In June 2026, the Philippine Daily Inquirer and Philstar reported on a phenomenon BPO insiders began calling "Shadow Implementation": mid-market business-process providers commercializing agentic AI capabilities they did not yet possess, with the operating plan to build them on the customer's contract, data and timeline. The reporting framed it as a Philippine industry conversation — a sector that, according to the same coverage, employs approximately 1.97 million professionals — but the dynamic is not specific to one country or one provider. Wherever buyers are pricing AI-augmented services without verifying the underlying capability, the incentive to oversell exists.
The same reporting put a number on the underlying maturity gap: roughly **1% of BPOs are estimated to operate enterprise-grade retrieval-augmented generation (RAG) infrastructure in production**. The other 99% are at earlier stages — proofs of concept, third-party tool integrations, or marketing decks. Neither end of that distribution is inherently wrong; what matters is whether a provider's commercial promises match its actual stage of maturity.
This article is not an attack on any country, vendor or category. It is a buyer's verification protocol — what to ask, what to observe, and what to require in writing — so that the conversation between you and your prospective partner is grounded in evidence rather than slideware.
For a vendor under price pressure, selling a capability you do not yet have is rational in the short term. The contract is signed at AI-era pricing, the buyer underwrites the build, and if the project succeeds the vendor emerges with a real capability funded by someone else. If the project fails, the vendor still kept the revenue and the buyer absorbs the disruption.
For the buyer, the asymmetry is uncomfortable: you pay for production AI, you receive a stalled pilot, your data has been used to train someone else's roadmap, and your migration cost out of the relationship is high because the integration was custom-built. The fix is not paranoia. It is a verification protocol — applied consistently across every shortlisted vendor — that exposes the gap before the SOW is signed.
Generic demos prove the vendor knows how to demo. A live demo on a representative sample of your tickets, calls, chat transcripts or back-office documents — observed by your team in real time, with the vendor's engineers visible — proves the system works in your specific context. Make this a precondition to the second SOW conversation, not a nice-to-have. If a vendor cannot run a 90-minute live demo on a sanitized sample of your data within two weeks of NDA signature, the capability is not production-ready.
Ask to see the production RAG pipeline of an existing reference customer: the document ingestion job, the chunking and embedding strategy, the vector store, the retrieval evaluation harness, and the human-feedback loop. A mature provider will show you a sanitized version of all five. A provider that responds with a partnership logo slide or a third-party tool screenshot does not yet own the capability — they are reselling someone else's.
Vanity deflection numbers ("our agent handles 60% of queries") are meaningless without re-contact rate, CSAT impact and human-escalation quality. The contract should commit to a containment rate, a 7-day re-contact ceiling, a CSAT floor and a maximum acceptable handoff latency to a human agent — with credits or termination rights if the floors are missed for two consecutive months. A vendor that resists writing those numbers into the SOW is telling you something important about their confidence.
Your tickets, transcripts, knowledge base content and customer PII must remain your property. The contract should specify: data residency (which country and which sub-processor), retention windows, training-data usage (your data is **not** used to train shared models without explicit consent), deletion guarantees on termination, GDPR roles, and breach-notification SLAs. If a vendor's standard MSA does not cover all six, treat the negotiation as the first sign of operational maturity — or its absence.
Agentic AI fails. The question is what happens when it does. A real implementation has a trained, multilingual human tier sized to absorb 30–50% of volume on day one, with documented escalation paths, quality-monitoring loops back into the model, and a published recovery-time objective for AI outages. Ask to tour (in person or virtually) the human operations center and meet the supervisors. A vendor that cannot produce the human tier is not selling AI-augmented service — they are selling AI-only service with hidden tail risk.
Generic reference calls produce generic answers. Ask the reference customer four specific questions: containment rate over the last 90 days, re-contact rate, CSAT before and after deployment, and one incident where the AI failed and how the vendor responded. If the reference cannot answer all four in numerical terms, the vendor has not operationalized the program — they have demoed it.
For any agentic AI engagement above six figures, retain an independent reviewer — fractional CTO, AI advisory firm, or a competing vendor with no bid — to review the SOW, the proposed architecture and the metric definitions. A two-day engagement at €4,000–€8,000 will routinely surface unfunded mandates, vague metric definitions and missing safeguards. Treat it as cheap insurance, not as a sign of distrust.
Even after the seven steps above, the right shape of the first engagement is a **90-day production pilot on a bounded scope**, with explicit go/no-go criteria, full data portability if you walk, and a fixed price. The pilot validates the capability against your real volumes; the scaled engagement only begins once the pilot has passed its criteria.
The market is converging on a model that buyers can verify rather than trust: a transparent hybrid of agentic AI for high-volume deterministic intents, agent-assist for medium-complexity, and a trained human tier for everything else, with one CSAT and one re-contact dashboard covering the whole stack. Where it sits geographically matters: a nearshore hub on UTC+1 keeps the human escalation SLA achievable across European hours without an overnight surcharge, and gives buyers the option to visit the operation in person within a single business day.
For European, MENA and Americas buyers evaluating the model, our [BPO operations practice](https://callitdev.com/en/services/bpo) sets out how we run the human tier, the [AI automation and emerging-tech practice](https://callitdev.com/en/services/digital-studio/emerging-tech-ai) sets out the AI side of the stack, the [Morocco nearshore positioning](https://callitdev.com/en/why-morocco) explains the geography, and the [cost calculator](https://callitdev.com/en/cost-calculator) lets you model the blended unit economics against your current baseline before a single conversation.
Most vendor disputes around agentic AI are not disagreements about the technology — they are disagreements about what the contract said. A defensible SOW for an AI-augmented BPO engagement in 2026 contains, at minimum, the following sections.
