Abstract
Enterprise systems governance is undergoing a shift toward decentralization and federation, as platforms and tools increasingly empower business users to create and deploy applications outside professional IT. Low-Code Development Platforms (LCDPs) represent a prominent instance of this trend, enabling rapid application development while simultaneously introducing challenges for Enterprise Architecture Management (EAM). Through a multiple-case analysis of organizations from financial services, healthcare, and manufacturing, we identify three governance challenges organized around what is governed (architectural drift), who is governed (role ambiguity and shifting accountability), and how governance is enacted (tension between formal and informal control), and show that that organizations address these challenges through deliberately composed governance portfolios pairing formal instruments with informal enabling practices. Reasoning abductively across cases, we identify five mechanisms through which these portfolios produce durable EA outcomes: information symmetry, perceived legitimacy, developer capability, enacted decision-right alignment, and secure-by default conditions. Theoretically, we contribute by distinguishing the locus of control (centralized vs decentralized) from the mode of control (formal vs informal), and by offering a mechanism-based explanation of how governance portfolios produce EA outcomes under decentralized development conditions, moving beyond generic prescriptions for “balance” toward a concrete account of why specific governance compositions work. Practically, our analysis underscores the need to continuously recalibrate governance as decentralized technologies proliferate, requiring increasingly adaptive EAM strategies to balance innovation, flexibility, and architectural coherence.
Keywords
Introduction
Enterprise systems governance is undergoing a structural transformation. Across industries, the past decade has seen a shift from centralized, IT-department-led development toward federated and decentralized models in which business users—empowered by an expanding range of digital platforms—create, configure, and deploy applications with diminishing dependence on professional IT. This trend, variously described as end-user computing, shadow IT, and, most recently, citizen development (Fischer et al., 2017; Maruping and Matook, 2020), reflects a deeper organizational logic: as competitive pressures accelerate the demand for digital capability, organizations are distributing development authority across business units, power users, and hybrid teams. Enterprise Architecture Management (EAM), which has traditionally operated from a position of centralized oversight and standardization (Tamm et al., 2011; Winter and Schelp, 2008), is thus confronted with a fundamental governance challenge: how to maintain architectural coherence, security, and long-term IT sustainability in an environment where application development is increasingly distributed and user-driven.
Low-Code Development Platforms (LCDPs) represent the most prominent and rapidly diffusing instance of this decentralization trend. LCDPs such as Mendix, OutSystems, and Microsoft PowerApp empower business users and IT professionals to create applications with minimal traditional coding (Carroll and Maher, 2023; Maruping and Matook, 2020; Novales and Mancha, 2023). Adoption has surged dramatically, driven by their promise to accelerate digital transformation and reduce reliance on centralized IT resources: in a recent study of over 2000 companies, 81% reported LCDPs as strategically important and increasingly used for success-critical applications (Gonçalves et al., 2024). However, as adoption increases, so too do challenges related to EAM. Industry cases such as UK’s national health services (Dequito, 2024) and American COVID-19 tracing and vaccination (Ikeda, 2021) have demonstrated significant issues arising from LCDP use, including increased security vulnerabilities, uncontrolled growth of applications, and architectural drift.
At the core of these challenges lies a fundamental tension between the decentralization and flexibility promoted by LCDPs and the structured, centralized control mechanisms typically emphasized within EAM. This is a tension that is primarily related to EA governance, which pertains to the development of EA-related decision rights and accountabilities, ensuring that EA development is in line with long-term objectives and not compromised by opportunistic decision making (Ahlemann et al., 2021: 7). While traditional, centralized EA governance seeks to ensure predictability, coherence and long-term sustainability of the IT landscape, LCDPs foster decentralized innovation, accelerating development cycles and empowering a broader set of users. Thus, the use of these platforms inherently challenges traditional governance approaches oriented toward predictability and control. This friction raises a pressing question: What EA governance challenges emerge when organizations adopt LCDPs, and how can EA governance be shaped to mitigate these challenges?
Prior literature focused extensively on traditional IT governance and the theoretical foundations of EAM (Tamm et al., 2011), emphasizing the importance and relevance of standardized architecture for managing complexity (Boh and Yellin, 2006) and ensuring alignment between IT initiatives and overarching business goals (Ross et al., 2006). What is being overlooked, however, is how these established EA governance approaches (such as TOGAF, the Zachman Framework, and COBITG) cope with decentralized, end-user-driven platforms like LCDPs. With their emphasis on centralized decision-making, standardization, and strict architectural control (Kotusev, 2019; Winter and Schelp, 2008), these governance structures do not explicitly address the governance tensions arising from the increased decentralization and democratization introduced by LCDPs. At the same time, current research around LCDPs focuses mostly on user adoption and the changing nature of software development work rather than addressing critical EA-related challenges such as architectural drift, security vulnerabilities, and the long-term sustainability of end-user generated applications within IT infrastructures. Thus, there is limited understanding of how traditional EA governance must evolve to accommodate for the increasing decentralization of IS development.
This paper directly addresses this gap. We report on a multiple-case study conducted across three distinct organizational contexts—finance, healthcare, and manufacturing—using abductive analysis to move iteratively between empirical patterns and theoretical constructs. Our analysis identifies three categories of EA governance challenge arising from LCDP adoption, organized around what is governed (architectural drift), who is governed (role ambiguity and shifting accountability), and how governance is enacted (tension between formal and informal control). We show that organizations address these challenges through deliberately composed governance portfolios pairing formal instruments with informal enabling practices and identify five causal mechanisms through which these portfolios produce durable EA outcomes: information symmetry, perceived legitimacy, developer capability, enacted decision-right alignment, and secure-by-default conditions. Theoretically, we contribute by disentangling the locus of control (centralized vs decentralized) from the mode of control (formal vs informal) and by offering a mechanism-based account of why specific governance compositions work, advancing the field beyond generic prescriptions for balance. Practically, our findings offer guidance for organizations navigating the governance demands of increasingly decentralized IS development, including the emerging challenge of AI-augmented development.
Research background
The emergence of LCDPs is a recent development in the broader phenomenon of end-user software development and increases the challenge that this phenomenon poses for enterprise-wide coordination. In this section we will first discuss previous research on end-user software development to place LCDPs in this broader context. Next, we will discuss the literature on Enterprise Architecture management and governance, to explore what extant research can tell us about the challenges that can emerge when technologies that facilitate decentralized IS development are integrated into organizations’ Enterprise Architectures.
Low-Code Development Platforms in the context of end-user development
Prior research has both expanded and deepened our understanding of EUD. Rivard and Huff (1984, 1985) show that user-developed applications (UDAs) provide tangible benefits to users, ensuring high user satisfaction. At the same time, they also identify risks stemming from users’ lack of programming expertise. Amoroso and Cheney (1991) identify various factors that influence the effectiveness of UDA in terms of the degree to which applications achieve their goals from an end user perspective, with an important role for users’ attitudes and motivations. Blackwell (2017) provides more insight into these motivations (and how they relate to personality characteristics). Lieberman et al. (2006) found that empowering end-users to develop applications not only drives innovation but also yields solutions that are finely tuned to specific business needs, provided that sufficient support and governance mechanisms are in place. Scacchi and Hurley (1995) noted that while EUD can increase development agility and reduce costs by leveraging localized expertise, it also introduces challenges, particularly regarding application quality, security, and long-term maintainability. Fischer et al. (2017) advanced this discussion by emphasizing the fact that without robust governance, the decentralized nature of end-user development can foster the proliferation of shadow IT. Galletta and Heckman (1990) focus on a different challenge in EUD, addressing the inherent role ambiguity and conflict that emerge when users assume developer roles.
Recent developments have brought forth LCDPs, which represent both an extension and a complication of the traditional EUD paradigm. Waszkowski (2019) defines LCDPs as suites of tools that enable rapid application development with minimal coding, catering to both programmers and non-programmers. This approach not only simplifies the development process but also addresses dynamic market demands (Sanchis et al., 2019). Historically, the evolution of LCDPs can be traced back to the advent of Fourth-Generation Languages (4GLs) in the 1970s and 1980s, and later to tools like Visual Basic in the 1990s, which introduced higher levels of abstraction in application development (Bock and Frank, 2021).
The allure of LCDPs lies in their promise of accelerated software development, ease of use, and the potential for grassroots digital transformation (Sanchis et al., 2019; Yan, 2021). Studies have highlighted significant efficiency gains from using LCDPs; illustrated by the ability to reuse components and reduce the need for extensive planning (Elshan et al., 2023). For instance, Luo et al. (2021) compare the ease of developing applications with LCDPs to “building with LEGO bricks,” emphasizing modularity and rapid assembly. Moreover, LCDPs address the shortage of skilled IT professionals by empowering “citizen developers” (as user-developers are commonly referred to in the low code/no code world) to contribute directly to application development (Rafi et al., 2022).
