The low-code market exploded in 2020. Gartner predicted it would be the dominant application development approach by 2025. Every major software vendor had a low-code offering. Microsoft Power Platform, Salesforce Lightning, ServiceNow, OutSystems, Mendix. The pitch was consistent: build applications faster, empower business users, reduce dependence on scarce developers.
I evaluated several platforms that year and worked closely with teams using them. My honest assessment: the promise is real but frequently unrealised, and the difference comes down to governance.
The genuine capability is impressive. Microsoft Power Automate, for example, can genuinely automate complex multi-step processes across Microsoft 365 applications without writing code. A process that previously required a developer to write a custom integration could be built by a motivated business analyst in a week. The productivity gain for the right kind of work was real and measurable.
The problems emerged with scale and time. Low-code applications tend to work well when they are small and owned by one person who understands them. When they grow beyond that, or when the person who built them leaves, the codebase (and it is a codebase, just a visual one) becomes difficult to maintain. There are no standard practices for testing low-code applications. Version control is often an afterthought. Documentation is rare. The technical debt accumulates invisibly.
The governance failure I saw most often was "shadow IT" proliferation. Business users, empowered by low-code tools, built applications without IT visibility. Sensitive data was being processed by flows that IT had no knowledge of. Security reviews were not happening. Data protection obligations were being inadvertently violated. The autonomy that was the point of low-code became a risk.
The teams that used low-code well had invested in governance. They defined where low-code was appropriate and where traditional development was needed. They created templates and standards. They trained users not just on how to use the tools but on security, data handling, and when to escalate to a developer. They had IT oversight without bureaucratic bottlenecks.
My view in 2020 and now: low-code tools are powerful and appropriate for many automation and application needs. But they require the same discipline as traditional code. The mistake is treating them as too simple to need engineering discipline. The platforms that delivered real value treated low-code as an approach with standards, not a shortcut.