French market research report · 2026

The Hidden Costs of Siloed SaaS

A board-level analysis of how fragmented software stacks now create financial leakage, labour drag, security exposure, and AI-governance risk for French companies.

Executive summary

SaaS fragmentation has become a profit, control, and execution problem.

Across France in 2026, the cost of fragmented SaaS stacks is no longer mainly a software-budget problem. France is digitising under unusually demanding conditions: cloud-sovereignty pressure, active CNIL and ANSSI scrutiny, sector obligations such as DORA and HDS, NIS2 preparation, and the new governance layer created by the EU AI Act. Official EU data shows France’s paid-cloud adoption rose sharply through 2025, while still sitting below the EU average, which makes the market both active and unevenly standardised. 1

The visible P&L line is licence spend. The larger cost often sits in labour, delay, audit work, and integration debt. A prudent board assumption is that 10% to 25% of annual SaaS spend is recoverable through licence right-sizing, duplicate elimination, better renewal discipline, and category standardisation. Separately, 20 reclaimable minutes per employee per day is enough to create about €2,800 of annual friction per employee when valued near recent euro-area hourly labour costs.

Definition

In 2026, siloed SaaS means disconnected authority.

“Siloed SaaS” no longer means simply having many apps. It means multiple disconnected systems of record, overlapping functional tools, fragmented identity and access, duplicated data flows, and inconsistent governance. Finance sees renewals too late. Sales and marketing argue over pipeline truth. HR onboarding triggers manual provisioning. Support agents switch screens to answer one customer question. IT carries a backlog of brittle integrations.

The French context amplifies this. CNIL’s 2025 enforcement record, ANSSI’s 15% increase in treated cyber events during 2024, Bpifrance’s major AI-adoption push, and HDS/SecNumCloud-style sovereignty expectations all point in the same direction: modernise quickly, but do it on a governed foundation. 2 3 4

Hidden cost stack

Five cost layers compound across different budgets.

Cost layer	What creates it	Board-level implication
Direct financial waste	Duplicate tools, unused licences, overlapping suites, weak renewal control	Budget leakage without a single owner
Productivity friction	App switching, manual transfer, fragmented collaboration, unclear tool ownership	Labour drag can exceed licence waste
Decision drag	Inconsistent customer, people, and operating data across systems	Weaker forecasting and slower execution
Integration debt	Custom connectors, brittle automations, API sprawl, acquisition complexity	Permanent IT tax on transformation
Compliance exposure	Shadow IT, ungoverned AI, unclear transfers, access drift	Higher incident and remediation probability

Evidence base

The labour cost is often larger than the licence waste.

Conservative spend recovery10-25%

A practical planning range for every €1 million of SaaS spend, based on unused licences, overlap, renewal leakage, and decentralised buying signals from SaaS-management benchmarks. Vendor data should be treated as directional, not as an official French average. 14 15

Digital friction model€2,100-€4,200

Annual cost per employee if 15 to 30 minutes per day is reclaimable. A 2026 work-management study reported 57 minutes lost switching collaboration tools and another 30 minutes deciding which tool to use, so the model intentionally stays below the upper-bound signal. 12

Integration ceilingOnly 27%

MuleSoft’s 2026 benchmark reported 957 applications on average, with only 27% connected and IT teams spending 36% of their time designing, building, and testing integrations. That is the architecture tax AI agents inherit when they are added to a messy stack. 11

15 minutes/day~€2,100per employee/year

20 minutes/day~€2,800per employee/year

30 minutes/day~€4,200per employee/year

Security, sovereignty, compliance

France has less tolerance for unclear data lineage.

CNIL pressure is measurable

CNIL issued 259 decisions in 2025, including 83 sanctions and €486.8 million in cumulative fines. Cookies, employee monitoring, and data security were the main sanction themes, all of which intersect with fragmented collaboration, HR, adtech, support, and AI tooling. 2

AI governance is already live

Article 4 of the AI Act has applied since 2 February 2025, requiring relevant providers and deployers to ensure AI literacy. The May 2026 provisional deal would delay some high-risk AI timelines, but it does not remove the need to govern tools, data classes, staff training, and accountability. 5 6

Regulated sectors carry a heavier stack

DORA has applied since 17 January 2025 to financial entities. CNIL’s final Transfer Impact Assessment guide sharpened cross-border transfer work in July 2025. France’s HDS regime continues to matter for outsourced health-data hosting, while NIS2 preparation remains active. 7 8 9 10

Operating impact

One stack problem becomes six management problems.