However, the increased accessibility of LCDPs also amplifies challenges previously identified in EUD research. The ease with which applications can be created heightens the risk of shadow IT, while the proprietary nature of some platforms can lead to vendor lock-in and complicate integration efforts (Rokis and Kirikova, 2023). Additionally, while LCDPs empower users, they also raise questions about over-empowerment and the potential for systemic vulnerabilities if too many applications are developed without adequate oversight (Hurlburt, 2021).
In essence, LCDPs extend the promise of EUD by lowering barriers to innovation, but complicate the landscape by raising the tension between decentralized development efforts and enterprise-wide objectives. As organizations increasingly adopt LCDP solutions, striking the right balance between empowering end-users and maintaining centralized control becomes critical. For organizations, addressing this balance is key to leveraging the full potential of LCDPs while mitigating inherent risks, which presents challenges for Enterprise Architecture Management, in particular EA governance. In the next section, we will outline these challenges as identified in the EA literature.
LCDP and Enterprise Architecture Management challenges
In the IS literature, Enterprise Architecture (EA) is defined in terms of “the fundamental organization of an enterprise as a socio-technical system, along with the principles governing its design and development” (Ahlemann et al., 2012: 16). An organization’s EA includes all its relevant components: from business model and organizational structure to business processes, data and technologies. The EA provides a high-level definition of these components, as well as their interrelationships (Tamm et al., 2011), focusing both on the present and (envisioned) future states of the architecture (Lange et al., 2016). Enterprise Architecture Management (EAM) refers to all management activities conducted in an organization to install, maintain and purposefully develop an organization’s EA (Aier et al., 2011), providing a holistic view on the architecture and guiding its development towards enterprise-wide objectives. The general objectives of EAM can be described in terms of four IS-focused “architectural outcomes” (Beese et al., 2023a): (1) efficiency, the ability to provide all necessary IS capabilities with minimal resources; (2) flexibility, the ability to quickly adapt the architecture to changing conditions or objectives; (3) transparency, the ability to understand how an organization’s IS operate; and (4) predictability, the ability to predict the effects of changes on IS. As we will outline below, end-user development—in particular the use of LCDPs—presents challenges in relation to each of these outcomes.
These challenges are related to EAM’s crucial role in coordinating local information system development efforts (e.g., in business units, or by (groups of) users) in line with enterprise-wide strategic objectives (Beese et al., 2023a; Sidorova and Kappelman, 2011). The overarching challenge for EAM here is enabling the organization to reap the benefits of such local development efforts, while at the same time avoiding redundancies and inconsistencies (Ajer et al., 2021; Beese et al., 2023b). Based on our reading of the literature, we identify the following concrete challenges for EAM that emerge because of LCDP use in organizations. The first one (Local vs Enterprise-level Optimization) is at the foundation of the following three (Architectural Drift and Technical Debt, Escalating Architectural Complexity, and Operational and Security Risks), while the fifth one (Erosion of Centralized Governance) is an overarching challenge of combining different approaches towards EA governance in order to balance end-user development and enterprise-level architectural interests.
Local versus enterprise-level optimization
First, the literature shows a fundamental tension between local optimization (solving a specific unit’s problem quickly) and global optimization (improving the effectiveness of the entire enterprise in the longer term) (Beese et al., 2023b; Schilling et al., 2018, 2019). Local development teams tend to prefer specialized IS solutions that fit their specific needs, at the risk of creating application silos that do not align with enterprise-wide goals (Boh and Yellin, 2006). Decentralized software development through LCDPs—where decision rights are distributed to local entities, such as end-users—enhances this challenge because it empowers business units or departments to develop applications that prioritize their immediate localized needs over long-term enterprise-level interests (Malaurent and Avison, 2016).
Architectural drift and technical debt
When the balance between local and enterprise-level interests is threatened, a consequence of LCDP use can be architectural drift: “the movement away from a chosen architectural direction based on external influences” (Perks and Beveridge, 2003: 402). In other words, architectural drift refers to a state in which the evolution of an architecture diverges from the agreed-upon policies and principles. Although this is a well-known phenomenon in EAM, LCDP use can amplify this challenge when the prioritization of citizen developers’ interests over the overarching architectural plan leads to compromises, errors, lapses, and omissions in the design and implementation of IS that introduce architectural inconsistencies and unwarranted dependencies.
Applications created by end-users frequently lack documentation, consistent patterns, or maintainability considerations (Barricelli et al., 2019). This means that these applications can contribute to the organization’s technical debt. Technical debt refers to choices made early in the development process that are expedient in the short term, but that defer various costs (for refactoring, improvement, maintenance, etc.) “down the line,” essentially meaning that the same work will cost more to do later than it would in the early stages of development (Kruchten et al., 2013). Ultimately, this negatively influences efficiency, transparency, predictability and flexibility of the architecture (Rinta-Kahila et al., 2023). Citizen developers can perceive enterprise standards as an “extra burden” or a cumbersome barrier to project progress (Cram et al., 2015; Schilling et al., 2018), choosing to bypass these standards at the cost of the enterprise-wide perspective and creating misalignments that must be reconciled later (Gregory et al., 2018).
Escalating architectural complexity
Prioritizing local interests over enterprise-level goals and the resulting architectural drift can lead to an overly complex, inflexible and costly IS landscape (Tamm et al., 2022). Divergence from EA artifacts can lead to a rapidly increasing number of and diversity in applications, as well as (partial) overlaps between them. This can create an unmanageable level of complexity, which negatively influences each of the architectural outcomes (Beese et al., 2023b). Decentralized software development through LCDPs makes this “waning of the initial system architecture” (Schmidt and Buxmann, 2011: 170) more likely. When local units can rapidly build solutions to address immediate challenges or opportunities, this creates high levels of IS heterogeneity and redundant systems (Ahlemann et al., 2021; Haki et al., 2020). Likewise, at the level of the data architecture, decentralized development can lead to information silos where incompatible data formats and standards are adopted by different units to serve their own local applications, rather than integrating these with enterprise-level sources (Ajer et al., 2021; Boh and Yellin, 2006; Haki and Legner, 2021).
At the same time, the principle of requisite complexity holds that every system should contain a minimum level of complexity to deal with requirements stemming from the system’s environment (Boisot and McKelvey, 2011). When EA principles are maintained too strictly, this may lead to restrictions that limit EA complexity to a level that is not in line with this principle. This, in turn, may be a reason for users to develop applications that do serve their needs in terms of meeting complexity, but violate formal EAM principles.
Operational and security risks
Decentralized software development can threaten operational continuity (Van der Raadt et al., 2010). Inadequate decisions at the local project level can raise costs and complicate the implementation of necessary changes, potentially threatening the viability of the whole organization (Schmidt and Buxmann, 2011). Furthermore, the previously identified challenges in terms of complexity, drift and technical debt each negatively influence the transparency and predictability of the architecture, making it very difficult to foresee the unintended effects that a change to one component might have on related system components (Beese et al., 2023a).
Specifically, an increasingly important challenge for EAM resulting from the rise of decentralized software development concerns security. A fundamental risk here is the erosion of compliance, a core EA metaprinciple to ensure conformance to both internal standards and external regulations (e.g., GDPR, NIS2, and financial reporting rules) (Haki and Legner, 2021). Rapid, local development often evades formal compliance assessments or architectural quality gates (Gregory et al., 2018). Furthermore, when non-experts build applications, they may inadvertently violate privacy laws, security mandates or other guardrails (Ajer et al., 2021). The previously mentioned escalation of architectural complexity also presents a security risk, as “complexity is the enemy of security”: a complex systems landscape means more modules and connections (not all of them known or sanctioned), more potential software bugs, and on the whole an increased (and more difficult to comprehend) attack surface (Schneier and Vance, 2025).
Erosion of centralized top-down governance
Fundamentally, increasing decentralization of software development leads to an erosion of centralized EA governance. Ahlemann et al. (2021) identify EA Governance as one of four EAM capabilities, next to EA modelling, EA planning, and EA implementation. This capability focuses on developing EA-related decision rights and accountabilities, ensuring that EA development is in line with long-term objectives and not compromised by opportunistic decision-making (Ahlemann et al., 2021: 7). EA Governance is a control function aimed at steering EAM and facilitating monitoring, reporting and escalation.
