March 18, 2026
AIMittelstandTalkAI in the Mittelstand — talk at IHK Erfurt
Notes from a talk at IHK Erfurt on GDPR-compliant AI rollout for Mittelstand companies. Honest stocktaking, no hype.
In March 2026 I gave a talk at IHK Erfurt to about 60 Mittelstand managing directors on AI rollout in their businesses. The room mood was a mix of curiosity and skepticism — most attendees had tried ChatGPT, very few had a defensible architecture.
This post summarizes the key points of the talk for those who couldn't attend.
Three honest observations
First: shadow IT is already running. In every audience I ask, more than half the room admits employees use ChatGPT in production. Most of them with personal data. None of them with a clean DPA.
Second: most rollouts fail not on technology but on governance. The DPO blocks, the works council hesitates, the legal team raises §203, and the project gets shelved. Not because the technology is bad — because the architecture wasn't designed to answer those questions.
Third: ROI is usually there, but rarely measured. Companies that don't define KPIs up front cancel AI projects at the next budget cut, even when staff are saving 5–10 hours per week.
What we recommended
A 90-day rollout pattern that has worked for our customers:
- Week 1–2: workshop with management and DPO, prioritize 2–3 use cases.
- Week 3–6: architecture (Azure OpenAI in EU, pseudonymization, staff guideline).
- Week 7–10: pilot on the highest-leverage use case with measurable KPIs.
- Week 11–12: roll out to the wider workforce with training.
Total budget structure for a 50-person company: one-off consulting plus per-user-per-month licenses (token-based on Azure OpenAI or seat-based on consolidated solutions). Compared to 5–10 hours saved per knowledge worker per week, the math usually works out within the first quarter.
What didn't make it onto the slides
Two things I always say in person but didn't put on slides:
You don't need to build everything custom. For most Mittelstand cases, Microsoft 365 Copilot or a thin wrapper around Azure OpenAI is enough. Don't build a custom RAG system if a seat-based off-the-shelf option does the job.
Don't underestimate the works council. They're not blockers — they're stakeholders. Bring a draft works agreement to the first conversation, not a finished system to a confrontation.
Slides and recording
The slides are available on request. The recording is currently being edited and will be on the IHK Erfurt YouTube channel in May.
Weiterlesen
02. April 2026
Azure OpenAI or OpenAI directly? — What's different for German businesses
GPT models are available from OpenAI and through Microsoft Azure. For German businesses this isn't a matter of taste — it's a contract and compliance decision.
12. Februar 2026
AI in the security industry — what works, what doesn't
Field notes on AI use cases in security firms, gathered from running our own product LiteLog with KRITIS customers.