Why Retailers Must Own Their Intelligence Layer

Retailers are in the early days of a seismic shift. As task‑specific AI agents proliferate across point‑of‑sale, digital commerce, customer service, pricing, loyalty and signage systems, the intelligence behind everyday retail operations is slipping into proprietary SaaS tools. Analysts predict that by 2026, 40 % of enterprise applications will include AI agents, up from less than 5 % in 2025.

What seems like an efficiency boon masks a deeper risk: each agent optimises in a fragmented loop inside someone else’s software, and the retailer gradually loses control over the logic, data and decision rights that define its business.

This blog unpacks why the intelligence layer is rapidly becoming retail’s next competitive moat, why regulators are forcing the issue, and how a sovereign intelligence architecture provides both compliance and strategic advantage.

The Quiet Shift from Dashboards to Agents

Traditional retail SaaS delivered dashboards; managers remained responsible for interpreting analytics and deciding how to act. Agentic AI changes the model as AI copilots can search information, recommend actions and increasingly execute tasks in systems such as Microsoft Dynamics 365, Salesforce Einstein Copilot and Oracle Analytics. NCR Voyix and other commerce platforms are embedding AI assistants directly into store systems.

In the UK, for instance, retailers already use AI agents to manage promotions, price updates, stock alerts and labour allocation.

Retailers often fail to realise that each SaaS module is learning from their proprietary data. Agents ingest transaction histories, loyalty behaviours, staff schedules and customer feedback, then optimise algorithms to deliver outcomes within the vendor’s black‑box environment.

While helpful at first, this outsourcing creates “fragmented optimisation loops”: each vendor improves its own module using retailer data but never returns the full learning back to the retailer. Decisions about pricing, personalisation and promotions become opaque; audit trails are spread across multiple vendors; and switching providers becomes financially and operationally prohibitive.

Where Agents Are Embedding

AI agents aren’t just chat bots. They embed across the retail stack:

• Point‑of‑sale (POS): real‑time recommendations to staff; agent‑driven updates to promotions or inventory.

• Commerce: personalised product ranking, order routing and dynamic pricing.

• Customer relationship management (CRM): AI copilots summarise interactions and propose next best actions.

• Digital signage and kiosks: interactive displays show personalised content; generative AI designs new promotional creatives on demand.

• Analytics and retail media: AI models build audiences and deliver closed‑loop measurement for brands.

These embedded agents alter the risk profile. It is no longer enough to integrate vendor data into a central data lake; the intelligence itself now sits inside vendor software. Retailers must decide whether to centralise control above these agents or surrender their competitive logic to providers.

Why 2026 Changed the Governance Equation

Regulators across major markets are codifying AI governance requirements that call into question the status quo of black‑box SaaS.

• European Union (EU): The EU AI Act demands traceabilityfrom input data to decision logic. Retailers must be able to explain AI‑driven decisions to regulators and demonstrate compliance with record‑keeping, impact assessments and cross‑border data‑transfer rules. The EU’s Data Act further mandates

  switching rights: cloud customers must be able to migrate data and workloads to alternative providers.

• United Kingdom (UK): UK guidance emphasises explainability, requiring companies to provide evidence for automated decisions. Retail boards are accountable for ensuring AI outcomes align with customer rights and privacy.

• United States (US): Policymakers are focusing on portability and procurement transparency. State privacy laws and antitrust scrutiny mean retailers must avoid being locked into proprietary vendors that hoard behavioural data.

These regulatory shifts mean that outsourcing intelligence is no longer an IT preference but an enterprise risk posture. Boards must treat the intelligence layer as a governed asset and ensure they can audit and control automated decisions.

Two Architectures, Two Futures

The research compares two future architectures: fragmented intelligence and sovereign intelligence.