The distinction between centralized and decentralized approaches towards governance relates to a difference in terms of locus of control (where decision-making power resides, either in a single person or small group or distributed across lower levels). Centralized governance means that architectural plans and policies, decision rights and accountability structures originate at the senior leadership level and are imposed on lower levels of the organization (Schilling et al., 2018; Weill and Ross, 2004). This is traditionally how this control function is shaped, relying on coercive mechanisms like standards and principles to ensure enterprise-wide alignment (Ahlemann et al., 2021; Haki et al., 2020; Schilling et al., 2018). End-user development challenges this reliance because local entities often perceive such coercive mechanisms as an unwelcome restriction of their design freedom (Beese et al., 2023b). Furthermore, the typical speed of user development (especially in the age of LCDPs and AI) makes it difficult to enforce compliance assessments or quality gates intended to ensure solutions fit the long-term target architecture (Ahlemann et al., 2021; Boh and Yellin, 2006). Thus, end user development would favor a more decentralized approach, where the architecture is primarily influenced by the actions and decisions of lower-level agents, aggregating upward without being designed from above (De Haes and Van Grembergen, 2009; Gregory et al., 2018). This approach assumes that effective governance often emerges from practice rather than being designed from above (Ciborra, 1994, 2000).
Analyzing EAM challenges: What, who, and how
The five EAM challenges we derived from the literature are not independent phenomena. Rather, they are manifestations of the incompatibility of traditional centralized, top-down EA governance with the decentralized, high-velocity development enabled by LCDPs. LCDP use does not inherently cause architectural drift, complexity, or security risks. The use of these platforms accelerates and amplifies these tensions because they inherently conflict with the traditional governance structures in EAM. For instance, local optimization happens because citizen developers have decision rights, but without corresponding accountability structures. Similarly, complexity escalates in the absence of governance mechanisms to review and rationalize the growing application landscape. As a final example, security risks increase because governance frameworks were not designed to handle non-expert developers working at speed. Therefore, in our further analysis of these challenges, we primarily take the perspective of EA governance, using foundational insights from the IT governance literature—including its treatment of structural, procedural, and relational governance mechanisms (Boh and Yellin, 2006). Our guiding principle in this analysis is Tiwana et al.’s (2013) distinction among three key dimensions of governance: (1) what to govern, (2) who to govern, and (3) how to govern (see also Gregory et al., 2018).
The what dimension refers to the EA-related activities and artifacts that must be aligned with organizational strategy and objectives. This concerns elements like blueprints, guidelines, models, but also the actual applications that are developed and managed. The challenge is that while the enterprise wants to optimize the “what” for synergies and cost reduction, citizen developers tend to focus on exploring flexible combinations of technologies to meet immediate functional needs. Thus, the “what” becomes a dynamic environment (rather than a static blueprint) where EAM must enable decentralized applications, and at the same time ensure that they do not undermine long-term objectives. The challenges in terms of architectural drift and technical debt, escalating complexity, and operational and security risks all concern this dimension, as these challenges all arise from this general tension between local and enterprise-level optimization.
The who dimension concerns the actors and stakeholders that play a role in all EA-related activities. Relevant actors are LCDP users, staff in the EA function and the IT function, as well as managers and other business stakeholders. This dimension is likely to be relevant in all challenges identified, as the activities of these actors contribute to these challenges. For instance, users developing applications that are not in line with architectural principles contribute to local over enterprise-level optimization as well as architectural drift and technical debt, escalating complexity and operational and security risks. Such risk increases when the “who” being governed shifts from a central, accountable IT unit to empowered but non-professional citizen developers. Likewise, the erosion of centralized governance relates to the fact that multiple actors at different levels of the organization become involved in EA governance.
Finally, the how dimension directly concerns the erosion of centralized governance. This pertains to the allocation of decision rights and controls, and the structural, procedural, and relational mechanisms through which governance is shaped (Gregory et al., 2018; Tiwana et al., 2013). This is where the challenge of finding a balance between centralized and decentralized control clearly comes to the fore. The emergence of LCDPs presents organizations with new challenges in balancing centralized and decentralized governance. In achieving this balance, it is crucial that low-code developers understand the purpose underlying governance. When employees perceive governance as supportive and not overly constraining, they are less inclined to engage in non-compliant behavior such as working around the control mechanisms or developing and using Shadow IT (Carroll and Maher, 2023). In turn, governance structures and mechanisms that address citizen developers’ need for autonomy can make governance more effective as they will produce more desirable behavior in individual employees (Bradley et al., 2012).
In order to further explore the EA governance challenges that result from LCDP use in terms of what, who, and how, we conducted an interpretive multiple case study, the design of which we will discuss in the next section of this paper.
Research approach
This study adopts an interpretive multiple-case study approach (Klein and Myers, 1999; Walsham, 1995; Yin, 2018) to examine how organizations integrate LCDPs within their EAM practices. Interpretive research suits investigations of how social actors in organizations make sense of technology-related phenomena in their specific contexts (Walsham, 2006). Rather than aiming for generalizability, our interpretive approach focuses on theoretical transferability and context-specific understanding. We explicitly acknowledge the role of researchers as interpretive agents who engage reflexively with participant narratives and organizational contexts (Klein and Myers, 1999).
Case selection
We selected three organizations from distinct sectors—financial, healthcare, and manufacturing—to capture a variety of contextual conditions that influence LCDP adoption and EAM practices. These sectors differ in regulatory environments, organizational complexity, and IT governance maturity levels, enabling theoretical comparisons across diverse settings. Selection criteria included significant experience with LCDPs and clear EAM structures, ensuring a rich analysis of interactions between centralized architectural governance and decentralized LCDP practices.
Although the study does not seek statistical generalizability, we did apply theoretical sampling principles (Eisenhardt, 1989) to enrich conceptual insights and deepen understanding of LCDP integration challenges. Additional cases could provide further insights, but we determined saturation based on the emergence of stable theoretical constructs across the three contexts.
The first case organization is a large bank operating across various countries in Western Europe, which we refer to as FinComp (a pseudonym, as we used for all case organizations). In 2017, they embraced Mendix in response to various challenges, including the escalating demand for tailored solutions to meet customer and employee needs and increasing shadow IT use among business users. Given the regulatory environment in which the bank operates, it recognized the imperative to curb shadow IT and identified Mendix as the optimal future-proof LCDP for its needs.
The second case organization is a leading medical and higher education institution in the Middle East, referred to as HealthComp. Their decision to adopt Mendix stemmed from a pressing need to expedite application development while working with few development resources. The initial lighthouse project with Mendix showcased its ability to facilitate rapid development, even with a small team of developers. With this project, they discovered that Mendix possessed greater capabilities than initially perceived, opening doors for substantial digital transformation efforts on larger projects.
The third case organization is a prominent global automotive and industrial supplier in Germany, referred to as ManuCorp. At this company, the adoption of LCDP (Mendix) in 2021 was part of a larger digital transformation initiative. ManuCorp’s commitment to digital transformation, strengthened by unwavering TMT support, propelled the widespread integration of Mendix across its operations. At the time of our study, over 30 applications had been developed, some of which utilized by over a thousand employees worldwide.
Contextual profile of cases (boundary conditions for theoretical replication).
Data collection
Our main data source consists of 27 semi-structured interviews conducted between October 2023 and March 2024. Interviews lasted between 45 and 90 minutes, were audio-recorded with participants’ consent, and transcribed verbatim. We purposefully sampled diverse roles (enterprise architects, IT managers, professional developers, and citizen developers) to capture multiple perspectives on LCDP integration into EAM. Accordingly, the protocol was structured into three thematic blocks (strategic, technical, operational) and, within each block, prompts were aligned to our governance lens (what to govern, who to govern, how to govern) as well as perceived implications for EAM goals (efficiency, flexibility, transparency, predictability). Interview questions were derived from prior literature and piloted in initial interviews (two per case); minor wording refinements followed while retaining these interviews in the final dataset. Appendix B provides the interview protocol. Although a unified interview protocol was used for consistency across the interviews, we made minor adaptions for each organization to address the context-specific nuances.
Overview of interviewees by case.
Data analysis
Within our data analysis we followed a hybrid thematic approach, combining template analysis (Crabtree and Miller, 1999) with an inductive refinement (Boyatzis, 1998). The data analysis was conducted in Atlas.ti. Our primary coding unit was a meaning unit, typically a sentence or short excerpt (often 1–2 sentences, occasionally longer where needed for context).
Phase 1: Template coding
Overview of deductive coding (incl. anchors in literature, description, and exemplary quotes).
Phase 2: Inductive refinement
Examples of emergent codes (incl. description and exemplary quotes).
