Okta’s Businesses at Work report points to a clear shift in how organisations are adopting AI. What started with copilots and chatbots is quickly becoming more operational: AI agents that can access information, trigger workflows, and take action across the business.
For organisations in EMEA, that creates opportunity, but also a new challenge. As AI agents become part of day-to-day operations, leaders need to know what these systems can access, what they are doing, and how to govern them properly. Organisations across EMEA do not want to choose between innovation and control. They need both.
That is why AI readiness increasingly comes down to identity.
The governance gap is real
Across EMEA, AI agents are being adopted faster than the governance models needed to manage them. This year’s findings show that while 91% of organisations report they are already using AI agents, only 10% say they have a well-developed strategy in place to manage them.
The concern is clearly understood: 58% of organisations rank AI agent governance and oversight as their top security issue. But the controls have not kept pace.
That matters particularly in EMEA, where many organisations, especially in regulated sectors, are working to a higher bar on trust, transparency, privacy, and accountability. AI agents are already being used to automate routine tasks, support customer service, and improve internal workflows, all of which require access to systems, applications, and data. Yet only 32% of organisations say they secure AI agents with the same rigour they apply to human employees.
For leaders across EMEA, the challenge now is to make sure governance catches up with adoption.
Manual processes will not keep up
Many organisations are trying to manage this new reality with governance models built for a different era.
Manual approvals and fragmented processes are difficult enough when dealing with people. They are far less effective when applied to autonomous systems operating across multiple apps and services at speed. That challenge is even greater in a region where many businesses operate across multiple markets, jurisdictions, and technology environments.
That creates a specific risk: either security and IT teams become a bottleneck, or access grows faster than oversight can keep up.
Identity is the foundation
If an AI agent can act in your environment, it needs to be governed accordingly. That means giving it a clear identity, tightly scoped access, and the ability to be monitored, suspended or revoked when needed.
Identity gives organisations visibility into where AI agents exist, what they can access, and how they are behaving. It also provides the controls needed to apply policy consistently, reduce unnecessary privilege, and support the auditability that regulators and customers increasingly expect.
For EMEA organisations, the goal is not to slow innovation. It is to give organisations the confidence to adopt AI responsibly.
Trust will define the next phase of AI adoption
The Businesses at Work research makes one thing clear: AI agents are going to play an increasingly important role in how work gets done. The question is not whether organisations in EMEA will use them, but whether they can do so with the right guardrails in place.
In this region, that starts with identity.
