The new architecture of trust

Business leaders understand that trust is good for business. In a recent PwC US survey, more than 90% of executives agreed that trust improves the bottom line. What fewer may fully grasp is just how difficult—yet how essential—it will be to build and protect trust in the tumultuous decade ahead.

Difficult because stakeholder expectations are expanding in multiple directions. Today’s customers don’t just expect great products at fair prices. They want transparency on environmental and social impact, data protection, and how AI is deployed. Employees, investors, suppliers and governments also expect clarity on these and a host of other issues.

Trust is essential because most companies will need to reinvent their business and operating models over the next ten years. AI, climate change and other megatrends are reshaping the industrial system and redefining what it takes to compete. Companies that get reinvention right will find new sources of growth. But reinvention will not succeed without a foundation of trust.

So, how can today’s leaders make trust a durable, strategic asset? By focusing on three imperatives:

• Operational trust: enables efficient operations, confident decision-making and high customer satisfaction. It is based on implementation of systems and processes that combine reliability with agility.
• Accountability trust: enables high-quality reporting and confident communications by meeting regulatory requirements and stakeholder expectations with precision and integrity.
• Digital trust: allows companies to maximise the potential of AI and other technologies by protecting sensitive data, maintaining secure operations, and using digital tools responsibly and ethically.

CEOs and boards can build and protect trust by creating a robust trust architecture supporting each of these areas. The building blocks are data, processes and controls—once in place, they’ll enable the business to deliver reliable outcomes on issues that matter.

Pandemic. War. Geopolitical fracture. Climate change. Cyberattacks. Deepfakes. Each of these has increased suspicion and eroded trust across the global economy. Recent sweeping tariffs are the latest trust challenge, obliging companies to reconfigure supply chains without alienating suppliers, revisit pricing models without losing customers and revise financial forecasts while maintaining confidence among investors.

Not only is the external environment becoming more volatile, but stakeholder expectations are fragmented and shifting. Changing expectations are behind an unprecedented wave of new regulations and standards on issues as diverse as cybersecurity, biodiversity, corporate tax and responsible AI. Among the most significant: the EU’s Corporate Sustainability Reporting Directive (CSRD) and International Sustainability Standards Board (ISSB) reporting framework; the EU’s Cyber Resilience Act, the EU Artificial Intelligence Act, and the US National Institute of Science and Technology AI Risk Management Framework; and the OECD Pillar Two model tax rules and the EU’s country-by-country tax reporting.

Yet ensuring compliance, although essential, is only table stakes. To build the reserves of trust they’ll need in order to reinvent their businesses, leaders must look beyond regulation to understand why change is happening, discerning the outcomes that matter to key stakeholders and the implications for investments and commitments they need to make.

Building an ecosystem to support a new digitally enabled business model? It won’t happen unless ecosystem partners trust your cybersecurity. Launching a new climate-friendly product line? Better make sure your greenhouse gas emissions data can withstand scrutiny. As for that transformative acquisition, investors will balk unless they trust your team—and investor trust today is built on engagement with issues that extend far beyond financial performance.

Trust starts with competence. To earn the trust of customers, employees, investors, suppliers and governments, companies need to reliably produce outcomes on issues that matter to these stakeholders. Their ability to do so is underpinned by a trust architecture comprising data, processes and controls. And that architecture applies across the three areas outlined above and described in detail below: operational trust, accountability trust and digital trust.

The management challenge is that responsibility for trust is reactive and siloed. Leaders in distinct functional areas (e.g., supply chain, cybersecurity, sustainability, tax) are beyond busy responding to the latest external event or regulation. They don’t have time or a mandate to consider the big picture.

Trust therefore needs to be prioritised as a boardroom topic and considered as a core element of the company’s value creation recipe, alongside quality, efficiency and innovation. Put simply, governance of trust rests with those responsible for governance—namely, corporate boards.

In practice, the three pillars are deeply interconnected. Investments in cybersecurity and responsible AI don’t protect solely against gut-wrenching breakdowns of digital trust. They can also drive performance by enabling deeper collaboration with value chain partners and adoption of AI tools.

Or consider the first wave of CSRD reports published this year and the gulf between those ‘good enough’ to meet the regulatory obligation and those issued by companies making a deeper commitment to sustainability. For the latter group, the investment in sustainability data, processes and controls is not motivated by CSRD compliance alone (accountability trust). It is a future-focused commitment to support business decision-making, risk mitigation and innovation (operational trust).

• Operational trust enables efficient operations, confident decision-making and high customer satisfaction. It is based on implementation of systems and processes that combine reliability with agility.

Look no further than recent tariff announcements for evidence that operational trust is dependent on strong data, processes and controls. Companies with advanced systems—built on modern cloud infrastructure and data platforms—were able to react more quickly when tariffs were announced. Why? Because they had better visibility into real-time flows of materials, country-of-origin data and product classifications in their supply chains. Leaders could model scenarios and make decisions with a higher degree of confidence.

The enterprise resource planning (ERP) and other core performance systems that enable this type of agility are on the cusp of a revolution. ERP systems are not going away anytime soon, but they are becoming part of a new, rapidly expanding ecosystem of AI-native applications. For example, in a recent PwC US survey of operations executives (PwC’s 2025 Digital Trends in Operations Survey), more than half said they were using AI to anticipate and mitigate supply chain disruptions, and another third said they were testing and piloting AI for these purposes.

