracy 3.0 and Team Topologies serve as support, not as methodologies to be deployed wholesale, but as tools adapted to each context.
In practice, the experimentation framework rests on several building blocks: tool licences accessible to those who want to experiment, spaces for spontaneous exploration, hackathons, and regular AI meetups to ensure learnings genuinely circulate.
The numbers that change the conversation
After implementing this approach in one organisation, an internal survey asked three simple questions :
- 82% of employees said they would share what they had seen with their team
- 95% said these exchanges made them want to stay in the organisation
- 70% felt motivated to try new practices
These results did not come from a large transformation programme with a significant budget. They came from a simple, living framework, proof through practice, and diffusion through peers rather than through hierarchy. Resistance turns into curiosity, and curiosity, with the right framework, turns into capability.
Making IT last
Adopting AI in a public organisation also means managing what isn’t visible at the outset: access and API key management, usage cost tracking, coordination with legal and the DPO. These operational aspects are consistently underestimated and they have derailed more than one well-intentioned project. 5th floor can provide a platform team to take ownership of these matters and free your teams to focus on what counts.
For organisations integrating AI directly into their business applications, additional questions arise: traceability, testability, AI Act compliance. These are steps we have already walked through.
AI remains a component, not a standalone solution
What emerges from these experiences is a conviction that 5th floor also applies in its own engagements: AI does not replace expertise. It enhances it. It never makes decisions on behalf of teams. It replaces neither dialogue, nor business reasoning, nor human judgement.
A concrete example: on a public portal allowing users to upload images, compliance checks were manual, slow, and generated constant back-and-forth. 5th floor integrated an automated check at the point of upload. The AI analyses the image and returns a proposed decision with a clear explanation. Naturally, the case manager retains control over the final action.
The result? Reduced turnaround times, lower manual workload, better-understood rules and a more transparent process for everyone.
That is what useful AI looks like.
Not AI for AI’s sake.
