Edited by Martin Arborea
Those in the ICT supply chain are always attentive to technological trends and analyst data to be able to approach the market with the right awareness. Expectations for the Italian market remain positive even looking to 2026: the Assintel Report 2025 estimates growth in the ICT business market of +4.5% for 2025 (after +4% in 2024), up to 44.3 billion euros, and indicates a further trend above +4% for 2026. ( Assintel Report 2025 ). Even more interesting is the " sentiment " of demand: in fact, approximately three out of ten companies declare their intention to increase their ICT budget in 2026 (an improvement compared to previous surveys). ( Confcommercio )
But the real challenge lies in the quality of investments, their operational implementation, and, above all, companies' ability to transform innovation into reliable, measurable, and governed processes. And one issue remains: many organizations continue to finance siloed initiatives without a centralized vision, risking both increased integration and governance debt .
Fortunately, there are two signals that, according to analysts, converge and indicate that in 2026 there could be a significant improvement in the quality of investments :
- Spending priorities are increasingly focused on a few macro-areas: AI, cybersecurity, data/BI, and process automation. This orientation is consistent with the general interpretation circulating based on the results of the Digital Innovation Observatories of the Milan Polytechnic (on which many industry commentators have reported budget trends and areas of focus: Automation Plus ).
- Technological convergence towards “unified” platforms . Gartner, for example, defines BOAT (Business Orchestration and Automation Technologies) as consolidated platforms for enterprise automation, combining process orchestration, connectivity, low-code development, and agentic automation. In 2025, it published a Magic Quadrant dedicated to BOAT , formally marking the category's emergence as a recognized market.
The implicit message is clear as well as rather challenging: the winner is whoever builds an end-to-end execution chain , where people, rules, data, integrations and AI work in an orchestrated way.
The 6 “non-negotiable” priorities
The analysis allows us to identify the priorities that companies, especially the most enlightened ones, are following in orienting their ICT spending. We've divided them into six categories, and the interesting thing is that not all of them involve investments in technology alone, and they can serve as a useful guide for orienting SMEs as well.
1) From “AI pilot” to AI governed in processes
In 2024–2025, many companies will have " experimented " with AI, working on models and assistants. In 2026, the priority will be to bring AI into processes with control rules, auditability, prompt/data management, and KPIs. Since AI needs to become productive within the organization, simply " adding a co-pilot " isn't enough: workflows, tracking, roles, and responsibilities are needed. Governed processes that can integrate systems, people, and AI agents require investing in platforms and architectures that make AI functional and operational.
2) Cybersecurity as a project requirement, not a final “check”
The growth of digital spending is expanding the attack surface , and it's now mandatory to address security-by-design in every initiative. This is why it's important to choose a provider with cybersecurity integrated into the lifecycle (DevSecOps and governance), prioritizing identity and access, data protection, and resilience. Choosing a technology that has passed the ACN (National Cybersecurity Agency) is a valuable asset even for those who don't operate in the public sector.
3) Beyond the data lake : data quality and value
The growing appetite for AI (and analytics) highlights one fact: without reliable data, AI scales poorly, exposing organizations to new risks. It's not about "accumulating" data, but rather producing and governing it wherever it's generated in a significant way, with clear ownership, measurable quality, cataloging, traceability, and usage rules. Ultimately, implementations need to improve the quality and accessibility of data where it generates operational value (sales, purchasing, support, operations).
4) End-to-end orchestration and automation: the BOAT logic
Organizations are increasingly realizing the need to unite workflow, integration, rules, automation, and AI agents in a single design. This is likely why Gartner wanted to send a clear message of priority by introducing a new acronym and a new quadrant: Business Orchestration Automation Technologies (BOAT).
These are consolidated platforms that combine process orchestration, enterprise connectivity, and low-code development, including agentic components.
The fact that Gartner introduced and formalized the category with a BOAT Magic Quadrant for 2025 is a sign of market maturation: enterprise automation is consolidating around a few architectural pillars, not a collection of tools.
Clearly recommending platforms that can manage complex processes, integrations, roles, and compliance; not just task automation.
