Shadow AI is the uncontrolled use of public AI tools like ChatGPT, Claude, or Perplexity by employees – without IT knowledge, without governance, without audit trail. Corporate data leaves the network uncontrolled.

What is the Decision Layer?

The Decision Layer is a governance layer that decomposes every business process into micro-decisions and defines for each: human decides, rule set applies, or AI decides autonomously. Every decision is documented.

How does the Decision Layer help with works councils (Betriebsrat)?

The Decision Layer makes transparent what the AI decides and when a human intervenes. Company agreements (Betriebsvereinbarungen) are implemented as technical rules that the system cannot bypass. The works council can trace every decision.

Decision Layer & Shadow AI: Control Instead of Chaos

Two Problems. One Architecture.

Shadow AI and inadequate governance are the two largest obstacles to scaling AI in enterprises in 2026. The first problem: employees use public AI tools without oversight because the organization offers no alternative. The second problem: even when the organization does provide AI, the architecture that separates analysis from decision is missing.

The Decision Layer solves both problems. It is the governance layer that defines who may decide what — human, rule engine, or AI. And it is simultaneously the foundation for providing employees with a controlled AI offering that surpasses the public alternatives.

This article explains why shadow AI is the risk of the hour, how the Decision Layer works, the role data classification plays, and why without this architecture neither works councils (Betriebsrat), nor auditors, nor the board will approve AI scaling.

Shadow AI — the Underestimated Risk

Shadow AI is the shadow IT of 2026. The term describes the uncontrolled use of public AI services by employees — without IT knowledge, without governance, without an audit trail.

The reality in most organizations: employees use public AI tools for their daily work. They draft emails, summarize reports, analyze contracts, create presentations. Not out of malice, but because these tools make them more productive. And because their employer offers no equivalent alternative.

The problem is not the usage itself. The problem is what happens in the process:

Data leakage. Every input into a public AI tool leaves the corporate network. Contract terms, financial data, personnel information, strategic plans — everything entered into a prompt is beyond your control.

No traceability. Which employee submitted which data to which tool? Nobody knows. There is no audit trail, no logging, no possibility of retrospective review.

No quality control. Results from public AI tools feed into business decisions without any visibility into the basis on which they were generated. A contract draft partially produced by AI — who reviews the clauses?

GDPR risk. Personal data transmitted to public AI services may constitute a reportable data protection incident. Not theoretically, but under current legal interpretation.

The solution is not prohibition. Bans fail in practice — they get circumvented, ignored, or undermined. The solution is a better offering: an internal AI portal that is functionally at least equivalent, but equipped with governance, data protection, and an audit trail. What such a portal looks like is described in the article Enterprise AI Portal: Four Open-Source Interfaces Compared.

The Decision Layer — Analysis Is Not Decision

The Decision Layer is the architectural principle that separates analysis from decision. An AI model can analyze: summarize data, detect patterns, calculate probabilities, issue recommendations. But the decision of whether and how to act on that analysis is a separate question — and the Decision Layer answers it.

The principle: every business process is decomposed into micro-decisions. For each individual micro-decision, it is defined in advance who decides:

Incoming transaction
        │
   ┌──────────┐
   │ Decision  │
   │  Layer    │
   └──────────┘
   ┌────┼────────────┐
   ▼    ▼            ▼
 RULE   AI        HUMAN

RULE: Deterministic decisions that always produce the same outcome. Deadline checks, collective agreement calculations, booking logic, threshold values. The rule engine is versioned — every change generates a new version, the previous one remains traceable.

AI: Decisions where the model may act autonomously within defined boundaries. Standard classifications, routine communications from approved templates, unambiguous assignments. Only at high confidence and low risk.

HUMAN: Judgment calls, exceptions, cases with discrimination potential, decisions above defined value thresholds, all cases where the works council (Betriebsrat) requires co-determination (Mitbestimmung).

Four principles make the Decision Layer effective:

Explicit, versioned rules. Every decision rule has an ID, a version, a validity date, and a scope. When a company agreement (Betriebsvereinbarung) changes, a new rule version is created. During an audit, it is traceable which rule was in effect at the time of the decision.

Architecturally enforced human-in-the-loop. For defined decision types, the system cannot proceed without human approval. This is technically enforced, not organizationally agreed upon. An agent cannot bypass this review because the architecture does not permit it — not because a policy prohibits it.

Audit trail per micro-decision. Every individual micro-decision generates an immutable log entry: input, applied rule, confidence score, routing decision, outcome, timestamp. This is not retrospective documentation — it is the technical record of the decision process.

Company agreements as system constraints. Works council requirements are not implemented as organizational guidelines, but as technical rules in the Decision Layer. The system cannot bypass the company agreement (Betriebsvereinbarung) because it is part of the system logic. The works council can trace every decision in the audit trail.

