Gartner IAM Summit 2026: Digital Sovereignty Is No Longer a Nice-to-Have — It’s a Buying Criterion

Two weeks ago, over 1,500 identity leaders gathered at the Gartner Identity & Access Management Summit in London. The theme was “Identity at the Core” — but what actually dominated hallway conversations, booth demos, and analyst sessions was something more specific: technological sovereignty.

Not sovereignty as a political talking point. Sovereignty as a practical purchasing criterion. And for European IAM practitioners, that shift changes everything.

Sovereignty Moved From the Margins to the Main Stage

At previous Gartner IAM summits, sovereignty was a niche topic — relevant for government agencies, maybe a few regulated industries. In 2026, it was center stage.

The reasons aren’t hard to find. NIS2 is now enforceable across EU member states. DORA applies to all financial entities and their critical ICT providers as of January 2025. Germany’s KRITIS regulations are tightening. And Broadcom’s Private Cloud Outlook 2025 report found that 69% of organizations are considering moving workloads back to private infrastructure, with security and control as the primary drivers.

For identity governance specifically, the implication is clear: your IGA platform is the “keys to the kingdom” — the system that decides who can access what, where, and when. Putting those keys in a US-headquartered SaaS platform raises questions that European CISOs are increasingly unwilling to answer in front of auditors.

Evolveum Demonstrated midPoint’s Simulations Feature — And It Turned Heads

At the Evolveum booth, Head of Engineering Slávek Licehammer took an unusual approach: no pre-recorded demos, no marketing slides. He invited attendees to tell him what they wanted to see and demonstrated midPoint live.

The feature that generated the most interest was Simulations — a capability that lets organizations evaluate the impact of configuration changes on real data before implementing them. In practice, this means you can model a role change, a new access policy, or a connector modification, see exactly what would happen across your identity landscape, and only then decide whether to apply it.

For anyone who has experienced the fear of pushing a policy change to production on a Friday afternoon, this is significant. It reduces operational risk, prevents costly configuration errors, and improves data quality — all without slowing down the pace of change.

Application Onboarding Is Still the Biggest Bottleneck — But AI Is Catching Up

Pavol Mederly, Evolveum’s Chief Product Officer, presented a theater session titled “The Hidden Cost of Slow Application Onboarding in IGA.” The strong attendance confirmed what most practitioners already know: getting applications properly integrated into your IGA platform remains one of the most persistent challenges in the field.

The numbers are stark: roughly 80% of cyberattacks exploit identity-related vulnerabilities, and incomplete application integration is one of the biggest contributing factors. Every application that isn’t governed by your IGA platform is a blind spot — an unmonitored access path that attackers can exploit.

Evolveum’s answer is midPilot, an AI-powered assistant built into midPoint that accelerates application onboarding through automated connector code generation, schema matching, and mapping recommendations. The project — funded by the EU’s Recovery and Resilience Plan — has already delivered working MVPs of the connector generator, a model-mapping recommendation system, and a correlation recommendation system, all available as open-source repositories on GitHub.

The On-Prem vs Cloud Debate Is Getting More Nuanced

The Gartner summit wasn’t anti-cloud. But the conversation has matured beyond the simplistic “cloud is always better” narrative that dominated IAM discussions five years ago.

Evolveum recently published a detailed analysis of on-premises vs cloud IGA deployment, and the data supports what practitioners are feeling: cloud IGA makes sense for some scenarios, but when the platform governs access to everything else in your organization, there are strong arguments for keeping it under your direct control.

The key trade-offs:

• On-prem gives you full control over identity data, unlimited customization, offline capability, and predictable costs — but requires internal expertise for maintenance
• US-headquartered cloud IGA offers faster deployment and automatic updates — but limits customization, creates vendor dependency, and raises data sovereignty questions under GDPR, NIS2, and DORA
• EU sovereign cloud IGA — a third path that’s gaining traction — combines cloud convenience with full European data residency and legal jurisdiction

That third option is exactly what IAM Factory delivers. Built on midPoint and operated entirely within the EU, IAM Factory is Inalogy’s managed IGA platform: identity governance as a service, without the sovereignty trade-off. Your identity data never leaves European jurisdiction, your platform is managed by specialists, and you retain full control over your policies and configurations.

For European enterprises navigating NIS2 and DORA compliance, this matters. The ability to tell your auditor “our IGA platform is EU-hosted, EU-operated, and built on open-source software under EUPL” is a fundamentally different answer than pointing at a US SaaS vendor’s EU region checkbox.

The deployment decision is no longer binary. European organizations now have a credible, production-ready cloud option that doesn’t require choosing between operational convenience and digital sovereignty.

The Partner Ecosystem Is Where the Real Work Happens

One thing the Gartner summit reinforced: choosing an IGA platform is only half the decision. The other half is choosing who implements it.

Evolveum’s recent roundtable on SAP IDM and MIM migration brought together ten implementation partners — including Ventum, ACEN, IT Concepts, Unicon, and others — and the consensus was unanimous: organizations that haven’t started planning their migration from SAP IDM (EOL 2027) or MIM (EOL 2029) are running out of time. Not because the migration itself is impossibly complex, but because the experienced partners who can execute it are booking up.

As an Evolveum Silver Partner, Inalogy has been delivering midPoint implementations across Central and Western Europe for financial services, telecom, higher education, and public sector clients. What we’re seeing matches the Gartner sentiment exactly: demand for sovereign, open-source IGA is growing faster than the market’s capacity to deliver it.

What This Means for Your IAM Strategy

If you’re a CISO or IAM leader in Europe, the Gartner IAM Summit 2026 sent a clear signal:

1. Sovereignty is now a procurement criterion, not just a compliance checkbox. Your board is going to ask where your identity data lives.
2. AI is changing IGA economics. Between midPilot’s automated onboarding and AI-assisted implementation, the cost and timeline of deploying a mature IGA platform are dropping significantly.
3. The migration window is closing. SAP IDM EOL in 2027, MIM EOL in 2029. Partners with capacity for 2026–2027 engagements are filling up.
4. Open source is mainstream. midPoint is recognized by Gartner, licensed under EUPL, and deployed across European enterprises. This isn’t a fringe choice anymore.
5. EU sovereign cloud is now a viable third path. You don’t have to choose between on-prem control and cloud convenience — IAM Factory gives you both.

The next major identity event is the 2nd Annual MidPoint Community Meetup in Prague (May 12–15, 2026) — a hands-on technical event where you can see midPilot in action, talk directly to the product team, and connect with the implementation community.

If you’re evaluating your IGA roadmap and want to understand what a sovereign, open-source approach looks like in practice, reach out to us. We’ve done this before, and we’re happy to share what we’ve learned.