Strike Graph 2025 State of AI in Compliance Report

How compliance teams are adapting to complexity and where AI fits into the future.

Download a PDF Copy
report-img

Executive summary

In the first half of 2025, Strike Graph conducted a survey to better understand how organizations are navigating the rising complexity of regulatory frameworks and how AI and automation are impacting the future of the evolving compliance landscape. This report explores the findings from Strike Graph’s 2025 State of AI in Compliance survey through data, insights, and visuals designed for easy reference and citation. 

Data featured in this report was collected through an online survey of company leaders and compliance officers across several industries. The top sectors for respondents included computer software (36%), financial services (13.8%), and data management (10.1%). Respondents also came from the healthcare, FinTech (financial technology), insurance, manufacturing, banking, and accounting sectors.

The full Strike Graph 2025 State of AI in Compliance Report, complete with detailed demographics and key term definitions, is available for download.

The main findings from Strike Graph’s 2025 State of AI in Compliance survey include:

  • Confidence is low about keeping up with increasing complexity. Half of respondents (50.3%) report that compliance frameworks are becoming increasingly complex, but the majority don’t feel prepared to keep pace. In fact, only 4.4% of respondents reported extremely high confidence (10 out of 10) in the ability of their current compliance processes to keep pace as their organization scales.
  • AI and automation are essential to the future. 87.2% of respondents are moderately-to-extremely concerned about the continuing evolution of compliance frameworks and the impact on internal resources those changes will require. This is why 72.5% of respondents report that they will introduce new AI features into their compliance processes in the next 12+ months.
  • AI adoption is not uniform across companies. Despite recognized concerns and challenges, and though many organizations report interest in introducing AI features into their compliance practices, only 10.6% of respondents have actively adopted agentic AI systems—systems that adapt to their environment and act autonomously—into their compliance processes.
  • AI-powered GRC platforms are on the horizon. Though 58.9% of respondents are not currently using a GRC (governance, risk, and compliance) platform, 39.5% are considering one for the future. Worth noting is that 79% of respondents cited that a platform’s AI automation is a moderately-to-extremely significant consideration in selecting a GRC platform, alluding to the fact that the prevalence of AI compliance tools will continue to grow.
Inside this report: From compliance issues to AI solutions

Introduction: The state of compliance and its future

Regulatory requirements are multiplying and are more complex than ever before. Data from Strike Graph’s 2025 State of AI in Compliance survey showed that 42.6% of respondents simultaneously manage four or more compliance frameworks, with SOC 2, GDPR, HIPAA, and ISO 27001 being table stakes. Additionally, 54% indicate the number of frameworks they manage is likely to increase further.

A large proportion of respondants manage 4 or more frameworks simultaneously

ai-chart-1

 

Companies are juggling more compliance frameworks than ever

framework

In addition to the number of frameworks companies must contend with, 50.3% of respondents report that these frameworks are becoming increasingly complex, leading to constant pressure for compliance teams. 55.6% report that this increasing complexity is one of their biggest concerns regarding compliance frameworks.

Compliance frameworks are expanding in both size and difficulty

2-mobile

Multiple layers of regulation and uncertainty surrounding government policies have introduced additional challenges at a rate that surpasses what organizations have previously encountered. These heightened demands in a shifting landscape contribute to high levels of concern across respondents.

As a result, some organizations surveyed reported that they are leveraging, or beginning to leverage, AI and automation to mitigate the impact that compliance has on internal resources. Although 21.3% of respondents report that their business does not currently use AI or automation in any part of their compliance processes, this figure is likely to change; 72.5% of respondents plan to incorporate new AI features into their compliance processes in the next 12+ months.

 

Majority of respondents will incorporate AI features into their compliance processes in the near future

3-mobile

The pressure is high, and our survey data signals that compliance teams are at a turning point. New AI-powered technologies could save companies time and money throughout the compliance lifecycle without sacrificing accuracy or data security. However, only a minority of companies have embraced these tools for their compliance needs. Why is this?

In this report, you’ll learn more about the “crunch” that compliance teams find themselves in, explore considerations around the adoption of AI in compliance, weigh the perceived risks associated with such tools, and consider a future where capable and secure agentic AI tools allow compliance teams to do more than just stay afloat. 