Function	Typical silo cost in 2026
Finance	Duplicate subscriptions, off-cycle renewals, underused seats, weak accrual visibility, poor vendor leverage
HR	Manual joiner, mover, and leaver flows; inconsistent people data; employee-monitoring sensitivity
Sales	CRM fragmentation, duplicate records, shadow AI, slower forecasting and deal inspection
Marketing	Overlap across automation, analytics, segmentation, content, adtech consent, and transfer risk
Support and success	Multiple customer views, slower resolution, weak account-health visibility
IT, security, operations	API sprawl, brittle workflows, access drift, incident-response complexity

Sector lens

The same fragmentation creates different risk profiles by sector.

Financial services

DORA turns fragmented ICT providers into a resilience and third-party oversight burden.

Healthcare

HDS and health-data sensitivity make poorly mapped SaaS structurally risky, not merely inefficient.

Retail

Loyalty, adtech, and analytics silos raise attribution error and consent-transfer exposure.

Manufacturing and logistics

ERP, MES, TMS, procurement, and AI integration gaps slow operational automation.

Professional services and software

Shadow AI and knowledge fragmentation create client-data and quality-control risk.

Public and quasi-public actors

Sovereignty pressure favours fewer, better-governed platforms over an open SaaS long tail.

Why 2026 is worse

AI is acting as a fragmentation multiplier, not a unifier.

The 2026 dynamic is simple: companies are buying AI on top of fragmentation they never fixed. Integration benchmarks now show application estates that are broad, weakly connected, and increasingly agent-facing. A global KPMG and University of Melbourne study also found that AI adoption is rising faster than organisational trust, training, and policy maturity. In France, where AI literacy, personal-data rules, employee-monitoring boundaries, and sector obligations are enforceable, shadow AI is the new shadow IT. 11 13

Tool recommendation

Start consolidation where customer work touches live data.

Suggested platform

YourGPT AI

YourGPT AI is a strong tool to evaluate when the goal is to reduce fragmented customer-support and knowledge workflows. It can help teams centralise answer delivery, connect approved knowledge sources, and keep customer-facing AI closer to governed systems instead of scattered point experiments.

Useful for replacing disconnected support widgets, knowledge bots, and manual response workflows.
Best evaluated against governance needs: data access, escalation paths, auditability, and human review.
Most valuable when paired with a clear system-of-record strategy for customer, support, and knowledge data.

Review YourGPT AI

Executive action plan

Control first, then consolidate with intent.

CFO, CIO, CISO

Inventory

Discover SaaS, AI tools, renewals, SSO links, card-paid apps, and data flows

One source of truth for spend and risk

CFO, CIO, COO

Stop category sprawl

Pause net-new purchases in crowded categories

Slow the portfolio before rationalising it

CIO, COO, functional leaders

Define systems of record

Nominate authoritative finance, HR, customer, support, and collaboration platforms

Reduce reconciliation and reporting disputes

CIO, CISO, HR

Standardise identity

Tie provisioning and deprovisioning to HR events and approved roles

Lower access drift and support load

CFO, procurement, CIO

Rationalise renewals

Review the largest twenty vendors for use, overlap, and leverage

Recover visible cash waste first

CEO, DPO, CIO, HR

Govern AI

Train staff, approve tools, classify permitted data, and define disclosure rules

Reduce shadow AI and output risk

CIO, COO

Integrate high-value flows

Prioritise revenue, onboarding, support, and compliance workflows

Convert architecture cleanup into measurable ROI

CISO, DPO, business heads

Map sector controls

Apply DORA, HDS, NIS2 preparation, TIA, and sovereignty rules where relevant

Avoid late-stage compliance surprises

2026-2028 outlook

The winners will not be the companies with the fewest tools.

Fragmentation will probably worsen before it improves because AI, vertical SaaS, and business-led purchasing are still expanding. At the same time, French and EU regulation is making unclear data lineage, unclear third-party risk, and unclear AI ownership progressively less acceptable. The winners in France will be the companies that can experiment quickly while knowing which system is authoritative, which vendor is approved, which data may flow where, and which AI is acting on whose behalf.

Public, France-specific statistics on duplicate subscriptions, unused licences, and total SaaS app counts remain limited. The most granular SaaS waste figures in this report come from vendor-sponsored benchmarks, so they are used as directional evidence. The strongest France-specific evidence base is regulatory, cyber, cloud-sovereignty, and institutional adoption data.

Sources