5) Skills and change management: “adoption” as a deliverable
Making adoption a project deliverable is essentially the golden egg. Only by including digitalization as an organizational capability in the project budget can it truly be successful. And this means targeted training, product ownership of processes, streamlined governance, and adoption metrics. For many SMEs, the obstacle isn't technology, but a lack of time and method to change the way they work. Without adopting an operating model capable of ensuring continuous improvement even after the go-live , the risk of compromising the return on investment is real.
6) ROI and measurement: from the “project” to the portfolio
Allocating ICT spending to use cases with measurable impact is now essential. In this sense, the Assintel Report's highlights of a growing market and a more confident outlook for budget increases in 2026 also reflects the growing focus on " producing returns " on invested capital. It is therefore essential to adopt structured portfolio governance , clearly defining priorities, expected benefits, and measurement metrics, and investing in platforms capable of reducing time to value . Only in this way is it possible to estimate ROI during the planning phase and subsequently verify the effectiveness of the decisions made. The result is the triggering of a virtuous cycle of continuous improvement, fueled by initiatives with measurable and sustainable value over time.
Jamio Openwork's Point of View
Faced with this scenario, the right question to ask is not "which technology should I choose?", but: how much does it cost me to change a process and how much time will it take me to bring value to production , without sacrificing compliance and control. The choice of platform becomes a natural consequence of this answer. The goal, in fact, is to adopt a solution that continues to function even as the use cases and the departments involved grow: the same operational logic, the same controls, the same traceability , regardless of complexity. This is what distinguishes a digital project from a truly scalable .
BOAT quadrant is useful not so much as a " ranking " as a strategic indicator : the market is moving toward platforms capable of unifying orchestration, integration, rapid development, and intelligent automation. Jamio openwork , continuing to invest in making process automation increasingly scalable, manageable, and practical, in line with market expectations . In upcoming issues, we will highlight this through real-world examples and successful adoption cases, describing measurable results and transformation paths actually implemented in production.
Editorial by:
Martin Arborea
co-Founder and Marketing & Sales Director Openwork
Beyond Software: Rethinking GRC as an Organization's Operating System
In recent years, the term GRC (Governance, Risk & Compliance) has become firmly established in organizational vocabulary, so much so that the acronym, in its English pronunciation, is increasingly recognizable in conversations between managers. Indeed, attention to operational risks and their resulting consequences is an even more important driver than the sole need to comply with an increasingly complex regulatory environment. For many organizations, the need for transparency is also a further reason to focus on the topic.
Having studied the functioning of processes in organizations for several years, however, we have observed that GRC is often considered an "external device" to the organization: a necessary evil, useful for audits, but distant from day-to-day operations.
And the problem, as always, is not GRC itself but how it has been interpreted and implemented . That is, with an approach that is solid in its models but weak in its operations.
What does this mean? An example makes it clear. Traditional GRC software was created with a specific purpose: control . Therefore, all GRC software provides risk registers, policy repositories, and reporting tools for audits. These are correct and necessary tools, but they leave open a crucial question: where does GRC actually happen, in day-to-day work? That is, what impacts GRC happens in operational processes , in decisions shared among multiple stakeholders in the organization, in exceptions often handled via email, in all those repetitive tasks entrusted to Excel spreadsheets. And, of course, in a multitude of handovers that are impossible to track. Ultimately, in a whole series of events and activities that, by their very nature, are far removed from dedicated GRC software systems, which, naturally, by their design, cannot reach these contexts.
Let's change the paradigm
The solution to this disconnect can only be achieved through a radical paradigm shift. We need to stop thinking of GRC as a separate system and start seeing it for what it should be: an operating system that governs the way the organization works.
This means embedding Governance , Risk , and Compliance directly into daily processes and workflows. This is where an approach like the one enabled by Jamio openwork radically changes the landscape, transforming GRC from a control function to an operational infrastructure.
From Theory to Practice
To understand how this approach works in practice, let's analyze the three pillars of GRC.
Governance: From Policies to Executable Processes
Governance is often relegated to static documents like policies and procedures. With a process-driven approach, rules become operational mechanisms . On Jamio, policies are transformed into executable processes that ensure their concrete application in daily work.