The compliance crunch: Costs, complexity, and cybersecurity concerns   

Overall, respondents acknowledge the shifting landscape of compliance and the challenges of keeping pace. 87.2% of respondents are moderately, very, or extremely concerned about the continuing evolution of compliance frameworks and their potential impact on business.

The three biggest areas of concern in meeting compliance requirements were cybersecurity, costs, and increasing complexity, all of which focus primarily on risk.

Areas of concern

  • Cybersecurity - Compliance requirements necessitate the collection and transmission of data. Solutions that are not built for AI, meaning they’re retro-fitted or rely on third-party bots, add unnecessary data and cybersecurity risks. Solutions that are built for AI and are self-hosted, like Strike Graph’s Verify AI, actually mitigate such risks.
  • Costs - Compliance costs time, money, and effort in the form of repetitive tasks, large internal audit teams, and additional administrative burden—resources that would be better dedicated to strategic security operations and revenue-generating tasks.
  • Increasing complexity - Companies with multiple locations or teams must contend with compliance requirements on all levels. This includes navigating requirements across geographies, locations, and different products. Furthermore, these requirements can shift at any time due to unpredictable government policy and regulatory changes. 

Risk factors — security, cost, and complexity — lead compliance worries

4-mobile

Staying on top of policy change is possible

Under the umbrella of increasing complexity, government policy and regulatory changes are a significant source of concern for respondents. Over half cited layers of regulation (at state, federal, and international levels) as a burden in meeting and maintaining compliance requirements.

68.4% of respondents also reported that predictability in government policy and the alignment of policy and framework requirements were very-to-extremely important to them. Knowing what to expect in the future and being ready for those changes would alleviate stress and reduce the burden on compliance teams to be aware of every single shift in policy.

 

The importance of predictable and aligned compliance requirements 

5

Solutions to mitigate the challenges of this regulatory unpredictability are already out there. Tools like Strike Graph’s Verify AI and AI Security Assistant enable organizations to remain up-to-date as compliance requirements evolve, providing real-time feedback as they verify evidence items at the time of collection. This enables organizations to take a proactive approach to compliance, allowing them to stay on top of their compliance needs even as policy and regulation changes happen. 

Scaling up: Can today’s compliance processes keep pace?

Mounting pressure on compliance teams has shaken their confidence. The number and complexity of required frameworks, cybersecurity concerns, high operational costs, and uncertainty due to policy changes all contribute to the low levels of confidence reported by survey respondents. With these factors to contend with, they question whether current processes and GRC platforms can keep pace with their companies’ continued growth.

  • 42.3% of respondents find themselves only somewhat-to-moderately confident that their current processes can keep pace, reporting confidence levels of 4, 5, or 6 out of 10.
  • A mere 4.4% rank their confidence at 10 out of 10.
  • 34.3% indicated that scaling is one of their biggest concerns regarding compliance frameworks. 

Security leaders lack confidence in their compliance readiness 

6

If confidence is shaky at best, let’s consider what solutions are currently being put in place and what the future looks like.

AI adoption in compliance: Where are we now?

Bringing AI into an organization’s compliance processes requires a deeper understanding of where the gaps are between manual and automated processes. To identify these gaps, we asked survey respondents about their current AI adoption and their future plans. 

We found that AI-native compliance management platforms are the gold standard, with a majority of respondents reporting plans to adopt AI into their compliance projects in the near future.

Current use

While most surveyed businesses already use AI in some aspect of their compliance processes, adoption remains uneven across organizations and sectors. 42.1% of respondents stated that although they don't use AI yet, some aspects of their compliance processes, like repetitive tasks, are automated. Overall, 67.6% of respondents reported that their company uses AI automation in some capacity of compliance management, whether to write policy documents or support their internal audit process. 

An important distinction between automation and AI

Automation and AI are not synonymous. Automation involves a set of predefined rules and actions to execute certain tasks repeatedly. AI, on the other hand, replicates and even enhances human cognitive abilities to learn, analyze, and make decisions.

AI and automation are not the same, but they can work together.

67.6% of respondents reported that their company uses AI in some capacity of compliance management, whether to write policy documents or support their internal audit process.

