Gartner Hype Cycle Highlights Rise in Gen AI and Automation as Legal, Risk, and Compliance Leaders Tackle Global Regulatory Complexity

While emerging technologies - such as Generative AI (GenAI) and large language model (LLM) tools - are leading assurance leaders to rethink the role of technology in their service delivery, they must temper their expectations in the near term and remain focused on aligning technology solutions with specific business needs, according to Gartner, Inc., a business and technology insights company.

“Assurance leaders increasingly feel that adopting new technologies, especially GenAI and advanced automation, are critical to managing the escalating complexity of global regulations and risk,” said Weston Wicks, Senior Director Analyst in the Gartner Assurance Practice. "However, as organizations gain hands-on experience, it is increasingly clear that realizing these benefits requires more than enthusiasm; success depends on careful planning, targeted experimentation, gaining adoption, and a realistic understanding of technology limitations and integration challenges. As a result, expectations are shifting from hype to a pragmatic focus on measurable outcomes and sustainable adoption."

Gartner Hype Cycles provide a graphic representation of the maturity and adoption of technologies and applications, and how they are potentially relevant to solving real business problems and exploiting new opportunities. Gartner Hype Cycle methodology gives a view of how a technology or application will evolve over time, providing a sound source of insight to manage its deployment within the context of specific business goals. The Gartner Hype Cycle for Legal, Risk, Compliance and Audit Technologies, 2025 is designed to help assurance leaders navigate a rapidly evolving technology landscape.

This year’s Hype Cycle for Legal, Risk, Compliance and Audit Technologies introduces agentic AI for legal and AI embedded in compliance management automation, underscoring the industry’s growing interest in leveraging context-aware, autonomous AI in the future to address increasingly complex legal and compliance challenges. The innovations profiled here, along with the broader influence of GenAI, have accelerated the evolution of compliance monitoring, legal analytics and risk management solutions (see Figure 1).

“Assurance functions have traditionally been slower than other business areas in adopting new technologies. Jumping straight to AI tools—without first implementing more established, foundational technologies—will likely result in a period of disillusionment before we see widespread, productive legal use cases,” said Wicks. “For legal departments that haven’t already done so, focusing on proven solutions like contract lifecycle management and privacy management tools makes much more sense.”

Governance, risk and compliance (GRC) tools are designed to support a holistic enterprise risk management (ERM) process, encompassing risk identification, assessment, mitigation, monitoring and reporting. These tools are approaching mainstream adoption with Gartner experts estimating more than 50% market penetration.

“The growing complexity of internal and external risk environments, combined with increased oversight, requires assurance leaders to ensure new risks are identified, prioritized and mitigated in a timely manner,” said Joel Backaler, Director Analyst in the Gartner Assurance Practice. “GRC tools offer the prospect of expanding risk analysis capabilities and creating efficiencies in assurance workflows.”

However, there remains significant disillusionment with these tools. Although vendors often market their products as “integrated risk platforms,” it is rare that a single tool will serve all types of users well. Eighty-five percent of Gartner assurance clients have more than one GRC tool, and only slightly more than 50% of users in enterprise risk management are satisfied.

“Vendors often repackage the same tools for different buyer personas, which can confuse buyers,” said Backaler. “It may work better for many buyers to integrate multiple standalone solutions via APIs rather than trying to find a single solution that meets all needs.”