How companies manage this wave of innovation across their core performance systems will have profound implications for their ability to build and maintain operational trust. AI is likely to generate trillions of dollars in annual cost savings and productivity driven by automation, predictive analytics and operational efficiencies. Add to this the potential for new AI-enabled revenue streams and business models. The biggest risk to operational trust may be not taking AI’s potential seriously enough.

One large manufacturer we know has invested for more than a decade in remote sensor technology to provide real-time information on the status of its production environments. This has strengthened operational trust by giving managers access to immediate, high-quality data on which to base decisions about how to optimise operations. Now the company is adding agentic intelligence—semi-autonomous AI agents that can make sense of complex data, identify cause and effect, and make decisions within preset boundaries. Operational trust will be further strengthened as AI agents constantly monitor production flows, interpret deviations, trigger remedial actions and alert managers.

• Accountability trust enables high-quality reporting and confident communications by meeting regulatory requirements and stakeholder expectations with precision and integrity.

Accountability requires a fact base accepted as trustworthy by all parties. Achieving that is easier said than done. Companies have spent decades refining the data, processes and controls that underpin reliable, error-free financial reporting. Now they are under pressure to quickly deliver transparency and compliance in new areas of business.

Take sustainability. In PwC’s Global Investor Survey 2024, more than 70% of investment managers and analysts said that companies should embed sustainability directly into corporate strategy. To do this, leaders need to have a firm grasp of the sustainability-related risks and opportunities for the business arising from climate change, pollution, human rights and other issues. Yet most of the data they need doesn’t exist today in company ERP and other central source systems.

Likewise, governments, investors and civil society groups increasingly expect companies to calculate, pay and publicly report taxes in every jurisdiction in which they operate. Under the OECD’s Pillar Two model tax rules, which are being adopted by most countries, such calculations require more than 300 distinct data points for every constituent entity. Our work with clients indicates that only about half of this granular data is currently held in companies’ central systems.

What does it take to address these gaps in accountability trust architecture? C-suite sponsorship. Cross-functional commitment. Investment in data, processes and controls.

One multinational energy company we know needed to track down, validate and combine data from 3,000 constituent entities for its Pillar Two calculations. This required collaboration among tax, finance, legal and technology experts, who needed to piece together the massive dataset from information held in applications and spreadsheets across the global company. In parallel, the team created new systems in order to ensure that the process could be automated in future. The solution included a new governance structure that ringfenced sensitive data in each jurisdiction to ensure it was shared only as needed.

The energy company can now quickly calculate Pillar Two liabilities and confidently answer questions from tax authorities, strengthening accountability trust. The architecture also supports operational trust by allowing the company’s leaders to accurately model the tax implications of various decisions as they move to grow and reinvent the business.

• Digital trust allows companies to maximise the potential of AI and other technologies by protecting sensitive data, maintaining secure operations, and using digital tools responsibly and ethically.

The digital footprint of companies today incorporates remote workplaces, the cloud and digitally enabled value chains including suppliers, ecosystem partners and customers. Each expansion beyond the four walls of the enterprise has delivered new efficiencies and opportunities for growth—and introduced new threats to digital trust. In the language of cybersecurity, the attack surface presented by companies is growing, while also opening new vectors for attackers to exploit.

AI adds new complexities. Advances in AI, combined with more readily available open source malware, have lowered barriers to entry for cybercriminals and fuelled an increased number of attacks. Yet AI can also be used to strengthen cyber defences—for example, intelligent applications that constantly scan networks for suspicious activity and automatically trigger responses if a breach is detected. Companies cannot afford to cut corners on this element of their trust architecture. Consumers say that the protection of customer data is the most important factor in building their trust with companies—more important than even high-quality products and services.

If cybersecurity is the ground campaign in the fight for digital trust, the air campaign turns on issues of algorithmic fairness, explainability and responsible AI. Stakeholders won’t accept AI-powered outcomes unless they trust that the technology is being used in ways that are transparent, thoughtful and ethical. This applies equally to customers, employees, suppliers and regulators.

Tools are at hand to address these concerns. Responsible AI principles serve as foundational guidelines and ethical standards. Governance policies and clear operating models, with well-defined tiers and roles, create an enterprise-wide approach to AI development and deployment. For example, intake and risk tiering processes allow companies to filter proposed AI use cases and ensure that appropriate risk assessments take place.

Most big companies we know have already made progress towards building these elements into their digital trust architecture. The question for CEOs and boards is whether they are striking the right balance between AI innovation and risk aversion, between speed and control. To paraphrase former racing driver Mario Andretti, the brakes aren’t there to make the car go slowly.

Companies everywhere face mounting pressure to reinvent their business models, operating models and ecosystems. Whether the goal is to digitise core systems, adopt AI at scale, transition to low-carbon operations or expand into new markets, trust will determine what is possible—and what is not.

For CEOs and boards looking to lead with trust, we recommend starting with questions in three fundamental areas:

• Which stakeholder groups will matter most to our success over the next five years, and beyond? And what outcomes do they expect from us?
• Are we reinforcing our trust architecture in the places that matter most? Or are there blind spots that could undermine confidence in our actions?
• Are we building a trust architecture simply to comply with regulations? Or are we aiming higher, using our purpose and values to guide bold, future-focused commitments and investments?

The answers will shape your company’s ability to adapt, compete and grow in a world where trust is both fragile and foundational.