We then consolidated and refined the codebook by resolving overlaps and clarifying boundaries between closely related codes, while retaining case-specific subthemes captured through inductive refinement. Building on these refined codes, we developed within-case summaries and case memos that linked governance challenges to observed governance mechanisms and supporting evidence.
Phase 3: Within-case synthesis
For each case, we developed structured case memos and within-case summaries that linked (i) governance challenges, (ii) observed governance mechanisms and practices, and (iii) supporting evidence. In parallel, we coded contextual boundary conditions as case-level attributes (regulatory intensity, LCDP maturity, integration complexity, scale of citizen development; Table 1) to enable systematic cross-case comparison.
Phase 4: Cross-case comparison
Cross-case mapping of challenges to strategy clusters, concrete practices, and outcomes.
Two researchers independently coded an initial subset of the data and reconciled differences through negotiated agreement, iteratively refining code definitions in a shared codebook and holding calibration meetings. To further strengthen robustness, we assessed inter-coder reliability on a stratified subset (two interviews per case; 286 meaning units/excerpts) that both researchers coded independently using the final codebook. Agreement was substantial (Cohen’s k = 0.73; Cohen, 1960; Landis and Koch, 1977). Remaining discrepancies were resolved through discussion and incorporated as minor refinements to the codebook (Appendix C).
To ensure interpretive rigor and trustworthiness, we adhered to several strategies (Lincoln and Guba, 1985). First, we conducted member-checking by sharing preliminary thematic summaries with key informants to confirm that our interpretations accurately reflected their experiences. Second, we periodically engaged in peer debriefings, reviewing segments of coded data and discussing potential biases or ambiguities in the coding scheme. Third, we maintained a transparent audit trail of coding iterations, memos, and analytical decisions in a shared repository, allowing us and other researchers to trace how final themes emerged from the raw data. Finally, we remained reflexive about our own positions as researchers, acknowledging subjective influences that might shape our interpretation of organizational actors’ accounts (Klein and Myers, 1999; Walsham, 2006).
Findings
Across all three organizations, LCDP adoption created a recognizable pattern: initial productivity gains were accompanied by governance tensions that existing EAM structures were not designed to handle. Characteristically, these tensions arose from the decentralization of development authority, as citizen developers claimed production capability outside traditional IT boundaries, organizations were forced to reconsider how centralized governance models could accommodate bottom-up development without losing coherence, security, or architectural integrity. The following section presents these findings in two stages. We first trace how each organization encountered and responded to governance challenges specific to its context, what needed to be governed, by whom, and through what mechanisms, before turning to a cross-case analysis that identifies the shared challenges, strategy clusters, and governance practices observed across the cases. The analysis is organized around the three governance dimensions identified in the literature: What to govern (the artifact and risk landscape), Who to govern (the actor configuration), and How to govern (the balance of centralized, top-down control and decentralized, bottom-up enablement) (Gregory et al., 2018; Tiwana et al., 2013).
Within-case analysis
LCDP adoption and use at FinComp
FinComp’s adoption of Mendix was a direct response to what respondents vividly described as an architectural “trauma”: the discovery of hundreds of unmanaged, end-user developed applications that had accumulated silently across the organization, creating serious regulatory exposure and data governance failures. Operating under high regulatory intensity and high integration complexity, the bank required a solution that would consolidate shadow development into a single, auditable environment. Mendix was selected because it met requirements for control, visibility and cloud-readiness. From the outset, governance emphasized proportionate control: every application is registered with minimal documentation, a Center of Excellence serves as a front door for triage, and standardized templates embed authentication and data-handling controls from the start. “There’s a bit of a trauma because we had like hundreds of unmanaged IT end user developed applications and there were huge problems, and our regulators were really telling us: get a grip, get control.” (F1).
What makes FinComp analytically distinctive is its governance evolution from strict centralization to a federated model. An initial centralized, top-down approach, with a central team controlling all development and enforcing formal review boards, created distance from business units and ultimately undermined the flexibility that justified LCDP adoption. The organization responded by separating “enabling” from “delivery”: the central team retained responsibility for the platform, toolchain, and guardrails, while development ownership shifted to business-facing teams. This federated approach also gradually opened space for citizen developers in a tightly regulated capacity, a notable evolution given that citizen development had originally been formally prohibited. FinComp thus illustrates how governance models must adapt iteratively, and how explicit delineation of responsibilities allows formal control and federated autonomy to coexist.
LCDP adoption and use at HealthComp
HealthComp adopted Mendix primarily to address a resource constraint: growing demand for specialized clinical applications clashed with a persistent developer shortage, forcing departments to rely on improvised Excel and scripting tools that introduced security and integration risks. The platform was scoped to campus service and non-critical workflows, with mission-critical clinical systems retained on traditional pro-code paths (i.e., conventionally programmed systems developed by professional software engineers). HealthComp’s trajectory is analytically distinctive because of a partial reversal: the Mendix footprint shrank from roughly 70 to 40% of new applications as currency fluctuations inflated licensing costs and eroded the platform’s cost-effectiveness rationale, making HealthComp a case in which external economic pressures forced explicit governance recalibration. “We faced a unique combination of increasing demand for specialized, department-specific applications, alongside very limited in-house developer capacity. Our main EHR system wasn’t designed to manage every specialized or unique workflow that individual departments needed. As a result, departments often relied on improvised solutions, typically using Excel or rudimentary scripting, which posed significant security and data integration risks.” (H9).
Governance at HealthComp evolved through a CoE-led participatory model that gradually drew citizen developers (e.g., nurse managers and senior administrative coordinators) into review and standards discussions. This participatory dynamic is the case’s principal analytical contribution: as citizen developers moved from passive rule-followers to active co-designers of governance standards, compliance improved and resistance diminished. HealthComp demonstrates how participatory governance can shift the perceived legitimacy of controls from externally imposed requirements to collaboratively developed guidelines, even in a resource-constrained and heavily regulated context where overall LCDP adoption remained mixed.
LCDP adoption and use at ManuCorp
ManuCorp’s adoption of Mendix in 2021 was simultaneously top-down and bottom-up: a corporate “digital acceleration” directive aligned with strong demand from business units seeking to replace shop-floor Excel and paper workflows with digital applications. This dual momentum produced the most extensive LCDP community among the three cases—over 500 employees across corporate IT, operations IT, factory-level teams, and regional sites—spanning use cases from small workflow replacements to larger supply chain management solutions. The breadth and geographic heterogeneity of this community, crossing multiple divisions and geographies, made coordination the central governance challenge. “One of the most significant hurdles was aligning the pace of innovation inherent in Mendix with our established enterprise processes. While Mendix allows for rapid prototyping and agile iterations, our legacy systems and internal governance models often operate on a slower timeline. This disconnect necessitated a delicate balance between speed and stability.” (M7).
ManuCorp’s key analytical contribution is a concrete instantiation of multi-tier governance at scale. The organization constructed a layered structure combining a central competence center for intake and triage, an EA board for architectural review of higher-risk designs, and regional “Mendix champions” who provided first-line support and local governance at the plant and country level. This approach resolved a coordination problem that neither purely centralized nor purely decentralized models could address: champions absorbed routine governance friction locally, maintained alignment between local practice and enterprise standards, and escalated only genuine exceptions. ManuCorp therefore illustrates how decentralized governance roles can be institutionalized to sustain architectural coherence as LCDP adoption scales across geographies and divisions.
Cross-case analysis: Challenges and strategies for governing LCDPs
Challenges
The introduction of LCDPs into enterprise environments generated governance challenges that cut across all three dimensions identified in prior literature: what is governed, who governs, and how governance is enacted (Gregory et al., 2018; Tiwana et al., 2013), Left unaddressed, these challenges erode the four architectural outcomes of EAM; efficiency, flexibility, transparency and predictability (Beese et al., 2023a). The following sub-sections trace each dimension as it emerged across the three cases.
