Acta acta.ink
Shadow AI · 5 min read

Your AI Costs Are Invisible — Here's How to Fix That

AI subscriptions scattered across teams, personal cards, and expense reports. How to centralise AI spending and link it to compliance.

Ask your CFO how much your company spends on AI tools. If they can give you a precise number, you're in the minority. For most organisations, AI spending is scattered across:

  • Individual ChatGPT Plus subscriptions on personal credit cards (expensed monthly)
  • Team accounts on corporate cards across multiple departments
  • GitHub Copilot licenses through the engineering budget
  • Microsoft 365 Copilot bundled into existing enterprise agreements
  • API costs buried in cloud provider invoices
  • Free-tier usage that costs nothing today but creates data exposure

The result: nobody has a clear picture of total AI spend, and nobody can answer the simple question — what are we getting for this money?

The hidden cost isn't the subscription

A ChatGPT Plus subscription costs $20/month per person. That's visible. The hidden costs are:

  • Redundant subscriptions — multiple teams paying for the same tools independently
  • Untracked API usage — developers calling AI APIs with no spending limits, leading to surprise invoices
  • Compliance exposure — every unapproved tool is a potential GDPR or EU AI Act liability
  • Data risk — free-tier tools may train on your data; you're paying with information, not money

The compliance cost is the one that catches companies off guard. When a regulator asks "which AI tools does your organisation use?" and you can't answer, the investigation doesn't stop there.

Why traditional IT procurement doesn't work for AI

Traditional software procurement follows a pattern: evaluate, approve, purchase, deploy, manage. AI tools broke this model because:

  1. Zero-friction adoption. Anyone with an email address can create a ChatGPT account in 60 seconds. No procurement process, no IT approval, no purchase order.
  2. Usage-based pricing. API costs scale with usage, not seats. A single developer can accidentally run up a large bill with an automated script.
  3. Rapid proliferation. New AI tools launch weekly. By the time IT evaluates one tool, employees have already adopted three others.

The result is that AI tools bypass every control your organisation has for managing software spend.

The compliance–budget connection

Under the EU AI Act, your Art. 26 deployer obligations include monitoring AI system operation and implementing technical measures. You can't monitor tools you don't know about. You can't implement measures for tools you haven't approved.

Centralising AI budgets isn't just a finance exercise — it's a compliance prerequisite. When you control the budget, you control the flow:

  • Approved tools get budget allocation and compliance coverage
  • Unapproved tools get blocked — employees can't go around your governance
  • Every token flows through a governed channel with PII scanning, audit logging, and policy enforcement
  • Department heads see their AI spend in real time — no more surprise invoices

What budget centralisation looks like

1. Audit current spend

Sweep expense reports, corporate card statements, and cloud invoices for AI-related charges. Survey department heads about tools in use. Check SSO logs for AI services. You'll likely find 3–5× more spending than expected.

2. Approve and route

Decide which AI tools are approved for use. Route all approved usage through a managed channel — whether that's a company-wide enterprise account, an API gateway, or a browser-based compliance layer. Block unapproved tools.

3. Set department budgets

Give each department a monthly AI budget. This does three things: makes AI costs visible, prevents runaway spending, and creates accountability. When marketing knows they have €500/month for AI, they use it more thoughtfully.

4. Alert and enforce

Set alerts at budget thresholds (e.g., 80% and 90%). Decide whether to hard-cap at 100% or allow overflow with manager approval. Either way, someone is watching the numbers.

5. Report

Monthly AI spend reports by department, tool, and use case. This feeds directly into your compliance documentation — you can demonstrate to a regulator exactly which AI tools are in use, how much they're used, and what controls are in place.

The flywheel effect

Once AI spending is centralised and visible, something interesting happens: organisations tend to increase AI investment, not decrease it. When leadership can see the ROI per department and knows the usage is governed and compliant, the friction to approving more budget goes away.

Shadow AI costs money and creates risk. Governed AI costs money and creates value. The difference is visibility and control.

Disclaimer: This article is for informational purposes. Cost figures and percentages are illustrative and will vary by organisation. Consult your finance and compliance teams for guidance specific to your situation.

Related reading

Shadow AI: Your Employees Are Pasting Sensitive Data Into ChatGPT Art. 26 Deployer Obligations: What the EU AI Act Means for Your Company

See how Acta can help

PII detection, audit logging, policy enforcement, AI literacy insights. One platform for EU AI Act compliance.

Try Acta free

Free extension included · Pay as you go

← All articles