Despite the benefits of leveraging AI or automation in their compliance processes, there are still a number of organizations that haven’t implemented solutions to take advantage of this technology. As previously mentioned, 21.3% of respondents indicated that their company does not currently use any AI or automation, and only 10.6% reported the use of advanced, agentic AI throughout their compliance processes.

 

Compliance teams are embracing AI, but adoption isn’t complete

7-mobile

The future

Our survey results indicate that AI technology is becoming a growing priority for many companies seeking compliance management solutions. A substantial 72.5% reported plans to incorporate AI into their compliance processes in the future. Of those with plans to incorporate AI into their compliance processes, 49% aim to do so in the next 12 months.  

Adopting a GRC compliance management platform is another factor on respondents’ minds. While 58.9% of respondents are not currently using a GRC platform, 39.5% of them are considering one for the future. Their hesitation to invest stems from the desire to see demonstrated success and proven reliability in the technology.

 

Majority of respondents do not currently use a GRC compliance management platform
8
GRC compliance management platforms could be on the horizon
9

AI and GRC

GRC software applications have existed since the mid-2000s, but AI-powered GRC platforms are at the cutting edge thanks to their future-proof status. In fact, our findings indicate that AI is emerging as an important consideration in the selection of future GRC platforms because of its ability to scale quickly and efficiently and keep up with shifting regulations, without sacrificing accuracy.

Only a minority of companies surveyed (41.1%) are currently using a GRC platform. This is likely to change, as 72.5% of respondents report they will introduce new AI features into their compliance practices in the next 12+ months, and 79% report that a GRC compliance management platform’s AI automation is a moderately-to-extremely significant consideration in selecting a GRC platform. This points to the potential for significant adoption of AI-powered GRC platforms in the coming years. 

What compliance leaders need from and worry about AI-powered GRC platforms

Compliance leaders have a variety of needs from their GRC platform. Improved audit readiness emerged as the top priority (35.1%), followed by saving time (28.7%), reducing errors (12.9%), and scalability (10.4%). 

Increased audit readiness emerges as the top priority for respondents in selecting a GRC platform

10-mobile

AI-powered compliance management systems are uniquely positioned to address these needs. For example, Strike Graph’s AI-native platform goes beyond basic automation by validating evidence, testing controls, searching for gaps in systems, and offering non-prescriptive recommendations tailored to a company’s compliance posture. Such capabilities help organizations remain audit-ready, manage and scale multiple frameworks, and adapt when compliance requirements evolve.

Given the range of needs compliance leaders must satisfy, it’s not surprising that AI is a key consideration for the previously mentioned 79% of respondents in selecting a GRC platform. This indicates a broad shift toward leveraging AI technology as a solution to compliance demands.

AI automation is an important factor when considering a GRC compliance management platform

11
“79% report that a platform’s AI automation is a moderately-to-extremely significant consideration in selecting a GRC platform.”

As is often the case with new technologies, integrating AI into compliance processes presents concerns and uncertainties, including data and cybersecurity risks, potential errors, and questions about the technology’s abilities. These lingering doubts may help explain the noticeable gap between the number of organizations eager to adopt solutions, like AI-driven GRC platforms, and those that have already taken steps to implement them.

When given the opportunity to select multiple answers, respondents indicated that their largest concerns in using AI for compliance management were potential errors (63%), the technology’s true abilities (50.9%), and data security (50.5%).

Concerns about AI adoption center on errors, ability, and security

12-mobile

These concerns aren’t unfounded, especially considering the frequency of hallucinations and other inaccuracies associated with generative AI technology. Yet a tool with AI technology bolted on to pre-existing frameworks or a source like OpenAI is vastly different from a solution that is built with integrated AI technology.

When AI is an add-on, it presents the risk of false information (especially in the case of generative AI chatbots, like ChatGPT), running unnecessary tests, sharing data with third parties, and putting data at risk. But when AI is an integrated part of the solution, organizations can be proactive in reducing those risks throughout the compliance lifecycle.

In fact, respondents recognize the potential benefits and appear to exhibit a growing trust in smart, AI-powered compliance solutions. Consider this: While half of respondents report security concerns with AI, 82.1% of respondents also indicated feeling their data is somewhat-to-extremely secure when managed by AI-powered compliance tools (ranking their security level at a 5 or higher on a 10-point scale). Only 7 individuals (3.4% of respondents) expressed extremely low confidence in AI’s security (ranking it at a 1).