What to govern: Proliferation, architectural drift, and security exposure
Across the three organizations studied, a predominant challenge was the widespread proliferation of decentralized, citizen-developed applications. Such applications frequently emerged outside established governance boundaries, generating an extensive landscape of shadow IT and leading to significant architectural divergence. A Product Owner at FinComp clearly illustrated the seriousness of this issue: “We’ve experienced significant challenges with shadow IT previously; people often built solutions using Excel and Access without our knowledge or control. Mendix applications followed a similar pattern, complicating our ability to ensure centralized governance and compliance.” (F1)
This proliferation intensified existing architectural complexity and strained governance processes as portfolios grew and organizations faced escalating difficulties managing their IT ecosystems. Reflecting on this, an enterprise architect from ManuCorp succinctly noted: “Every additional Mendix app increases complexity, making our governance processes increasingly challenging.” (M6)
Compounding these pressures, heterogeneous and inconsistent development practices and inadequate documentation drove the accumulation of technical debt, impacting long-term maintainability and amplifying operational inefficiencies. Describing this challenge from a practical standpoint, a systems analyst at HealthComp emphasized: “Technical debt has become a major concern because nobody adequately documents their apps. Eventually, this turns into a maintenance nightmare.” (H5)
Third, security exposure rose as citizen-developed applications were deployed and released without fully adhering to established security standards and protocols. This practice substantially increased organizations’ vulnerability to security threats. Highlighting the criticality of these risks, a senior product owner at ManuCorp explained: “We discovered significant security vulnerabilities because Mendix applications were often released without thorough security evaluations.” (M1)
The question of what to govern was further complicated by the breadth and heterogeneity of the application portfolios citizen developers assembled. Governance boundaries could not simply be drawn around high-risk systems; they had to extend to everyday workflow tools that, taken together, constituted the bulk of the portfolio. A professional developer at ManuCorp described the scope: “I think one major example is they have an Excel solution currently and they want to get rid of that Excel solution or paper and pen in the shop floor. I think that makes up to 80 or 90% of the applications our citizen developers are developing. And beside that, we have some bigger applications regarding supply chain management and stuff like that.” (M3).
Who to govern: Role ambiguity, coordination friction, and capability variability
The introduction and widespread adoption of LCDPs also altered organizational stakeholder dynamics by elevating citizen developers as influential actors alongside traditional EA and IT functions. This shift disrupted existing role partitions and created ambiguity regarding ownership, decision rights and limits of authority. A senior enterprise architect at FinComp illustrated the depth of this challenge clearly: “There is confusion about who owns governance now. Citizen developers create their apps independently, and suddenly, we have to decide—where does our responsibility stop, and theirs start? It’s becoming a significant source of tension internally.” (F8)
Role ambiguity frequently led to coordination and alignment challenges among key stakeholder groups, especially between business units, traditional IT departments, and the emerging citizen developer community. Differences in decision-making authority and ongoing conflicts over accountability created consistent organizational friction. An IT Manager at HealthComp clearly described the practical implications of these coordination challenges: “Constant conflicts arise about who has authority over citizen-developed applications. Business stakeholders often think it’s their call; IT sees itself responsible for infrastructure and risk, and citizen developers typically feel ownership over their solutions.” (H6)
Coordination friction also extended to resource allocation decisions that spanned functional and financial boundaries. At ManuCorp, governance responsibilities cut across operations and finance, requiring negotiated arrangements rather than unilateral authority: “Finance was alarmed by potential license cost overruns while operations wanted to deploy ten new apps across factories. We negotiated a partial cost-sharing model: once usage hits a threshold, that division covers part of the incremental license. Showing how the apps freed up scarce developer time helped ease the tension and let operations proceed.” (M9).
Additionally, governance effectiveness suffered due to wide variability in citizen developer competence and governance literacy. These developers constituted a diverse stakeholder group with varied professional backgrounds, inconsistent technical proficiency, and differing levels of understanding regarding governance requirements. Such variability increased complexity when organizations attempted to standardize governance practices, further intensifying organizational risks, especially related to security and regulatory compliance. An EA specialist at ManuCorp highlighted this challenge clearly: “Citizen developers range widely in their technical skills and understanding of governance. Some adapt quickly and become effective developers; others continuously struggle, and that inconsistency creates risks that are difficult for us to manage consistently.” (M4)
How to govern: Calibrating formal and informal control
A central challenge across all three cases was finding an effective balance between centralized, top-down control and decentralized, bottom-up enabling approaches. Across all examined cases, organizations consistently encountered significant challenges in establishing this balance. Approaches that were either overly centralized or insufficiently structured resulted in distinct but equally problematic outcomes.
The studied organizations initially emphasized centralized governance instruments such as stringent compliance requirements, detailed documentation, and centralized oversight. However, they quickly realized that these rigid control structures undermined the innovation and agility promised by LCDPs. Citizen developers, whose primary motivation was rapid innovation, often perceived top-down governance mandates as overly bureaucratic and obstructive, leading to frustration and reduced productivity. A domain architect at FinComp illustrated this challenge vividly: “When our governance became too prescriptive, citizen developers felt discouraged. The process grew cumbersome, completely eroding the agility we initially sought through Mendix. On the other hand, reducing controls excessively led to a proliferation of unmanaged, redundant applications, significantly raising complexity and risks.” (F4)
Conversely, relying too heavily on decentralized, bottom-up approaches without sufficient structure created equally significant problems. Such approaches, while initially appealing due to the freedom they offered developers, frequently led to uncontrolled application proliferation. Such uncontrolled growth exacerbated architectural drift, dramatically increased technical debt, and heightened organizational exposure to security threats. A senior Enterprise Architect at ManuCorp summarized this unintended consequence clearly: “Informal governance seemed attractive initially because it gave citizen developers freedom. However, without clearly defined standards or rules, we quickly faced severe issues: applications lacked consistency, documentation was ignored, and complexity rapidly became unmanageable.” (M9)
A further challenge was weak legitimacy; when communication was neither clear nor supportive, developers viewed governance mandates as arbitrary obstacles rather than necessary guidelines. These perceptions fostered resentment, undermined compliance, and severely diminished the effectiveness of governance initiatives. An IT Project Manager at HealthComp articulated this issue explicitly: “Many developers did not understand the governance requirements or their importance. To us, governance felt like unnecessary bureaucracy rather than meaningful oversight. Consequently, compliance became minimal or superficial, and developers often bypassed rules altogether.” (H10)
Relatedly, perceptions of loss of autonomy under top-down control structures diminished citizen developers’ intrinsic motivation, creativity, and overall job satisfaction; turning potential innovators into passive participants or even active resistors. An IT Manager at ManuCorp described the impact: “Developers felt their creativity was curtailed. Instead of innovating, they became passive and disengaged. Governance should empower developers, but under our centralized approach, this message was not effectively conveyed.” (M7)
In conclusion, our cross-case analysis identifies LCDP-related EA governance challenges that span three intertwined dimensions: what is governed (proliferation, technical debt, and security exposure), who is involved (role ambiguity, coordination friction, and capability variability), and how governance is enacted (balancing centralized, top-down control with decentralized, bottom-up enablement, and building legitimacy for governance mandates). Together, these challenges (if left unattended) negatively affect each of the architectural outcomes identified in the literature (Beese et al., 2023a): efficiency is threatened by redundancy and technical debt, flexibility by over-centralization, transparency by shadow IT and portfolio opacity, and predictability by security vulnerabilities and unchecked architectural drift.
Strategies
Table 5 provides an overview of the strategic responses to these challenges we found across the different case studies, organized according to the following concepts: - The governance dimension to which the strategic response pertains (what, who, or how); - The challenge to which the strategy is a response, which refers to an outcome of LCDP use that challenges traditional centralized governance; - The strategy cluster, referring to a collection of formal instruments and informal practices that together form a strategic response to the challenge; - The mechanism that links the strategy cluster to architectural outcomes; - The instruments and practices that are part of the strategy cluster; - The changes in architectural outcomes that are a result of the strategic response.
Across cases, we observed that the effectiveness of governance initiatives designed specifically to manage and mitigate challenges resulting from LCDP use did not hinge on control alone or enablement alone. Rather, effective governance encompassed portfolios in which formal structures, rules and gates were deliberately paired with informal coaching, participation, and community routines. Together, these clusters establish the balance that allows organizations to protect architectural integrity and regulatory conformity while sustaining the speed and local initiative that drive value from low-code development.
Visibility and portfolio hygiene
A first strategy cluster focuses on restoring and maintaining visibility over the expanding landscape. Organizations introduced formal instruments such as mandatory application registration, a minimum documentation set that records ownership, data classification, periodic audits for citizen-developed applications, and scheduled portfolio reviews to retire duplicates and obsolete solutions. As one developer from FinComp described: “By enhancing our auditing capabilities and requiring detailed documentation for every Mendix application, we substantially improved our oversight and reduced governance risks.” (F3)
These measures were complemented by informal practices that made visibility a shared norm rather than a compliance burden, including lightweight documentation templates and community “show and tell” sessions where teams explained what they had built and how others might reuse it. By pairing these elements, organizations improved the completeness of their inventories and strengthened data lineage without impeding local initiative; visibility became an enabler of reuse and quality rather than a brake on speed.
