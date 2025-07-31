Sometimes in software development, things can sit on your to-do list for years – and it’s a technology-based disruption that pushes them to the top of your priorities.

Remember the move to mobile 15 years ago? All of a sudden, people were rushing to address things they should have already thought about in the web app age.

Customer experience, robust testing, programs that are truly fit for purpose and not just functional – the emergence of mobile highlighted many gaps that organizations had to fill. In 2025, AI and low code are the innovations having a profound impact on software development.

And one, perhaps under-acknowledged, consequence is a shift in how organizations approach risk management and regulatory compliance.

Gordon Van Huizen Social Links Navigation SVP Strategy, Mendix.



The decentralization of development

How enterprises develop and deliver technology – for both internal and external use – is changing. Where once technology development was a process led centrally by IT, today no-code platforms and AI tools are driving a shift to development teams fractalized across the organization.

This is incredibly exciting in many ways, as developers can be more responsive to business needs, collaborating directly with the people most aware of what customers, employees and partners require. But at the same time, it changes the business’ relationship with risk. In the old world, the IT professionals driving development had a holistic perspective of the security concerns, risk profiles and compliance requirements of the organization as a whole.

But now, distributed developers work on smaller pieces of the puzzle, which each present a range of risk management and governance questions. Enterprises are now being faced with managing the risk, as well as embracing the opportunity, of this democratization.

The age of adaptive governance

Risk is a complex question in the time of distributed development. Governance and risk mean different things, depending on where the technology sits in the business. Issues like whether applications are customer-facing, the sensitivity of data and how it’s stored and privacy considerations will each vary from case to case.

Delivering a mobile banking feature could raise all kinds of questions. How and where is customer data stored? Who has access? What will be in the hands of the customers, and what will be in the hands of employees? With so many interconnected issues, it could be easy to miss something crucial from a privacy, security or regulatory perspective.

It’s more important than ever that individual developer teams get to grips with the risk and compliance implications of their activities.

This creates a new role for risk managers and compliance officers. Rather than simply sitting centrally, these specialists need to be embedded in multidisciplinary technology delivery teams across the organization, sometimes referred to as “fusion teams”. There, they act as a front line for risk management, empowering development teams with the right guidance and oversight of their activities.

The smartest organizations are moving to a model of adaptive governance: risk management that’s appropriate for each scenario, and balances innovation with compliance. It’s here that fusion teams will really deliver. With a blend of experts from the business, software developers and UX specialists, teams can better understand the risk and compliance implications of their work – and proactively protect the organization.

The invisible shift

The shift to decentralized technology is nothing new. But low code and AI are catalyzing the parallel shift to a new risk management and compliance model. It may be less visible – but the consequences will be significant.

It’s important that everyone gets to grips with the age of adaptive governance, to ensure that distributed development can deliver on its promise, without compromising the business.