Model A: Fragmented Intelligence

In the fragmented model, retailers continue buying point solutions, analytics here, personalisation there and each vendor deploys its own agent. Intelligence is scattered across dozens of applications. The consequences:

• Black‑box decisions: Retailers lack end‑to‑end traceability from data to decision. When an AI agent makes a pricing or staffing decision, no single party can explain the logic.

• Security risk: Credential sprawl and cross‑vendor integration create third‑party exposure and increase the likelihood of cascading incidents.

• Lock‑in: Optimisation loops inside vendors learn from retailers’ data. Switching providers means losing compounded learning and retraining AI models from scratch.

• Commercial inequity: Vendors, not retailers, capture the value of first‑party data especially in retail media, making it hard for retailers to prove audience quality and monetisation integrity.

Model B: Sovereign Intelligence

In the sovereign model, retailers own the intelligence layer that sits above vendor agents. They collect signals from POS, commerce, CRM, signage and sensors; funnel them into a central control plane; and expose controlled interfaces back to vendors.

Key features:

• Unified data flow: Real‑time events (transactions, loyalty actions, device telemetry) stream into a retailer‑owned intelligence hub that standardises identity, context and access governance.

• Governance and audit layer: A central dashboard collects every decision request, logs model versions, monitors agent actions and enables kill switches. When an AI makes a decision, the retailer can prove exactly which data and policy were used.

• Open interfaces and portability: Vendors integrate through

  open APIs and governed exports. The retailer maintains switching optionality and portability critical for complying with EU requirements.

• Resilience and risk management: A sovereign control plane allows for rollbacks and resilience playbooks across stores if a vendor agent misbehaves.

• Retail‑media readiness: Because the retailer owns identity resolution and event measurement, they can build trusted, auditable retail‑media products.

Black‑Box Risk Is Now Financial Risk

Beyond regulatory fines, retailers face financial consequences if they cannot defend AI decisions. The research highlights several risk categories:

• Accountability risk: Can you explain to customers, regulators and employees why an AI changed a price or denied a loyalty reward? Without traceability, retailers risk lawsuits and brand damage.

• Regulatory and audit risk: Regulators will demand logs, documentation and oversight records. Fragmented intelligence makes producing evidence slow and incomplete.

• Data sovereignty risk: Retailers often do not know where their data is stored or processed across vendor landscapes. New laws require clear data residency and transfer policies.

• Cyber and third‑party concentration risk: Credential sprawl across many providers increases the chance of compromise and incident cascades.

• Commercial lock‑in risk: Vendors may treat AI models as egress fees; compounding learning inside black boxes makes switching cost‑prohibitive.

• Operational resilience risk: If an agent fails or makes a harmful decision at scale, retailers need kill‑switch policies and rollbacks.

• Monetisation integrity risk: Retail media requires trusted, retailer‑owned audience and measurement assets; fragmented intelligence undermines credibility.

Retail Media: The Monetisation Test

Retail media is emerging as a multi‑billion‑dollar revenue stream for grocers, convenience stores and big‑box retailers. Brands want access to first‑party shopper data to target ads and measure sales impact. In a fragmented architecture, data sits in vendor silos. Different platforms claim credit for the same sale, making closed‑loop measurement impossible.

A sovereign intelligence layer solves this by centralising identity resolution and event measurement. Every impression, click and purchase flows through the retailer’s control plane, enabling precise attribution across channels. The retailer can verify audience quality, prove campaign performance and share audit‑ready reports with advertisers. In this model, retail media becomes a strategic asset rather than an add‑on.

Building the Sovereign Intelligence Stack

How do retailers operationalise sovereignty? The research proposes a three‑layer architecture:

1. Sensors, devices and event streams – This includes POS terminals, kiosks, e‑commerce platforms, loyalty apps, signage and IoT devices. Crucially, cameras used to detect customer engagement should feed only high‑level engagement events (e.g., screen touches, dwell time) into the control plane. The camera itself remains focused on enhancing customer interactions, not harvesting analytics.