An example of a workflow that can be easily implemented with Jamio: policy drafting and updating, multi-level approval, automatic publishing, policy application in related operational processes, and version tracking.
Risk Management: From Risk Register to Action
A risk register is useful, but it remains an abstract tool if disconnected from operations. An approach that integrates GRC into processes, however, links risks to the critical points where they arise. This allows for automatic activation of controls, escalations, and corrective actions, transforming risk management into a continuous response capability across the entire organization.
An example of a workflow that can be easily implemented with Jamio is Non-Conformity Management: reporting (manual or automatic), risk classification, activation of corrective action with assignment of responsibilities, verification of effectiveness and closure can easily become process steps that can be executed within the organization.
Compliance: From the Checklist to “Compliance by Design”
For complex regulations like GDPR, Model 231, or ISO standards, compliance doesn't have to be a periodic, post-hoc review. It can be designed into processes . With Jamio openwork, regulatory obligations translate into operational activities that automate evidence generation and monitoring. A Jamio workflow makes it easy to translate obligations into operational activities, with automatic deadline planning, guided execution, automatic evidence generation, and a constantly available audit trail. The result is compliance by design: invisible for those who work, robust for those who monitor .
In conclusion, the topic of internal controls is undergoing a real shift from Ex Post Control to Continuous Control . Indeed, the main limitation of traditional controls is their ex post approach, which intervenes once the error has already occurred. A process-based model, on the other hand, enables preventive and contextual controls, built-in segregation of duties, and automatic audit trails. Control ceases to be an additional activity and becomes an integral part of the process .
How GRC Software Works
Now that we have clarified what the proposed approach consists of, we can understand the three structural limitations that the operating mode of classic GRC software presents:
- Separation from operations: information effectively lives in a separate system, consulted only when necessary.
- Designed for auditors, not users: Solutions are optimized for reporting, not to support everyday users.
- Rigidity and slowness in change: they are difficult and expensive to adapt to new regulations or organizational changes.
Jamio openwork allows you to overcome limitations because it does not add another “GRC module”, but offers a no-code, process-oriented and adaptive platform by nature with the aim of implementing an infrastructure that works together with people .
Conclusion: Towards an Enabling GRC
Modern organizations can no longer ignore the need to be compliant, resilient, transparent, and fast, but in doing so, GRC can no longer be a brake, but must become an enabler. The truly desirable paradigm shift is precisely this: moving from a controlling GRC to an enabling GRC.
With Jamio Openwork, this step is not theoretical, but practical, preventing evidence collected ex-post from forcing double work for those who operate and those who monitor.
We would arrive at one of the most significant developments for organizational governance in the coming years: transforming compliance from a bureaucratic burden to added value.
Jamio Academy byself: a new course on automation and document creation
The Jamio Academy is a space designed to enrich the skills of users and designers who use Jamio openwork no-code approach process-oriented vision to support business growth.
Within this training ecosystem, the Jamio Academy byself is enriched with a new course dedicated to automation in Jamio , with a focus on one of the most relevant areas in operational contexts: self-composition of documents .
A practical exercise on automations
The course is structured as a guided practical exercise and shows, step by step, how to create a complete Document Automation for the automatic generation of a commercial offer .
The goal is to learn how to correctly integrate the tools within a process flow , transforming the collected data into a structured, coherent document ready for use by users.
What is shown, step by step
In detail, the exercise explains how to:
- use the Jamio Document Automation plugin and its method;
- prepare the document template in Microsoft Word , correctly managing the different types of fields;
- insert the functionality into the workflow , allowing users to prepare, view and download the preview of the generated document .
The result is a functionality that is perfectly integrated into the process and truly usable in a business context.
Autocomposition in Jamio: From Process to Document
Jamio's wizard allows you to generate dynamic documents from process data, maintaining alignment between information, operating rules, and final outputs. This approach reduces manual work, improves document quality, and ensures consistency with the actual state of the process.
A piece of the Jamio Academy training program
The new course is part of the Jamio Academy , which includes:
- courses on Udemy ;
- follow-up sessions;
- on-the-job training on real projects.
A training model designed to guide users and designers from understanding the platform to its concrete application, enhancing the no-code and process-oriented of Jamio openwork.
