Is ServiceNow a Golden Cage?

By 2030, every major enterprise will need an AI governance layer that sits above its platforms rather than inside them.

At Knowledge 2026 in Las Vegas, ServiceNow made an ambitious case for becoming the AI operating system of the enterprise. It also raised AI governance questions that will be asked with increasing urgency as agentic AI takes hold.

In my recent piece on The End of the Road for the CISO, I argue that the CISO role is converging with a range of other functions into a broader governance and resilience function that most organisations are not yet equipped to run. In the conversations I have with CISOs, CIOs and technology executives across North America, Europe and Asia Pacific, one platform often surfaces at the centre of that governance challenge. That platform is ServiceNow.

ServiceNow positions itself as the solution to AI governance across enterprise workflows, and Knowledge 2026 revealed its strategy. As a governance hawk, I believe the claims made in Las Vegas deserve much closer examination than they are currently receiving.

ServiceNow’s Vision

ServiceNow has transformed from a sophisticated IT ticketing tool into the AI operating system of the modern enterprise, and the results its customers presented at Knowledge 2026 are notable. Honeywell eliminated most of its service desk conversations, the City of Raleigh achieved a 98% ticket deflection rate, and PayPal is running database tasks twice as fast as before.

The platform is built around four pillars: Sense any data, Decide with context, Act across workflows, and Secure at scale. A partnership ecosystem including NVIDIA, Microsoft, Anthropic, Armis and Veza illustrates that this is no longer a vendor with a product. It is a platform actively becoming the operating system of the enterprise, and every technology leader should treat it accordingly.

The Golden Cage

ServiceNow states its position plainly. It is, in its own words, the ‘AI control tower for business reinvention’. ServiceNow Otto puts that vision to work for every person in the organisation, across every workflow, getting work done from start to finish on the platform that already runs the business. The dependency those phrases describe is the product rather than a side effect. It is a walled garden in plain sight.

Sense pulls data in from anywhere, referenced against the Configuration Management Database (CMDB), ServiceNow's master inventory of every server, application, device, user and the relationships between them. Decide runs everything through the Context Engine, a semantic layer that maps every person, role, asset, service and policy in real time, learning continuously from every decision made on the platform. Act executes through ServiceNow’s AI specialists, workflows and playbooks. The data enters from anywhere, but the platform increasingly becomes the place where operational context and learning accumulate.

In an agentic AI world, whoever owns the data controls the playing field, and the degree to which a single vendor now owns the operational, financial, HR, security, legal and procurement intelligence of a major enterprise should concern any executive or board.

At Knowledge 2026, ServiceNow announced Action Fabric, opening its platform to any AI agent built on Claude, Copilot or a customer’s own technology via Model Context Protocol (MCP). This may be presented as evidence of openness. But every agent connected generates operational data that can flow back into the CMDB and analytics, potentially making ServiceNow more informed about the business while also increasing the enterprise’s dependence on the platform.

Execution openness is not architectural openness. APIs are not the same as data sovereignty. The acquisitions of Moveworks, Armis and Veza tell the same story. All three now sit within the ServiceNow platform strategy. The space for more independent security intelligence options has narrowed.

ServiceNow is targeting $30 billion in subscription revenues by 2030 and reaching that number requires deep embedding across every major enterprise function before the architectural implications become visible. Offering a free year of AI Control Tower at $2 million list value, bundled with a promise to go live in under 100 days, is a very sophisticated on-ramp. By month 13, customers do not lose a tool. They risk losing the institutional memory of their entire AI operation.

Who Governs the Governor?

ServiceNow positions AI Control Tower as the enterprise answer to AI chaos. Enterprises are under intense pressure to deploy AI and show results. Accountability lags adoption and enterprises need to consider whether routing everything through ServiceNow’s governed layer addresses this issue or relocates it.

Genuine AI governance requires data that can be seen, moved and audited independently of the platform being governed, and ServiceNow’s architecture makes that difficult in ways that are not immediately obvious. AI Control Tower is part of the ServiceNow platform, not independent of it. It can govern what runs through ServiceNow, but it cannot govern ServiceNow itself.