2. Real‑time signals and micro-services – An event bus ingests data from all sources. Microservices normalise events, update unified profiles, trigger real‑time decisions and publish governed streams to agents and dashboards. The retailer enforces access controls and policy checks at this layer.

3. Governance and command dashboard– The top layer provides a central command centre for executives. It visualises metrics, approves or blocks agent actions, manages vendor integrations and triggers kill switches. It also logs every decision for audit and compliance.

Why Edge Is Not Intelligence

A key misconception is that moving compute “to the edge” (e.g., running AI in-store) is a substitute for owning the intelligence layer.

Edge architectures can reduce latency but do not address sovereignty. If vendors manage the edge devices and training pipelines, retailers still lose control of logic and data.

Sovereignty is about owning the layer that decides what automation is allowed to do, regardless of where compute happens.

A Practical Executive Checklist

Retail leaders don’t need to rip and replace systems. They can start by asking the right questions and implementing guardrails:

1. Map intelligence flows – Document where AI decisions are happening across POS, merchandising, pricing, labour and marketing. Identify which vendors own the logic and which data they use.

2. Centralise identity and telemetry – Unify customer and employee IDs, and ingest all event streams into a central platform before sharing with vendors.

3. Demand open interfaces – In new contracts, require API‑level integration, governed exports, logging and kill‑switch capabilities. Avoid proprietary black‑box modules.

4. Implement governance dashboards – Build or buy a command centre that captures all decision requests, model versions and agent actions in one place.

5. Create resilience playbooks – Establish rollback procedures, vendor‑independent overrides and incident response plans for AI failures.

6. Develop retail‑media measurement – Use the sovereign control plane to build closed‑loop audience and measurement capabilities that are owned and audited by the retailer.

7. Educate the board – Frame intelligence sovereignty as a risk and opportunity. Regulators are watching; boards need to own the decision about who owns the logic.

From Sovereign Theory to Operational Reality

Owning the intelligence layer is not a conceptual exercise. It requires infrastructure that centralises signals, governs decisions, and enables secure orchestration across distributed retail environments.

Merlin Cloud was built specifically around this architecture principle.

Rather than embedding optimisation inside isolated vendor systems, Merlin Cloud provides a retailer-owned command layer that sits above existing POS, signage, kiosk, and engagement systems. It does not replace the stack, it governs it.

Rather than embedding optimisation inside isolated vendor systems, Merlin Cloud provides a retailer-owned command layer that sits above existing POS, signage, kiosk, and engagement systems. It does not replace the stack, it governs it.

Through a centralised dashboard, retailers can:

• Unify engagement, operational, and device signals across locations

• Apply policy controls to automated actions and campaign logic

• Maintain audit-ready traceability from event to execution

• Securely orchestrate remote updates across stores in minutes

• Reduce supplier sprawl by consolidating intelligence into one governed layer

This approach aligns directly with the regulatory trajectory of the EU Data Act, the AI Act, and evolving UK explainability standards. It ensures that intelligence remains a retailer-owned asset, not a vendor-embedded abstraction.

Merlin Cloud's recognition in the Startups 100 2026 reflects not just product innovation, but architectural thinking: retail intelligence must be centralised, governable, and portable.

The intelligence layer should not be rented, it should be owned.

Owning the Logic Is the Next Moat

Retail’s next competitive advantage will not come from chasing the latest channel or algorithm inside a vendor’s SaaS. It will come from sovereignty the ability to prove, in board language and audit evidence, that your enterprise owns the logic that makes decisions, owns the data that trains them, and owns the control plane that decides what automation is allowed to do.

In an environment where AI agents are ubiquitous and regulators demand explainability, retailers who outsource their intelligence layer will not only outsource productivity; they will outsource accountability, resilience and future monetisation.

By building a sovereign intelligence layer, retailers can harness the power of AI agents while maintaining control, compliance and strategic freedom. The shift from fragmented to sovereign intelligence is not a technology project; it is a governance mandate and a strategic investment in the future of retail.