[Paper] Between Policy and Practice: GenAI Adoption in Agile Software Development Teams
Source: arXiv - 2601.07051v1
Overview
A new exploratory study dives into how agile software teams are actually using generative AI (GenAI) tools—and why the policies meant to govern them often fall short. By interviewing practitioners across three German companies, the authors uncover real‑world use cases, tangible benefits, and the regulatory and organizational hurdles that keep GenAI from reaching its full potential in fast‑moving development environments.
Key Contributions
- Empirical map of GenAI adoption in agile settings, covering creative work, documentation, and code‑assist tasks.
- Identification of benefit‑barrier trade‑offs, showing efficiency gains versus data‑privacy, validation, and governance challenges.
- Application of the Technology‑Organization‑Environment (TOE) framework to explain why policy‑practice gaps emerge in practice.
- Actionable recommendations for aligning regulations, organizational processes, and technology choices to enable responsible GenAI integration.
- Cross‑case thematic analysis across three distinct organizations, providing a nuanced view of industry‑wide patterns.
Methodology
The researchers conducted a multiple‑case study in three German firms that employ agile methodologies. Their data collection consisted of:
- 17 semi‑structured interviews with developers, product owners, QA engineers, and managers who regularly interact with GenAI tools (e.g., GitHub Copilot, ChatGPT, code‑generation plugins).
- Document analysis of internal policies, security guidelines, and project artefacts to see how formal rules map onto day‑to‑day tool usage.
A cross‑case thematic analysis was then performed, coding interview transcripts and documents against the TOE framework (Technology, Organization, Environment). This allowed the team to surface recurring themes and pinpoint where misalignments arise.
Results & Findings
| Dimension | Core Findings | What It Means |
|---|---|---|
| Technology | GenAI is most valued for creative brainstorming, auto‑completing boilerplate code, and generating documentation. | Teams see immediate productivity boosts, especially in early‑stage design and routine coding tasks. |
| Organization | Lack of clear governance (e.g., who can approve AI‑generated code) and insufficient training lead to ad‑hoc usage. | Without structured processes, developers spend extra time validating AI output, eroding some efficiency gains. |
| Environment | Data‑privacy regulations (GDPR) and internal compliance policies are often translated into blanket bans or vague guidelines. | Over‑cautious policies create friction, causing developers to either avoid useful tools or use them in ways that may violate compliance. |
| Overall | Policy‑practice gaps arise when regulations are written without insight into actual tool capabilities or team workflows. | Organizations risk non‑compliance or missed opportunities because policies don’t reflect the nuanced reality of GenAI use. |
The study quantifies efficiency gains (e.g., 20‑30 % reduction in time spent on documentation) while also highlighting validation overhead (roughly 15 % of a developer’s day spent double‑checking AI‑generated code).
Practical Implications
- Tool‑Selection Guides: Prioritize GenAI solutions that expose provenance and integrate easily with CI/CD pipelines, reducing validation effort.
- Policy Redesign: Adopt risk‑based policies defining permissible data types, required human review steps, and audit trails instead of blanket prohibitions.
- Training Programs: Offer short, role‑specific workshops (e.g., “Prompt Engineering for Scrum Masters”) to boost confidence and reduce misuse.
- Governance Dashboards: Implement lightweight dashboards that track AI‑generated artefacts, flagging any that touch sensitive data or violate coding standards.
- Compliance Automation: Pair GenAI with static analysis tools that automatically enforce GDPR‑related constraints, turning a barrier into a safety net.
For developers, the takeaway is clear: GenAI can shave hours off repetitive tasks, but you need the right organizational scaffolding to reap the benefits without compromising security or quality.
Limitations & Future Work
- Geographic Scope: All three case companies are based in Germany, so findings may not fully capture adoption dynamics in regions with different regulatory climates.
- Tool Diversity: The study focused on a limited set of popular GenAI tools; emerging or niche solutions might exhibit different usage patterns.
- Temporal Snapshot: As GenAI capabilities evolve rapidly, the observed benefits and barriers could shift within months.
Future research directions include longitudinal studies to track how policy‑practice alignment matures over time, comparative analyses across industries (e.g., fintech vs. gaming), and the development of standardized governance frameworks adaptable to various regulatory environments.
Authors
- Michael Neumann
- Lasse Bischof
- Nic Elias Hinz
- Luca Stockmann
- Dennis Schrader
- Ana Carolina Ahaus
- Erim Can Demirci
- Benjamin Gabel
- Maria Rauschenberger
- Philipp Diebold
- Henning Fritzemeier
- Adam Przybylek
Paper Information
- arXiv ID: 2601.07051v1
- Categories: cs.SE
- Published: January 11, 2026
- PDF: Download PDF