We were on site in Hamburg to take the pulse of the CIO community at this year’s IT Strategy Days. What we observed was a noticeable shift in tone and priorities. Here is our recap of the debates, tensions and signals that will shape the CIO agenda in 2026.
Sovereignty, Scale and the Return of Operational Reality
The Hamburg IT Strategy Days 2026 made one thing unmistakably clear: the debate around digital sovereignty has entered a new phase. What once sounded like a political ambition or a strategic slogan has become a practical design question for enterprise IT. And with that shift, the tone has changed.
Across panels, keynotes and off-stage conversations, a tension defined the atmosphere. Companies want sovereignty, resilience and control. CIOs, however, are acutely aware of the trade-offs. Flexibility costs money. Multi-provider architectures increase complexity. European alternatives do not always match global hyperscalers in performance or ecosystem depth. Sovereignty, in other words, is not an ideological project. It is an architectural decision with operational consequences.
In Hamburg, sovereignty was increasingly framed as optionality rather than autonomy. Jochen Decker of SBB warned that flexibility always comes at a cost. Helmut Krcmar from TUM reminded the audience that complete autonomy is neither realistic nor necessarily beneficial. The debate quickly moved beyond slogans toward something more concrete: optionality. The ability to stand up from the table, to switch providers if necessary, to understand and manage dependencies consciously. A spontaneous audience poll revealed that only a minority of organizations could switch immediately to a fully European AI or cloud stack. Whether that number felt high or low mattered less than the underlying message. CIOs are not looking for purity. They are looking for realistic models that balance independence with competitiveness.
From AI Hype to Industrialization
If previous years were dominated by generative AI enthusiasm, 2026 felt more grounded. The conversation has moved from fascination to implementation. AI is no longer treated as a showcase topic but as part of a broader operating model transformation.
Several speakers illustrated how organizations are evolving from predictive analytics to GenAI and now toward agentic systems. Yet what resonated most was not technological ambition, but discipline. AI must sit on stable data foundations. It must integrate into core systems. It must generate measurable impact within reasonable timeframes. Platform thinking, enablement programs and structured use-case portfolios replaced experimentation for experimentation’s sake.
The message was pragmatic. Without robust transaction systems, clean data and integration capability, AI remains an isolated layer. The audience clearly rewarded those who acknowledged that modernization of legacy systems and architectural clarity remain prerequisites. “Boring but necessary” work regained legitimacy. In fact, it has become the credibility filter for AI strategies.
At the same time, the gap between political rhetoric and enterprise reality surfaced repeatedly. Calls for “AI Made in Germany” or European stacks were met with a sober assessment. Many organizations rely on U.S.-based models and cloud services for good reasons. What CIOs expect is not symbolic repositioning, but transparent roadmaps, risk awareness and controllable multi-provider strategies.
Resilience and Governance Move to the Core
Resilience and cybersecurity were no longer discussed as reactive disciplines. Regulatory frameworks such as DORA are pushing resilience onto the board agenda, turning it into a structured governance exercise. Global standards, audit readiness and defined accountability models are becoming part of enterprise design rather than afterthoughts.
Yet the most convincing security narratives connected directly to business continuity. Whether in retail, finance or healthcare, the central question was not compliance but operational survival. How quickly can systems be restored? How well are worst-case scenarios rehearsed? How do governance structures translate into real protective capability?
Another forward-looking theme emerged in discussions around the IT engine room itself. The next disruption may not only happen at the customer interface but within IT operations. Automation, agents and “governance as code” suggest a shift from static target architectures toward enforced standards and modular building blocks. Instead of conceptual governance, organizations are embedding rules technically into their platforms. This approach speaks directly to CIOs who are accountable for both speed and control.
Pragmatism Over Ideology
The overarching mood in Hamburg was pragmatic. CIOs want to remain capable of acting quickly, securely and compliantly. Sovereignty is increasingly treated as a risk management strategy, not a national ambition. AI is an organizational challenge as much as a technological one. Resilience is a business issue, not a checkbox.
For policymakers, the discussions exposed a noticeable gap between ambition and execution. Enterprises are willing to support European ecosystems, but only if they are competitive, interoperable and supported by predictable regulation. Competitiveness, from the CIO perspective, is built on scalability, reliability and speed. Not on declarations alone.
The Hamburg IT Strategy Days 2026 therefore marked a transition. The era of abstract digital narratives is giving way to operational realism. The real debate now revolves around architecture, governance, data quality and measurable impact. For CIOs, this shift is not a retreat from ambition. It is the precondition for making ambition work.