Consider the FedEx demo shown at Knowledge 2026, where the AI Control Tower dashboard displayed $250 million in productivity gains, 3.6 million hours saved and $103 million in net AI returns at 70% ROI. Those are impressive numbers, and if accurate they represent a genuinely transformational business case. But every metric FedEx uses to understand the value of its AI investment lives inside ServiceNow’s platform, calculated by ServiceNow’s methodology, on ServiceNow’s analytics engine, presented on ServiceNow’s dashboard, by a vendor with a direct commercial interest in those numbers being as large as possible. A small disclaimer advises readers to be sure to check AI-generated content for accuracy.

The ROI methodology draws on reasonably standard measures including ticket deflection rates, hours saved and mean time to resolution. But there is a big difference between a vendor-controlled governance platform and an independent one. This difference becomes more important as agentic AI becomes core infrastructure inside major enterprises.

Databricks with Unity Catalog and Palantir with its Ontology framework offer architectures that are more open, more federated and more readily auditable by external parties. Neither is a perfect solution, and neither yet offers the enterprise breadth that ServiceNow has assembled, but neither positions itself as both the infrastructure and the auditor. That structural conflict is the core of the governance concern, and it is one that no amount of partnership announcements resolves.

The Regulatory Reality

The governance concern described above is not a theoretical problem for future risk committees. It is a live examination risk for enterprises in regulated industries today, and one that is intensifying as regulators in multiple jurisdictions move toward mandatory AI accountability requirements that platform-native governance cannot satisfy on its own.

In the United States, the Office of the Comptroller of the Currency (OCC), Federal Reserve and FDIC updated their interagency model risk management guidance in April 2026 (SR 26-2), replacing the framework that had governed bank model risk practices since 2011. Independent validation and ongoing monitoring remain core expectations, now applied on a more risk-based, proportionate basis. New York's cybersecurity regulation for financial institutions, updated in 2023, goes further, explicitly requiring covered institutions to include AI systems within their cybersecurity programs with documented access controls and audit trails.

The critical word in both frameworks is independent, and the regulatory expectation is unambiguous that banks are responsible for ensuring compliance even when using external AI tools provided by vendors. If ServiceNow’s AI specialists are making or influencing decisions inside a financial institution, the bank still owns the governance obligation, but the evidence trail needed to satisfy an examiner may sit inside ServiceNow’s environment and may depend on ServiceNow’s cooperation, including timely data extraction under the applicable contract terms.

In Europe, the EU AI Act is phasing in obligations through 2026 and 2027, with the majority of rules entering into application on 2 August 2026 and the final tranche following in 2027. DORA imposes ICT risk requirements that explicitly cover AI systems for any financial institution operating in EU markets, and GDPR Article 22 creates specific obligations around automated decision-making for any enterprise with European customers. In Asia Pacific, consider Singapore as an example. Monetary Authority of Singapore (MAS) guidelines, Singapore’s Model AI Governance Framework and PDPA create a parallel layer of obligations that are increasingly addressing platform concentration risk directly.

For enterprises operating globally, AI governance architecture must satisfy the most demanding regulator across their entire footprint. The walled garden does not adjust its walls based on jurisdiction.

Recommendations for ServiceNow

ServiceNow has the market position, the partner ecosystem and the regulatory relationships to shape this conversation rather than react to it as the pressure intensifies. There are four areas where proactive leadership would serve both the market and ServiceNow’s own long-term interests.

The first is full TCO transparency. Enterprises making multi-year commitments to a platform that will become core infrastructure for their AI operations need to understand the complete cost picture, including implementation, developer dependency, upgrade cycles, ongoing administration and the real cost of eventual exit, before they are too deep inside the platform.

The second is a significant extension of data portability, which in some cases may be limited to 45 days. Enterprises should not assume that a short post-termination window will be sufficient to extract years of operational intelligence from a complex deployment.

The third is the serious consideration of separating AI Control Tower commercially from the core platform. A governance product that can only assess what runs through ServiceNow’s own infrastructure is not an independent governance product, and as regulatory scrutiny of platform concentration increases, the structural conflict between being both the infrastructure and the auditor will become increasingly difficult to defend.

The fourth, and most strategically important, is for ServiceNow to actively advocate for independent AI governance as a recognised market category. ServiceNow is uniquely positioned to help define AI governance standards. The vendor that helps create standards is in a much stronger position with regulators, customers and other stakeholders.