Governance frameworks and pragmatic guardrails
A second cluster centers on the articulation of governance frameworks that are specific to low-code development. The formal side of this cluster comprises clear guardrails and exception procedures that set expectations for design, integration, and release. The informal side comprises co-design with business stakeholders and citizen developers, and rapid advisory channels that translate rules into workable guidance. This pairing ensured that standards were both legitimate and usable. Guardrails preserved architectural coherence, while participatory refinement and timely advice sustained momentum and reduced resistance to governance decisions.
Security by design and enablement
A third cluster addresses the risk posture of the organization. Formal instruments included risk-tiered pre-release checks proportionate to data sensitivity and business criticality, separation of environments, mandatory security training and certification for citizen developers, standardized checklists and secure starter templates. Informal practices included the routine use of secure defaults, peer coaching and walkthroughs that diffused good practice, and proactive flagging of risky patterns during design and review. In combination, these elements reduced the critical vulnerabilities and raised adherence to secure configurations while preserving cycle times. Security was not treated as an afterthought but as an integral part of development routines.
Role redefinition and alignment of decision rights
A fourth cluster clarifies who owns what along the low-code lifecycle from ideation to retirement. Organizations codified responsibilities through a responsibility—accountability approach and formal governance that redefined the role of EA and IT from centralized gatekeepers or controllers toward supportive roles that emphasized mentorship, collaboration, and facilitation. These formal approaches were reinforced by informal mentoring between architects and citizen developers and by boundary-spanning routines. The combination reduced decision latency and the frequency of escalations, because ownership was clear on paper and enacted in practice through repeated collaboration. An Enterprise Architecture Leader at FinComp explained the strategic rationale behind this shift: “We realized our role could no longer remain purely controlling. Now, we proactively mentor and support citizen developers, providing them guidance rather than only restricting them. It’s improved collaboration and made governance feel less punitive.” (F7)
This shift was enacted concretely through structural redesign. At FinComp, the organization separated the enabling function from the delivery function, clarifying accountability while preserving the agility that motivated LCDP adoption in the first place: “We basically have split what we call ‘enabling from delivery’. So I’m currently with my team as a central team responsible for the enabling, so I provide Mendix as a platform, I provide CICD tooling, I provide standard guidelines, FinComp-specific building blocks that you don’t get out of the box (…). And then others are realizing the delivery side, so they are focusing on just Mendix development and delivering managed solutions.” (F1).
Center of Excellence and participatory governance
A fifth cluster provides the coordination infrastructure for scaling. Formally, organizations created CoEs that served as the hub for intake and triage, stewardship of standards, curation of reusable assets, and review of expectations. They formally established participatory forums; within these forums business units, IT, and citizen developers informally co-maintained the standards backlog, surfaced frictions early, and co-developed remedies. A Senior Manager at HealthComp highlighted the strategic importance: “Establishing our CoE was critical—it provides clarity, training, and governance oversight, which bridges the gap between the agility our business users seek and the governance discipline IT demands.” (H7)
Where the CoE model was most effective, it pulled citizen developers into governance discussions rather than simply subjecting them to governance rules. The effect was a shift in the identity of citizen developers within the organization, as captured at FinComp: “One of the most positive changes we’ve observed is how citizen developers have become integral to our governance discussions.” (F6).
Capability building and permissioning linked to competence
A sixth cluster develops skills and aligns permission scope to demonstrate competence. Formal measures included a rolled-out capability building for citizen developers, targeted training and development interventions that raised technical proficiency and governance literacy and improved consistency. In the healthcare sector, establishing participatory governance forums significantly improved developer attitudes, as a senior IT project manager emphasized: “Citizen developers were actively included in governance meetings and encouraged to share their perspectives. This direct involvement substantially improved both compliance and commitment, as governance standards shifted from being externally imposed rules to collaboratively developed guidelines. Developers began to feel ownership, dramatically reducing resistance.” (H10)
Together these instruments and practices improved first-time quality, reduced security and quality defects in novice applications, and created credible pathways for growth. Autonomy increased as individuals and teams demonstrated proficiency, which in turn reinforced the legitimacy of the permission model. A Training Coordinator at ManuCorp described outcomes: “Our training programs have had a tangible impact. Citizen developers are now better equipped technically and far more aware of their governance responsibilities, transforming them from potential risks into valuable, compliant contributors.” (M2)
Balanced portfolio and risk-tiering
A seventh cluster calibrates the depth of control to the level of business and technical risk. Formally organizations defined tiers that distinguish prototypes, departmental solutions, and enterprise-critical applications, with proportionate gates that remain lightweight for low-risk work and become more thorough for high-risk changes. Informally, teams conducted retrospectives to refine thresholds and practices. This hybrid approach provided adequate oversight while preserving the innovative potential offered by LCDP initiatives. A Senior Enterprise Architect at FinComp articulated the approach: “Our refined governance approach combines clear, formal standards and periodic compliance audits with informal elements like peer reviews and developer communities. This carefully managed balance maintains architectural integrity without hindering developers’ agility or creativity.” (F5)
Transparent communication and use of exemplars
An eighth cluster builds legitimacy and fosters voluntary compliance. Formal mechanisms included timely notices of policy changes and a single, authoritative repository for guardrails and patterns. Informal mechanisms included narratives that explain the rationale behind rules, walkthroughs of applications that illustrate how to comply without sacrificing usability. An Enterprise Architect at ManuCorp explained the impact: “We changed our approach to communication by explicitly explaining the benefits of governance and framing it positively as enabling safe innovation. This transparency significantly improved developer attitudes—governance was perceived as supportive, which noticeably reduced resistance and encouraged greater collaboration.” (M8)
A cross-case comparison reveals that all three organizations converged on these same strategy clusters. However, the cases differed in emphasis and configuration. FinComp placed the greatest weight on security-by-design and visibility, driven by a regulatory trigger; the discovery of hundreds of unmanaged applications that prompted direct intervention from regulators. HealthComp’s most distinctive strategic response was CoE-led participatory governance: citizen developers (nurse managers, senior administrative coordinators) were drawn into standards discussions rather than merely subjected to governance rules, producing unusually strong perceived legitimacy and voluntary compliance. ManuCorp presented the most elaborated risk-tiering system, constructing an explicit three-tier architecture (prototype, departmental, enterprise-critical) that allowed the organization to match the depth of assurance requirements, documentation standards, security checks, and architectural review, to the actual risk level of each application. Across all three cases, governance effectiveness emerged from a deliberately composed portfolio rather than any single control lever, combining formal instruments with informal enabling practices. The formal instruments supply the clarity, traceability and safeguards that support enterprise-level coordination and control. The informal elements cultivate capability, legitimacy, and shared ownership, which makes adherence durable and adaptive. It is the deliberate coupling of both that establishes the balance between centralized oversight and decentralized innovation required for low-code development to scale in a sustainable manner.
Mechanisms
The strategy clusters described above, each comprising a set of governance instruments and enabling practices, do not work in isolation, nor do they produce improvements simply by being present. Something must connect the activation of a cluster to observable changes in organizational behavior and architectural outcomes. We refer to these connective processes as mechanisms: the causal structures that explain how a governance activity reliably generates a particular outcome. Following Henfridsson and Bygstad (2013: 911), a mechanism is not the practice itself but the generative logic through which the practice works. For instance, mandatory application registration is a practice within the visibility and portfolio hygiene cluster; the mechanism it activates is information symmetry, the condition in which architects, governance boards, and citizen developers share an accurate, current picture of the application landscape. It is that condition, not the registration act alone, that enables reuse, reduces drift, and supports risk-tiering decisions. Across the three cases, our data reveal five mechanisms through which the portfolio of strategies translates governance activity into improved EAM outcomes.
First, information symmetry and shared situational awareness emerge when mandatory registration, minimal documentation standards, and portfolio hygiene are paired with coaching and community demonstrations. These instruments and practices make the application landscape visible, clarify lineage, and enable reuse, directly addressing the proliferation and opacity challenges in the what dimension.
Second, the perceived legitimacy of governance increases when guardrails are transparent, proportionate, and shaped with user participation, and when a CoE provides timely advice and explains the rationale behind rules. Under such conditions, rules are experienced as reasonable and usable, which reduces resistance and workarounds, resolving the legitimacy challenges in the how dimension.
Third, developer capability grows when tiered learning pathways and permission scopes are tied to demonstrated competence and reinforced by hands-on application and the sharing of proven patterns. Capability is a proximal driver of first-time quality and governs the quality risk associated with citizen developer variability in the who dimension.
Fourth, enacted alignment of decision rights occurs when responsibilities across the low-code lifecycle are clearly codified and put into practice, reducing decision latency and the need for escalation. This mechanism directly resolves the role ambiguity and coordination friction challenges identified in the who dimension.