Data Classification as the Foundation

Before the Decision Layer can take effect, a fundamental question must be answered: Which data may be processed by which AI model? The answer is provided by a four-tier classification scheme:

Tier	Label	Examples	Permitted AI Processing
1	Public	Press releases, website content	All models, including public APIs
2	Internal	Presentations, process documents, internal policies	EU cloud or self-hosted models
3	Confidential	HR data, financial data, contracts, customer data	Self-hosted only or with PII anonymization
4	Strictly confidential	M&A documents, patents, board communications	On-premises only, no cloud model

The classification automatically determines model routing. When an employee asks a question about a contract (tier 3), the system automatically routes the request to a self-hosted model or anonymizes the data before handoff. A public model is not an option for tier-3 data — and the architecture ensures this is technically impossible, not merely organizationally prohibited.

Data classification is not a one-time task. It must be integrated into existing processes: every new document, every new data source, every new process receives a classification. Ideally, this happens automatically — based on document type, content recognition, and organizational assignment.

Without data classification, the foundation for every subsequent governance measure is missing. It is the first decision that must be made — before model selection, before building the infrastructure.

The Five Pillars of AI Governance

Data classification is the foundation. Five pillars build on it to form a complete AI governance framework:

1. Access control. Who may use which AI functions? Which assistants, which knowledge bases, which agents are available to which roles? Access control mirrors the existing organizational structure: HR sees HR assistants, Finance sees Finance assistants. SSO integration ensures no separate credentials need to be managed.

2. Audit and logging. Every interaction with the AI system is logged. Not to monitor employees, but to ensure traceability of business decisions. Who asked which question, when? Which model responded? Based on which sources? The audit trail is the foundation for internal audit, financial review, and compliance evidence. The governance reference architecture describes the technical implementation in detail.

3. Human oversight. The architecture defines where human review is required. This is not a generic requirement — it is a differentiated decision per micro-decision. Routine classifications do not need a human reviewer. Personnel decisions with discrimination potential always do. The granularity of this differentiation distinguishes effective governance from bureaucratic governance.

4. Quality assurance. AI results must be verified — not every single one, but systematically. Spot checks, user feedback, automated evaluation. Does the model hallucinate? Are source references correct? Are rule applications accurate? Quality assurance is an ongoing process, not a one-time test.

5. Compliance and reporting. The EU AI Act requires technical documentation, risk classification, and conformity assessment for high-risk AI systems starting August 2026. AI governance must incorporate these requirements from the outset — not retroactively. Regular reports on usage, model performance, decision quality, and compliance status form the basis for management oversight.

Why the Decision Layer Is the Key to Scaling

Organizations that want to scale AI — from one pilot project to ten production agents, from one department to the entire organization — hit a hard limit without a Decision Layer. Not a technical limit, but an organizational one.

The works council (Betriebsrat) will not consent. In Germany, works councils have co-determination rights (Mitbestimmungsrechte) for any AI deployment that monitors employee behavior or makes decisions affecting employees. Without traceable decision logic, without documented human-in-the-loop, without company agreements (Betriebsvereinbarungen) as system constraints, no works council will give its approval. The Decision Layer delivers exactly the transparency and controllability the works council requires. For organizations operating across multiple European jurisdictions, similar employee representation bodies exist with comparable requirements.

Internal audit will not sign off. Auditors and internal reviewers need traceability. When an AI agent generates bookings, evaluates contracts, or prepares personnel decisions, the decision path must be auditable. Without an audit trail, every agent decision is an audit risk. The Decision Layer automatically generates the evidence auditors need.

The board will not approve the budget. Pilot projects are funded from innovation budgets. Scaling requires capital investment — and that demands a business case with defensible figures. The Decision Layer delivers the data: throughput times, error rates, cost per transaction, escalation rates. Without these data points, AI remains a cost line without demonstrable return.

The sequence is non-negotiable: governance first, then scaling. Not the other way around.

Cookieless and Privacy by Design

An enterprise AI portal should protect not only the data in user queries, but also the usage itself. This means: no tracking, no analytics cookies, no behavioral analysis.

SSO instead of separate accounts. Employees authenticate via the organization’s existing identity management. No separate passwords, no separate user profiles with a third-party provider.

No tracking cookies. The internal AI portal uses no cookies for behavioral analysis. Usage data is collected exclusively for the audit trail — not for marketing, not for product optimization by third parties, not for profiling.

Usage data for audit purposes only. Which employee submitted which request is logged — but exclusively for governance purposes: traceability, compliance, quality assurance. Access to these data is restricted to authorized roles (IT security, data protection officer, internal audit). Line managers do not see individual queries from their employees.

Privacy by design. Data protection requirements are built into the architecture, not bolted on afterward. PII anonymization, data classification, model routing — all these mechanisms operate automatically, based on the classification of the data, not on the discipline of the users.

This approach satisfies not only the data protection officer but also the works council (Betriebsrat): the system does not monitor employees. It documents business decisions.

📘 Enterprise AI Infrastructure Blueprint 2026 – Article Series

← Previous	Overview	Next →
From Chatbots to AI Agents: MCP, A2A and Multi-Agent Systems	Overview	What AI Really Costs: TCO Comparison for Enterprises

All articles in this series: Enterprise AI Infrastructure Blueprint 2026

Decision Layer is Gosign’s central governance component. Model-agnostic, works-council-compatible, with a complete audit trail. More on the governance architecture.

Book a consultation — 30 minutes to determine how a Decision Layer for your processes should look and how shadow AI in your organization can be addressed in a controlled manner.