Wall Street and the $285 Billion Drop: What Actually Happened
On February 4, 2026, financial markets witnessed an event that shook the technology sector: a total loss of $285 billion in market capitalization hit companies like Salesforce, ServiceNow, DocuSign, and numerous other enterprise software vendors. At the center of the storm was a fear that grows more concrete by the day: AI agents could make the per-user licensing model, on which entire SaaS ecosystems depend, obsolete.
The fear is not entirely unfounded. If an AI agent can do the work of ten users, the pay-per-seat model loses its reason for being. According to early industry analyses, potential savings range between 60 and 80 percent of current licensing costs. But the market reaction was, as often happens, amplified by panic. The reality is more nuanced and deserves deeper analysis, especially for those operating in the context of Italian SMBs where the adoption of enterprise Claude AI represents both an opportunity and a regulatory challenge.
Cowork in Practice: What It Can Actually Do for Professional Firms
Claude Cowork, the desktop agent launched by Anthropic in January 2026, opens interesting scenarios for Italian professionals. Its ability to operate directly on the user’s desktop, with access to local files and productivity tools, distinguishes it from traditional cloud-only chatbots.
In the legal context, Cowork can perform preliminary contract reviews with automatic risk identification, compliance tracking against specific regulatory requirements, case law synthesis from public sources, and acceleration of repetitive work on NDAs and contract templates. However, it is essential to understand the limitations: it does not replace specialized legal databases like Westlaw or LexisNexis, it can generate non-existent regulatory references (the hallucination phenomenon), and it always requires qualified human supervision for high-criticality decisions.
Law 132/2025, effective from October 10, 2025, requires professionals to communicate in writing the use of AI tools. The National Bar Council has clarified that AI is permitted as a support for preliminary analysis, but remains prohibited for drafting detailed legal documents. A key principle: post-hoc review does not automatically transform an AI-generated output into genuinely professional work.
The Critical Issue: GDPR, Professional Secrecy, and Data Residency
For any Italian organization considering the adoption of enterprise Claude AI, data protection remains the most delicate issue. Without a compliant Data Processing Agreement with Anthropic, there is no legal basis for data processing under GDPR. Professional secrecy requires a higher level of protection compared to standard data, with potential penalties of up to 4 percent of global turnover or 20 million euros.
Permitted prompts include anonymized analysis of contract structures, creation of standard clause checklists, and regulatory research on specific matters. Conversely, prompts involving identifiable data such as real names and specific amounts, final drafting of critical clauses, and any validation without independent verification should be considered prohibited.
For CISOs at NIS2 entities, the matter becomes even more complex. The most recent ACN determinations are not part of the training data of any current AI model. The correct workflow requires the professional to download updated determinations from acn.gov.it and provide them as processing context, transforming the system from a supposed autonomous compliance database into a processing engine working on verified documents.
How Much Can Really Be Automated: Realistic Estimates for 2027
The most honest analysis concerns the automation percentages achievable in regulated Italian contexts by February 2027. The estimates are cautious but significant: supplier contract review can benefit from a 65-70 percent time savings, provided a professional validates and integrates their own judgment. Gap analysis on policies and playbooks reaches 50-60 percent efficiency, while internal documentation drafts achieve 60-70 percent with substantial human review.
However, some areas remain at zero automation: formal notifications to CSIRT, acceptable risk decisions, all documents intended for regulators, and real-time crisis management. These domains require competence, responsibility, and judgment that no AI agent can yet assume.
Key Takeaways for SMBs
- Gradual approach: start with preliminary analysis and internal drafts before extending use to critical documents
- Compliance first: verify GDPR compliance and the existence of a DPA before any deployment
- Team training: the value of AI depends on the professional’s ability to guide it and validate its outputs
- Document usage: keep track of what the AI processed and what the human verified, as required by Law 132/2025
- No regulatory shortcuts: ACN determinations and NIS2 requirements must always be verified against updated official sources
Conclusion
Adopting enterprise Claude AI in Italian SMBs is a journey that must be approached with awareness, not with blind enthusiasm nor with preconceived rejection. The technology works, but the Italian regulatory context requires caution and method. 10punto10 supports companies on this journey with an approach where the professional remains at the center and artificial intelligence amplifies their capabilities without replacing their judgment.
Need support on this topic? Contact us for a free consultation, let’s assess your company’s situation together.
Stay updated every week on cybersecurity, AI and technology for SMBs: subscribe to our newsletter.