Recommendations for Enterprises

The following recommendations focus on the intelligence that organisations are prepared to put inside one vendor’s walls, and the terms on which it resides there.

· Check the exit terms. Some publicly available ServiceNow contract materials describe a 45-day window to request or extract customer data after termination, with data returned in ServiceNow’s own format rather than a guaranteed machine-readable standard. Most enterprises will discover this detail long after the walls have closed around years of operational intelligence.

· Know the TCO. The licence fee is the entry price to the platform, not the total cost of operating inside it.

· Treat the free AI Control Tower year as a trial, not a gift. It is the most sophisticated on-ramp in enterprise software. The year it provides is the year an organisation should be auditing carefully what the platform is learning about its environment, its operations and its AI economics before any long-term commitment is made.

· Map the intelligence before going deeper. Organisations should know exactly how much institutional knowledge already lives inside ServiceNow across current deployments, which decisions depend on the Context Engine, which workflows cannot run without the CMDB, and which governance evidence exists only inside the platform, before adding another integration or AI specialist to the estate.

· Ask the exit question before it becomes urgent. Can the AI governance strategy survive a ServiceNow exit? Can security operations function if the platform is unavailable? Can the board still measure AI investment value without the Control Tower dashboard? These are questions best answered before the operational freedom to act on them has been diminished.

Financial institutions should additionally ask whether the organisation can produce independent model validation evidence that an OCC examiner or other financial services regulator will require without the platform's active cooperation and continued access. The revised interagency model risk management guidance (SR 26-2), issued jointly by the Federal Reserve, OCC and FDIC in April 2026, retains independent validation as a core expectation. A platform that operates a model cannot objectively validate it, and that principle applies regardless of the platform's own governance tooling.

Concentration risk deserves board attention. When workflows, identities, asset intelligence, AI economics and institutional memory all run through a single platform, the walled garden becomes a single point of failure. Concentration risk is not a reason to avoid ServiceNow. It is a reason to understand clearly what the resilience posture looks like if the walls shake.

The Emerging Case for Independent AI Governance

Three forces are converging, and their intersection will reshape enterprise AI governance before 2030 in ways that are not yet reflected in most organisations’ platform strategies.

Regulatory pressure is building across the US, Europe and Asia Pacific toward stronger AI accountability and independent validation of the platforms being governed. The pace differs significantly by jurisdiction, with US federal policy currently moving toward a lighter touch while EU frameworks move toward binding obligations, but the direction of travel across the global regulatory landscape does not differ. Enterprises that build their governance architecture around a single platform’s self-reported controls are making a bet on regulatory stability that the evidence does not support.

Agentic AI proliferation is making the single-platform governance model increasingly difficult to sustain. ServiceNow’s own materials continue to point to a very large agentic future by 2030, with AI agents operating across boundaries that no single vendor’s architecture can fully contain, regardless of MCP integration or partnership ecosystem.

The glaring omission in the enterprise AI market is a genuinely independent AI governance layer that sits above all platforms and can audit ServiceNow, Salesforce, SAP, Databricks and any agentic framework within a single coherent governance model. The company that builds and scales this will become critical infrastructure for the global enterprise AI stack, partly because the market will choose it, but mainly because regulators will eventually require it.

The CISO and the Platform Face the Same Reckoning

In The End of the Road for the CISO, the argument was that the CISO role is being absorbed into a broader governance and resilience function as boards shift their focus from protecting the business to governing autonomous operations they can trust, control and defend to regulators.

ServiceNow is the most important platform sitting at the centre of that shift today. The governance questions it raises are being drowned out by its own capability.

The question every enterprise needs to answer before its next ServiceNow renewal is not whether the platform delivers value, which it typically does. The question is whether its AI governance strategy is built on a foundation it controls, or one it is renting from the platform it is supposed to govern.

By 2030, every major enterprise will need an AI governance layer that sits above its platforms rather than inside them. ServiceNow has built a sophisticated platform-native governance solution. Platform-native and independent are not the same thing. The market has not priced that difference yet. It will.

Andrew Milroy is the founder of Veqtor8, a Singapore-based global technology advisory firm. He has spent the past 25 years advising enterprises on technology strategy across cybersecurity, AI, cloud and data management.

Disclaimer: This article reflects the author’s opinion and analysis based on publicly available information and professional conversations. It is not legal, regulatory, or investment advice.