Clearly, AI technologies evoke caution and concern, as well as curiosity and relative security in respondents’ minds. This finding seems to reflect the present moment at large, where compliance teams and businesses face a choice: embrace new technologies or continue with conventional practices that often fall short of companies’ unique compliance needs.

Respondents feel their data is secure when managed by AI-driven compliance tools

13-mobile

Strike Graph at the forefront

In this shifting landscape full of understandable concerns, organizations require reliable, efficient, and secure compliance solutions. Strike Graph is the only AI-native compliance management platform with patent-pending agentic technology that dynamically adjusts to your business while validating evidence quality in real-time to ensure 100% audit confidence. Strike Graph’s Verify AI and AI Security Assistant attune to an organization’s specific infrastructure and workflows, enabling organizations to remain secure and up-to-date as compliance needs evolve. This frees up time, human labor, and resources so that businesses can focus on strategy, revenue, and growth while AI tools maintain compliance in real-time.  

 

Let’s take a closer look at how Strike Graph can mitigate compliance leaders’ biggest concerns:  

Data and cybersecurity risks (62%) 

Strike Graph reduces risk by following zero-trust principles with secure integrations and never uses third-party tools that can create new risks. Its integrated AI features can write secure connection code while ensuring that all data connections follow strict access controls - with secure authentication and encryption at every step.

Efficiency of compliance processes (56%)

Strike Graph streamlines evidence collection by automation integrations with common systems like GitHub, Google Workspace, and AWS. Verify AI takes the efficiency savings even further by automatically validating any new evidence upon upload and continuously validating evidence when automatically collected. Strike Graph gets companies to compliance faster, reduces manual work, and provides teams with a real-time view of their compliance posture. 

Scalability of compliance frameworks (34%)

As organizations grow, frameworks and requirements evolve. Strike Graph’s AI Security Assistant uses AI to identify gaps, strengthen posture, and recommend controls mapped to new frameworks. This adaptability makes it easier to expand into additional standards without rebuilding compliance programs from scratch.

Conclusion: The future of compliance

Data from Strike Graph’s 2025 State of AI in Compliance survey indicates that compliance is entering a new era. Respondents report high levels of concern about existing frameworks’ capabilities to keep pace with company growth and regulatory changes.

Even with these increasing demands, achieving and maintaining compliance doesn’t have to be burdensome.

Already, organizations across sectors are beginning to utilize AI tools to aid in their compliance processes. Adoption remains uneven, though, as questions about AI persist. Still, the majority of organizations surveyed have plans to introduce new AI features into their compliance practices in the next 12+ months. This signals that organizations are increasingly ready for and actively embracing smart automation and AI-powered compliance solutions.

 

Majority of respondents do not currently use a GRC compliance management platform
8
GRC compliance management platforms could be on the horizon
9

Organizations that evolve alongside the shifting landscape with secure, AI-native solutions like Strike Graph are best positioned for growth and resilience. By addressing security concerns, improving efficiency, and scaling easily, they can stay ahead of ever-changing compliance requirements

Download the full Strike Graph 2025 State of AI in Compliance Report

AI-powered compliance management software empowering teams to scale

Strike Graph’s AI-native compliance management software transforms compliance to reduce manual work, stay continuously audit-ready, and build scalable compliance programs that fit your business. Strike Graph helps organizations achieve and maintain compliance and security certifications faster and with less effort while maintaining the highest security because it was purpose-built for AI.

Request a demo  to see how quickly Strike Graph AI can help empower your compliance team. 

Strike Graph is the trusted compliance solution

G2-image 1
G2-image 2
G2-image 3
G2-image 4
G2-image 5
G2-image 6

Keep up to date with Strike Graph.

The security landscape is ever changing. Sign up for our newsletter to make sure you stay abreast of the latest regulations and requirements.

foot-dark-shade
Strike Graph is an AI-native compliance management platform that accelerates audits, eliminates redundant work, and builds trust through its secure, agentic technology and enterprise-ready data model.

© 2025 Strike Graph, Inc. All Rights Reserved • Privacy PolicyTerms of ServiceEU AI Act

SOC_NonCPAA
Achieved-SG-badge_hipaa