Every organisation has access to capable AI models. But which businesses are tapping into real value — and who’s still waiting for the technology to solve a problem that’s fundamentally about content?
99% of organisations now use AI in some form. Yet only 32% of UK organisations have connected their AI agents to trusted internal content across many use cases — below the global average of 36%. The gap between adoption and value is a content problem. And UK enterprises are well-positioned to close it: 62% saw measurable business impact within six months of project approval, eleven points above the global average of 51%.
The gap between adoption and value is not a technology problem. It is a content problem.

New research commissioned by Box, the leading Intelligent Content Management (ICM) platform, surveyed 1,640 IT decision-makers across the US, UK, France and Japan — including more than 400 respondents in the UK. The findings reveal that companies capturing the most value from AI have connected their models to trusted enterprise content, built governance that scales with agent deployment, and kept their architecture flexible enough to keep upgrading as AI stacks evolve.
The adoption picture
85% of UK organisations run AI agents. 45% have integrated agents into complex, multi-step workflows across teams — above the global average of 42%. And 19% already run agents autonomously at scale.
Nearly two-thirds (63%) of UK organisations now describe themselves as advanced or leading-edge in AI adoption, while 85% are already using AI agents in specific workflows or more broadly across the business.
But adoption is not the same as value:
- 79% report measurable ROI — at least a 10% improvement
- 29% report significant ROI, defined as measurable improvement above 25%
- 51% have seen measurable business impact within six months of project approval
Significant ROI concentrates at the top of the maturity curve: 50% of leading-edge organisations report it, against just 11% at the early stage.
The content problem
Almost all respondents (96%) say it's important or very important that agents access company-specific content and knowledge. Yet only 32% of UK organisations have connected agents to trusted internal content across many use cases — below the global average of 36%.
The challenge is making enterprise knowledge (contracts, policies, product documentation, meeting notes, workflow records) accessible, usable, and trustworthy for the agents that depend on it.
When content is fragmented across network drives, email, and point solutions, AI agents cannot deliver accurate, context-rich answers. The result is slower decisions, unreliable outputs, and AI that remains impressive in demos but underwhelming in production.
Legacy ECM platforms were built for storage and compliance, not AI-native retrieval and orchestration. That architectural mismatch is where value stalls. AI that delivers ROI hinges on having an enterprise content layer — one purpose-built for how agents actually work. Among leading-edge organisations, 63% describe their unstructured data as a competitive advantage, compared with just 26% at the early stage.
Governance is an accelerator
74% of respondents say their governance requirements delay agentic AI deployments. But the research also suggests governance is increasingly viewed as an enabler rather than a barrier: 94% agree that better governance would help them move faster over time, and 93% agree that permissions and access controls are critical for trustworthy enterprise AI.
Among UK IT leaders, the top barriers to giving AI agents access to company content include:
- Security and privacy concerns (40%)
- Regulatory and compliance concerns (32%)
- Data fragmentation across systems (28%) — all above the global averages of 38%, 29%, and 25% respectively.
Meanwhile, governance retrofitted from human workflows delays AI deployment. Governance purpose-built for agents accelerates it — giving organisations the visibility and control they need to scale. That means defined permissions, comprehensive visibility into how agents are being used, and controls that make sanctioned AI tools more useful than the alternatives.
More incidents reported, but for good reason
45% of organisations have already experienced an AI-related data exposure incident. The share reporting established or advanced governance frameworks rose from 24% in 2025 to 73% this year.
The leading edge reports more incidents — not because it has more problems, but because it has built the visibility to see them. 73% of leading-edge organisations report comprehensive visibility across sanctioned and unsanctioned AI use, against 17% at the early stage. Across the whole population, only 39% have that comprehensive visibility today. A known incident is one you can contain.
UK organisations are moving beyond AI experimentation and into operationalisation. We're entering the era of the agentic enterprise, where AI is becoming embedded into everyday business processes and workflows.
“UK organisations are moving beyond AI experimentation and into operationalisation,” said Samantha Wessels, President, EMEA at Box. “We're entering the era of the agentic enterprise, where AI is becoming embedded into everyday business processes and workflows. The companies seeing the greatest success are not simply deploying more AI tools; they are building the foundations that allow AI to scale across the business, including trusted content, governance frameworks and the teams needed to manage agentic workflows. As organisations embrace the next phase of AI, the focus is increasingly shifting from individual productivity gains to transforming how work gets done.”
The UK regulatory context
Post-Brexit, UK organisations operate under UK GDPR — which mirrors the EU framework but is enforced independently by the ICO alongside the ICO’s evolving AI guidance and the work of the UK AI Safety Institute in setting expectations for responsible AI deployment.
The survey data reflects this: 45% of UK organisations have already experienced an AI-related data exposure incident. Among UK IT leaders’ top concerns when adopting AI agents: data privacy risks (45%), regulatory compliance (33%), and ensuring AI uses only approved and trusted sources (33%). These are not abstract risks — they are live operational challenges. UK organisations should treat compliance infrastructure — permissioned content layers, audit trails, and defined agent governance — as a prerequisite for scale, not a retrofit.
As agents take on more autonomous actions, the question of who is responsible when an agent acts is becoming a board-level concern. Organisations must build compliance into content layers from the start, so that every agent action is permissioned, auditable, and aligned with regulatory expectations.
AI broadens headcount
Despite widespread concern about AI-driven job losses, only 8% of UK organisations say AI agents are primarily eliminating existing roles today.
Instead, UK organisations increasingly expect AI to create new jobs and reshape workforces. Nearly two-thirds (65%) of UK organisations expect their overall headcount to increase over the next three years — above the global average of 58%, and compared with just 14% who expect it to decrease. Among the most mature AI adopters globally, that figure rises to 79%.
Among roles being added fastest:
- AI agent operators (48% of UK organisations are already hiring for these)
- Workflow automation specialists (32%)
- Security, risk and compliance professionals (31%)
- Change management and AI enablement roles (31%)
- AI ethics and governance specialists (26%) — which barely existed two years ago
The survey data suggests this pattern is already playing out: As AI takes on more routine tasks, organisations are adding headcount in new categories rather than reducing it overall. The workforce being built around the agentic enterprise will be larger, differently shaped, and concentrated around capabilities that did not exist on most org charts just a few years ago.
Building for the agentic enterprise
Organisations seeing the strongest returns are operationalising AI differently. They integrate it into multi-step workflows, connecting systems to enterprise knowledge, formalising governance, and deploying agents for new categories of work rather than standalone productivity gains. The content layer is the missing piece that moves AI from pilot to production. Without it, agents remain impressive in controlled conditions and unreliable in the workflows that matter.
A secure, governed content layer is key for ROI
Box AI connects agents to enterprise content within existing permissions frameworks — so outputs are accurate, trustworthy, and grounded in the business context that matters.
Box Hubs structures that content into AI-ready knowledge bases agents can navigate with precision. Box Extract turns unstructured documents into structured, actionable data at scale. Box Automate orchestrates the multi-step workflows that turn individual AI outputs into end-to-end process automation. Together, they form a governed content layer that moves AI from pilot to production — and keeps it there.
The agentic enterprise is here. It’s time to ensure your governance is built to make it trustworthy.
Read the State of AI in the Enterprise report