Fifth, secure-by-default development conditions arise when risk-tiered checks, environment separation, and policy-conformant pipelines are embedded in everyday work and supported by secure templates and targeted training. These conditions reduce severe vulnerabilities without imposing unnecessary delay, directly addressing the security and compliance challenges in the what dimension.
The five mechanisms are not independent but mutually reinforcing, elements of a single causal infrastructure. Information symmetry creates the shared situational awareness that makes legitimate rule-setting possible, guardrails experienced as proportionate and transparent depend on the visibility that registration and portfolio hygiene provide. Legitimacy, in turn, enables capability development: citizen developers engage seriously with learning pathways and permission structures only when governance is perceived as reasonable rather than obstructive. Capability reduces escalation load, which allows decision-right alignment to function efficiently. When developers can resolve issues at their own tier, the need for escalation to architects or governance boards diminishes. Finally, information symmetry completes the loop by making secure-by-default conditions operational: embedded pipeline checks and environment separation work as intended only when the application landscape is sufficiently visible and documented. It is through these interdependencies, not through any single instrument or practice in isolation, that the strategy portfolio produces durable improvements in EA outcomes. A portfolio that activates all five mechanisms simultaneously generates a governance dynamic that is qualitatively different from one that relies on any subset: the mechanisms amplify each other, and their joint activation is what distinguishes governance that sustains itself over time from governance that requires constant manual enforcement. The mechanisms are thus not merely correlates of governance effectiveness but the causal structures through which strategy clusters produce EA outcomes and because they are mutually reinforcing, activating the full portfolio generates a self-sustaining governance dynamic that no individual mechanism could achieve in isolation.
It is important to note that the centralized–decentralized and formal–informal dimensions of governance, while related, are analytically distinct. Centralized versus decentralized governance concerns the locus of control: centralized governance concentrates decision-making authority in a single unit or role—such as a Chief Architect or central EA office—while decentralized governance distributes authority across business units, project teams, or individual developers (Boh and Yellin, 2006; Gregory et al., 2018). Formal versus informal governance, by contrast, concerns the mode of control: formal control relies on explicit standards, performance evaluation, and hierarchical enforcement, whereas informal control originates from intrinsic motivation, self-regulation, and interpersonal interaction (Beese et al., 2023b; Ouchi, 1979). These two dimensions are orthogonal: a centralized governance model may employ informal mechanisms (as when a Chief Architect builds norms through coaching rather than mandates), and a decentralized model may use formal controls (as when distributed business units are each required to complete structured risk assessments). Our findings show that organizations responded to LCDP governance challenges not by choosing between these orientations but by composing portfolios that combined centralized instruments with informal enabling practices—a configuration our data suggest is distinctively effective for governing citizen development.
Discussion and conclusion
This study examined how organizations integrate LCDPs into established EA and, in doing so, surfaced a set of governance challenges that concern what is governed, who is governed, and how governance is enacted. When unaddressed, these challenges erode core EA outcomes in terms of efficiency, flexibility, transparency, and predictability. Our cases, however, also revealed that organizations can mitigate such effects when they treat governance not as a single lever but as a deliberately composed portfolio that pairs formal instruments with informal practices. LCDP-built applications increasingly reach beyond the enterprise, embedding themselves in cross-firm interfaces, data contracts, and compliance obligations. This means the governance portfolio cannot remain internally focused: visibility, guardrails, role clarity, and secure-by-default conditions must be negotiated with external partners, not only enforced within the firm.
A conceptual model of balanced governance
We propose a conceptual model (Figure 1) that depicts governance as a dynamic sequence in which the use of LCDP creates challenges for EAM that (if unresolved) lead to negative EAM outcomes. This negative impact on architectural outcomes requires a response from the organization in the form of strategy clusters (consisting of formal instruments as well as informal practices), which in turn mitigate the negative architectural outcomes. Balanced governance of LCDP.
The sequence is not linear but adaptive: outcomes feed back into the portfolio and risk assessment, prompting recalibration as conditions change. The portfolio itself is formative rather than reflective. Each constituent element—whether a formal instrument (e.g., a rule or a structure), or an enablement practice, adds a distinct capability; removing one alters the character of governance rather than merely diminishing its strength. For instance, visibility without risk-tiering yields inventories with no prioritization, assurance without legitimacy invites workarounds and exceptions, enablement without permissioning elevates exposure, and policy-as-code without role clarity produces brittle automation. The relevant counterfactual is therefore not less governance but different governance, with a distinct pattern of risks and behaviors.
The model is explanatory rather than merely descriptive: it traces the causal path from governance challenge, through strategy cluster and activating mechanism, to EAM outcome—making visible why specific governance combinations work, rather than simply documenting that they do. Challenges about what is governed (architectural drift, shadow development, and security exposure) materialize as portfolio opacity, loss of lineage, and heightened incident likelihood. In our cases, these conditions were durably improved only when visibility and portfolio hygiene were paired with reusable engineering assets, risk-tiered guardrails, and security enablement embedded in everyday work. Challenges about who is governed emerge as citizen developers emerge and role boundaries with professional developers shift. Here the risks are unclear accountability, variable quality, and misaligned incentives. These were mitigated when responsibilities across the life cycle were explicitly redistributed and enacted through a visible hub that offered advice and triage, when permission to build was linked to demonstrated competence rather than job title, and when exemplars and decision rationales were made transparent. Challenges about how governance is enacted concern the tension between control and flexibility. Over-reliance on formal control suppressed innovation, whereas over-reliance on informal enablement fragmented the landscape.
Viewed through this lens, the central insight is not a list of practices but a mechanism-based explanation of how enterprise architecture governance works under decentralized development. The model specifies that governance effectiveness arises from complementarities among formal instruments and informal practices, from the activation of five mechanisms and from a feedback loop that keeps the portfolio adaptive. These features distinguish this explanatory account from traditional, control-centric guidance and from generic calls for “balance” by identifying the concrete mechanisms through which balance is achieved and sustained.
Future of IS in the enterprise
The governance challenges documented in this study are not peculiar to low-code/no-code platforms, nor will their resolution conclude the organizational struggle they represent. LCDPs are better understood as a recent, high-visibility instance of a structural shift in enterprise IS that has been underway for decades: the progressive decentralization of software production capability to organizational actors who operate outside the boundaries of professional IT. This movement originates in end-user computing in the 1980s, intensified through shadow IT and the consumerization of technology, and reached a new inflection point with the enterprise adoption of LCDP suites. It is now continuing into a qualitatively different phase—AI-assisted and, increasingly, agent-driven software generation.
Generative AI tools are entering the enterprise at scale, enabling developers and non-developers alike to produce software artifacts at a velocity that was previously unimaginable. Controlled studies report productivity gains of 55–80% in individual coding tasks (Peng et al., 2023), and industry data suggest that the majority of developers in large organizations now accept AI-generated code suggestions routinely (Accenture, 2024). The governance implications are structurally analogous to those this paper examines: dispersed authorship, portfolio opacity, and the erosion of centralized oversight. Yet the challenge is qualitatively more severe in one critical dimension. Where LCDPs made the existence of applications opaque (in terms of who built what, where it lives, what it connects to), AI-assisted development makes the logic of applications opaque. Code generated by large language models may be syntactically sound, pass automated testing pipelines, and satisfy functional requirements, while no human actor in the organization fully comprehends the reasoning or the assumptions it embodies. This condition has been conceptualized as knowledge debt: the accumulated shortfall in organizational understanding that arises when development practices optimize for output velocity at the expense of human comprehension (Behutiye et al., 2017; see also Beese et al., 2023a, 2023b). Whereas traditional technical debt (Cunningham, 1992) accumulates as a shortfall in code quality or maintainability, knowledge debt accumulates as a shortfall in organizational understanding of what the code does and why—an emergent and largely invisible liability that arises not from poor code but from the structural absence of comprehension at the moment of creation.
The implications for enterprise architecture management as a governance domain are significant. The five mechanisms our findings identify—information symmetry, perceived legitimacy, developer capability, enacted decision-right alignment, and secure-by-default conditions—will not become irrelevant as AI enters the development pipeline. They will intensify and need to be reconfigured. Information symmetry already demands investment in visibility practices, portfolio hygiene, and transparency infrastructure; in an AI-augmented context, visibility must extend beyond what exists to whether what exists is understood and by whom. Developer capability, correspondingly, can no longer be understood primarily in terms of build skill; it increasingly requires what Collins and Evans (2007) term interactional expertise, the ability to interrogate, audit, and critically evaluate artifacts that AI tools produce but humans must maintain, explain to regulators, and modify in response to failure. Decision-right alignment faces perhaps the sharpest reconfiguration: as AI agents begin not only assisting but initiating architectural decisions in enterprise IS, who governs the governor becomes a first-order EAM problem rather than a philosophical afterthought.