A precise **scope of intents** with named entry points, channels and languages, plus an explicit out-of-scope list so creep is detectable. An **operational metric schedule** with containment rate, 7-day re-contact ceiling, CSAT floor, NPS floor where measured, handoff latency, and average handle time on the human tier, each defined with the exact formula and the source system that produces the number. A **service-credit and termination schedule** keyed to metric breaches across two consecutive monthly windows. A **data and IP schedule** covering ownership, residency, sub-processors, training-data usage, retention, deletion, GDPR roles, breach-notification SLA, and a written commitment that the customer's data is not used to train shared models without explicit opt-in. A **change-management schedule** specifying who approves model changes, prompt changes, knowledge-base changes and integration changes, with a maximum 72-hour notification window for any change that touches customer-facing behaviour. A **continuity schedule** specifying the human-tier headcount floor, recovery-time objective for AI outages, and the fallback operating model when the AI is degraded.
Six schedules. Twelve to twenty pages. If a vendor cannot or will not produce them, the answer to the underlying capability question is in the friction.
A 90-day production pilot is not a one-size-fits-all template. Three sizing rules keep the pilot honest. First, the pilot must cover at least 15% of the relevant production volume — anything smaller does not stress-test the human tier or the failover behaviour. Second, the pilot must run for the full 90 days, not "until we hit a containment number" — short pilots favour vendor cherry-picking and miss the seasonality and edge-case profile of a real month. Third, the pilot must include at least one deliberately injected failure scenario — model degradation, knowledge-base drift, a sudden volume spike — to verify that the documented recovery procedures work in practice rather than on paper.
A pilot priced fixed-fee at €60,000 to €180,000 for a mid-market scope is reasonable in 2026. A pilot priced on time-and-materials, or one that requires the customer to fund infrastructure that ends up owned by the vendor, is a leading indicator of Shadow Implementation.
Reference calls are the cheapest verification step and the most commonly wasted. A productive call lasts 45 minutes and answers six questions with numbers, not adjectives. What was your containment rate over the last 90 days. What was your 7-day re-contact rate. What was your CSAT before deployment and what is it now. What was the largest AI failure incident in the last 12 months and how long did recovery take. What did you wish you had negotiated differently into the SOW. Would you sign the same contract again — yes, no, or yes-with-changes.
If the reference cannot answer all six, the engagement has not been operationalized. If the reference declines the call entirely, the vendor is steering you away from an unhappy customer. Either signal is more informative than a brochure.
Nothing in this article is intended to disparage the Philippine BPO industry, any individual country, or any named provider. Shadow Implementation is a generic vendor-risk pattern that has appeared in every category where capability commitments outran capability investment — from cloud in 2012, to data engineering in 2018, to cybersecurity in 2021. The 2026 version is agentic AI; the 2028 version will be something else. The protection is not vendor selection by reputation. It is a verification protocol applied consistently, in writing, before signature.
A real agentic AI capability does not feel mysterious in a buyer's hands. The demo runs on your data, the metrics are written into the SOW, the human tier is staffed and visible, the references answer four numerical questions without hesitation, and the pilot is bounded and reversible. If any of those signals is missing, slow down — the cost of one more verification cycle is small compared with the cost of a Shadow Implementation that fails twelve months in.
${CTA_BPO}
A pattern reported in June 2026 by Philippine Daily Inquirer and Philstar where mid-market BPO providers commercialize agentic AI capabilities they do not yet possess, planning to build them on the customer's contract, data and timeline. The risk is generic to any geography or vendor — the protection is a verification protocol applied before signature.
Per the same June 2026 reporting, the industry estimate is that roughly 1% of BPOs operate enterprise-grade retrieval-augmented generation infrastructure in production. The remaining 99% are at earlier stages — proofs of concept, third-party tool resale, or marketing assets. Neither end is wrong on its own; what matters is whether commercial promises match actual maturity.
A 90-minute live demo on a sanitized sample of your tickets, calls or documents, observed by your team in real time, with the vendor's engineers visible. A mature provider can stage that within two weeks of NDA signature. A provider that cannot is not production-ready, regardless of the slideware.
Containment rate, 7-day re-contact rate ceiling, CSAT floor, maximum handoff latency to a human agent, and credits or termination rights if floors are missed for two consecutive months. Vanity deflection numbers alone are meaningless without re-contact and CSAT.
Data residency by country and sub-processor, retention windows, explicit non-use for training shared models without consent, deletion guarantees on termination, GDPR roles, and breach-notification SLAs. If a vendor's standard MSA does not cover all six, treat the negotiation itself as a maturity signal.
A hybrid model uses agentic AI for high-volume deterministic intents, agent-assist for medium-complexity, and a trained human tier for everything else, on one unified CSAT and re-contact dashboard. The human tier is sized to absorb 30-50% of volume on day one, with documented escalation and a published recovery-time objective for AI outages.
No. Shadow Implementation is a generic vendor-risk pattern that has appeared in every category where capability commitments outran capability investment — cloud in 2012, data engineering in 2018, cybersecurity in 2021, agentic AI in 2026. The protection is a verification protocol applied consistently, not vendor selection by reputation.
A transparent nearshore hybrid from Casablanca on UTC+1: agentic AI on production RAG infrastructure for the deterministic volume, agent-assist for the middle tier, and a trained multilingual human team for complex and regulated work, all on one CSAT and re-contact dashboard with SLA-backed metrics in the SOW.
CALL IT DEV — Software, AI and dedicated tech teams — Casablanca | Madrid | Dubai — contact@callitdev.com — +212-537-373777