TL;DR: Service management is shifting from reactive support to autonomous, outcome-driven workflows as cost pressure, AI adoption, and sovereignty concerns reshape operations, according to Efecte and Gartner. The identity consequence is simple: when machines start initiating work and access changes, governance must move from ticket handling to lifecycle control.
NHIMG editorial — based on content published by Efecte: Der strategische Wandel: 2026 und der Aufstieg des intelligenten Service Managements
By the numbers:
- Gartner forecasts that by 2030 around 75% of European companies will geopatriate, moving virtual workloads to regional or sovereign alternatives.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
- NHIs outnumber human identities by 25x to 50x in modern enterprises.
Questions worth separating out
Q: How should teams govern access when service workflows can create it automatically?
A: Treat workflow-created access as a governed identity, not a convenience artifact.
Q: Why do autonomous service workflows change IAM and IGA requirements?
A: They move identity decisions into the execution path.
Q: What breaks when cloud and SaaS access is orchestrated by business teams?
A: Visibility breaks first, then accountability.
Practitioner guidance
- Inventory every workflow-generated identity Identify the service accounts, tokens, API keys, and certificates created by ITSM, HR, finance, and orchestration tooling.
- Tie approvals to the actioning identity Record which identity actually performs each privileged action, not only who requested it.
- Classify workload identities by sovereignty boundary Map identities to the region, data domain, and regulatory boundary they are allowed to touch.
What's in the full article
Efecte's full article covers the strategic service management framing this post intentionally leaves at the governance level:
- The article’s five-factor breakdown of the 2026 service management shift and how each factor affects operating models.
- The discussion of Gartner's CIO cost-pressure agenda and why it pushes service management toward more automation.
- The article's view of geopatriation and why regional cloud control is becoming a management requirement.
- The source's broader argument about experience-led service management and why ITIL-style operating models are changing.
👉 Read Efecte's analysis of intelligent service management in 2026 →
Intelligent service management in 2026: what changes for IAM teams?
Explore further
Intelligent service management is converging with identity governance. The article’s shift from reactive support to automated outcomes means access decisions are no longer confined to a ticket queue or a human approver. When workflow engines can create, route, or complete work, IAM and IGA become control layers for the operating model itself. The practitioner conclusion is that service management maturity now depends on identity maturity.
A few things that frame the scale:
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, according to Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs.
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to the Ultimate Guide to NHIs.
A question worth separating out:
Q: Who is accountable when automated service management changes access in regulated environments?
A: The accountable party is the business owner of the workflow, the platform owner of the identities it uses, and the control owner responsible for approval and revocation. In regulated environments, accountability must be explicit because the system can act faster than a manual review cycle. Without named ownership, governance becomes only documentary.
👉 Read our full editorial: Intelligent service management in 2026 is becoming an identity problem