In 2026, the competitive advantage will no longer be about new tools but trust in infrastructure and compliant frameworks.
Mark Appleton, Group Lead Vendor Ecosystem Development at ALSO, discusses how businesses can have a misplaced focus on external threats over real priorities.
Businesses often think cybersecurity and data privacy are about defending the perimeter from external hackers. As such, they may prioritise price and convenience, under the illusion that this remains consumer priority.
However, a recent industry study found that 63 % of business leaders across the UK, France and Germany feel unprepared to lead effectively in an AI enabled world, citing gaps in governance mindset, structures, and inclusive practices. At the same time, a policy brief by a European policy organisation has called for stronger enforcement mechanisms for digital rules as regulators move to actionable enforcement.
Trust will no longer be defined by breach avoidance alone, but instead, driven by ‘algorithmic integrity’, which is the ability to prove that your AI-driven processes are transparent, accountable, and compliant.
“As the EU AI Act becomes fully enforceable, the era of opaque algorithmic decision-making is ending. What was once considered as theoretical guidance without major consequences, is now a legal obligation with fines that can reach significant percentages,” said Mark Appleton, Group Lead Vendor Ecosystem Development at ALSO. He continues:
“Regulators now expect evidence in the form of audit logs, model documentation, and human oversight frameworks. With identity threats accelerating, organisations must move beyond perimeter security and embed verifiable transparency at the core of their technology stacks. Businesses that don’t risk an erosion of customer confidence and ecosystem exclusion.”
Threats have evolved faster than identity verification frameworks can manage, and AI-enabled fraud have broken traditional trust models. Appleton believes security and AI governance must be treated as part of a single digital confidence framework.
“AI-generated phishing can now mimic writing style and deepfake video impersonation that undermines remote onboarding. Traditional identity verification such as passwords, OTPs, and document upload checks are increasingly insufficient. Cybercriminals will also use stolen credentials, phishing, and AI-enhanced social engineering to gain unauthorised access to sensitive accounts.”
To replace static trust models, organisations must uphold data integrity across its operations. Appleton vouches for standards-based infrastructure alongside real-time validation and dynamic risk assessments.
“The use of AI systems without management frameworks is not an option anymore. Too often, users often place blind trust in AI, even when the security and compliance guardrails are missing. Businesses must treat this as an ongoing commitment, adapting to technological shifts, regulatory developments, and user expectations. Transparency in data usage will be a core tenant of this trust.
“Clarity on how information is processed by these tools must be communicated including consent and how your organisation adheres to international data standards. Compliance must also evolve past a documentation exercise and embedded directly into infrastructure, so governance becomes native to the stack rather than retrofitted through policy.
Appleton continued, “cybersecurity is also a fundamental mechanism of digital trust. Implementing strong certificate-based authentication, timestamping, and secure digital signatures are crucial. This calls for a Zero Trust architecture where trust is continuously validated, not assumed. Businesses can then further enforce continuous verification, behavioural biometrics, and data provenance tracking for greater effects.”
The regulatory burden doesn’t need to be solely placed on business but shared with the right partner who can fast track the process, providing compliance-ready infrastructure and expertise. Appleton explains:
“Partners in the cloud marketplace can deploy compliance-ready cloud and security stacks from leading vendors and specialised security providers. These partners can manage deployment and migration support while the vendor stacks provide the necessary solutions like native auditing, model documentation automation, and secure data pipelines. Rather than building compliance frameworks from scratch, organisations can adopt pre-certified, governance-enabled architectures.”
Appleton concludes, “In a privacy-conscious market, trust is increasingly a purchasing differentiator. Businesses that simplify and secure user experiences, while clearly communicating how data is used, will capture loyalty. This requires granular consent management, data minimisation by design, and transparent model governance disclosures. The strategic question for board rooms is can your organisation demonstrate algorithmic integrity or are you still operating on assumption-based trust?”