Enterprise architecture management thus faces a dual imperative in the coming years: consolidating the governance knowledge generated by citizen development waves, as this paper attempts to begin, while simultaneously building institutional capacity to govern the next wave before its opacity accumulates to the point of irreversibility. Accenture (2024) already estimates the annual cost of technical debt to U.S. enterprises at $2.41 trillion, with 41% of executives identifying AI as a primary contributor. These figures predate the enterprise adoption of autonomous AI agents at scale. The discipline of IS is well positioned to contribute to this governance challenge. Doing so, however, will require extending the theoretical vocabulary of enterprise governance beyond the governing of artifacts and actors toward the governing of understanding itself, a frontier for which neither practice nor research currently has adequate instruments.
The conceptual model and five governance mechanisms developed in this paper represent a starting point for meeting that challenge: by specifying the causal structures through which governance portfolios produce EA outcomes, they offer a vocabulary that can be extended to the governance of AI-generated artifacts and to the “understand-how” governance gaps that emerging technologies continue to create.
Theoretical contributions
From a theoretical perspective, our findings suggest that traditional EAM governance approaches, primarily based on centralized approaches focusing on formal controls, are insufficient to manage the speed and flexibility introduced by LCDPs. This aligns with recent work that calls for governance models capable of balancing formal control with informal, participative mechanisms, in particular, with the notion of control mechanism portfolios as “situated combination(s) of any number of (…) control mechanisms” (Beese et al., 2023b: 95). Effective EA governance requires attending to two orthogonal dimensions: the locus of control (centralized vs decentralized) and the mode of control (formal vs informal)—dimensions that are conceptually distinct yet frequently conflated in the EAM literature (Beese et al., 2023b; Boh and Yellin, 2006; Ouchi, 1979). Our findings show that sustainable governance does not simply balance these dimensions but rebundles them: the five mechanisms constitute a portfolio in which formal and informal complements operate simultaneously across both loci, generating outcomes that neither dimension could produce alone. Our findings reflect precisely this orthogonality: the governance portfolios we observed pair centralized instruments with informal enabling practices, rather than treating centralization and formalization as a single axis. Our evidence shows that the introduction of LCDPs triggers precisely such a recomposition: organizations do not abandon control so much as rebundle it, pairing rules, structures and risk-tiered assurance checkpoints with enablement, participation, and community routines. The contribution of our work, however, goes beyond endorsement of “balance.” We specify how balance works. First, we conceptualize governance as a formative, adaptive portfolio rather than a reflective set of levers: removing a component alters the nature of governance rather than merely weakening it. Second, we identify mechanisms through which the portfolio takes effect and we show how outcomes feed back to recalibrate the portfolio over time. Together, these elements advance portfolio thinking in EA from a general call for balance (Beese et al., 2023b) to a mechanism-based theory of how complements among formal and informal elements generate a durable governance.
The study also contributes to the literature on LCDPs by placing governance, rather than adoption or productivity alone, at the center of analysis. Prior research has emphasized drivers, productivity gains, or user experiences; governance challenges have been comparatively underexplored. Carroll and Maher (2023) previously highlighted the need to balance control with the perceived autonomy of low-code developers. We extend this insight by showing how organizations accomplish that balance in practice: architectural oversight and compliance frameworks are coupled with citizen developer enablement and knowledge sharing, and permission to build is linked to demonstrated competence rather than job title. The result is not a compromise between control and autonomy but a reconfiguration in which autonomy is rendered safe through legitimacy, capability, and proportionate guardrails.
More broadly, the study advances research on EAM by clarifying how emergent decentralized technologies reshape governance beyond the familiar top-down versus bottom-up dichotomy. Prior work has recognized the value of bottom-up approaches alongside hierarchical control (e.g., Cammin et al., 2021; Drews et al., 2017; Kotusev et al., 2024) yet has not fully addressed how technologies that enable user-driven development alter the composition and operation of control portfolios. By unpacking the challenges that LCDPs create across what, who, and how to govern, we explain how such technologies intensify the long-standing tension between local systems development and enterprise-wide objectives (Beese et al., 2023a; Sidorova and Kappelman, 2011) and we specify which combinations of mechanisms resolve that tension without sacrificing speed. In doing so, we offer technology-agnostic guidance that travels to other democratizing, AI-augmented settings, where visibility and provenance, perceived legitimacy of guardrails, competence-linked permissioning, enacted decision rights, and security embedded as routine are likewise decisive for governance effectiveness. By specifying the causal structures through which governance portfolios produce EA outcomes, the conceptual model also offers a starting vocabulary for the “understand how” governance challenge that AI-assisted development creates: it establishes the mechanistic logic that future research will need to extend as development authority continues to shift toward non-human actors.
Implications for practice
Practically, the paper argues for treating governance as a deliberately composed portfolio rather than a single control lever: practitioners should make the application landscape visible with a registry and minimal, purpose-built documentation that clarifies ownership, data sensitivity, dependencies, and lineage; they should make guardrails transparent, proportionate, and co-designed, and support their use through a CoE that functions as an intake, triage, and enablement hub. Further, they should align decision rights across the lifecycle and shift enterprise architects from gatekeepers to guides. Crucially, practitioners should make the portfolio adaptive: instrument a small set of outcome signals, and use them to recalibrate tiers and guardrails, retire redundant solutions, and adjust roles and routines on a regular cadence. As natural-language and agentic development (“vibe coding”) accelerates change, they should extend visibility to provenance (which models, prompts, and datasets produced which artefacts under which policies), enforce guardrails as policy-as-code at build time and runtime, evolve the Center of Excellence into an orchestration hub that stewards prompts, patterns, and runtime policies, and adopt log-driven alignment testing to detect policy violations, bias, and safety regression.
Limitations and future research
This study is based on an interpretive, multiple-case study centered on organizations adopting low-code development platforms within established enterprise architectures. While the design is well suited to uncover mechanisms and configurations, it limits causal inference and generalizability. The cases capture a particular maturity window, rely partly on retrospective accounts, and are situated in specific industries and regulatory environments; selection effects, social desirability, and platform-maturity differences may therefore shape what we observed. Our constructs, especially the balanced governance portfolio and its mechanisms, were operationalized qualitatively; although we triangulated across interviews and artefacts, construct validity and boundary conditions warrant further scrutiny. Finally, focusing on low-code platforms as the empirical lens leaves open how far the model travels to other democratizing, AI-augmented technologies.
Future research should build on these constraints in three directions. First, develop and validate measurement instruments for the portfolio and its mechanisms and relate them to outcome indicators such as innovation throughput, assurance, architectural health, and efficiency of governance effort. Multi-method designs that combine surveys, portfolio metadata, runtime logs, and incident records can support moderated-mediation tests and establish when effects strengthen or attenuate (e.g., under different regulatory stringency). Second, future research could pursue longitudinal and intervention studies to examine adaptation and feedback in the portfolio over time. Third, future research may extend the model beyond low-code platforms to code copilots, foundation-model services, and natural-language “vibe coding,” with particular attention to provenance capture, observability-led alignment testing for policy violations and safety drift, the migration of decision rights in mixed-initiative workflows, and the emergence of new stewardship roles.
Supplemental material
Supplemental material - Lost in decentralization? Governing emerging technologies within enterprise architecture
Supplemental material for Lost in decentralization? Governing emerging technologies within enterprise architecture by Edona Elshan, Bart van den Hooff in Journal of Information Technology.
Footnotes
Acknowledgements
We want to thank the contributions of Ashly Mak for their helpful insights and assistance with the data collection in the interview phase as well as the organizers and authors of the Pre-ICIS Workshop 2024 for their feedback and thoughts.
Ethical considerations
Ethical approval was not required.
Consent to participate
Verbal.
Consent for publication
Cases anonymized.
Author contributions
Both authors contributed equally to this paper.
Funding
The authors received no financial support for the research, authorship, and/or publication of this article.
Declaration of conflicting interests
The authors declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.
Supplemental material
Supplemental material for this article is available online.
Author biographies
References
Supplementary Material
Please find the following supplemental material available below.
For Open Access articles published under a Creative Commons License, all supplemental material carries the same license as the article it is associated with.
For non-Open Access articles published, all supplemental material carries a non-exclusive license, and permission requests for re-use of supplemental material or any part of supplemental material shall be sent directly to the copyright owner as specified in the copyright notice associated with the article.
