I did some AI heavy search / research on WTC’s data moat a couple of months ago.
This is far from a complete analysis but is a third level distillation from multiple sources.
For transparency, I fed in some prompts to 3 different models then synthesized the results in NotebookLM.
I have not yet drilled down in the sources cited in each of the 3 original searches to validate authenticity / reliability of each, so this is in effect still a preliminary analysis.
Here are some of the insights coming out of that edited by me for clarity / confirmation bias…
There was a ton of other info surfaced in the AI responses, but I am just cherry picking what I find most interesting here.
The starting point
WiseTech’s theoretical moat is built on proprietary trade rules and institutional trust.
However, the customer, the freight forwarder, absolutely owns the data they input into their software.
The true value lies in the execution data, which the forwarders treat as their most vital trade secrets.
WTC is legally just a custodian. They're just processing the data on the customer's behalf to execute a task.
The Pivot
However, since 2026 they have pursued a very deliberate, contractual evolution via their Data Processing Addendum (DPA) - how any software provider handles customer personal data.
Originally, the August 2022 DPA positioned them strictly as a data processor.
The 2022 DPA unambiguously stated that WiseTech would not process personal data for any purpose whatsoever other than providing the specific software services requested by that specific customer.
Under those 2022 terms, WiseTech had virtually zero contractual runway to take data from forwarder A and use it to train an AI model that forwarder B would eventually use.
However, from March 2026, the DPA was updated with a clause explicitly titled processing for WTC's own purposes.
This designated WiseTech as a data controller for the explicit limited purpose of product development processing.
Specifically, this grants WiseTech the authorization to process personal data for general product research and development which covers training their AI models.
The authorization to use the data is strictly conditional on irreversible anonymization.
The AI absorbs the pattern, but it strips the identity.
This data then trains their small language models or domain specific models.
So every forwarder on CargoWise benefits from the generalized intelligence built up in WTC models.
The Regulators
WiseTech write their DPA’s in alignment with Europe’s GDPR as a baseline, as this is generally the toughest privacy legislation.
This helps them navigate other legislation like the California Consumer Privacy Act, the CCPA – and California usually sets the standard for the rest of the US.
China's personal information protection law or PIPL is a bit of a different animal so WiseTech's DPA by includes a specific China addendum.
However, the underlying master service agreements (MSAs) might allow larger customers to negotiate an opt out of data sharing altogether.
Clock is ticking
The European AI Act and other regulations designed to protect consumer and business data – along with a growing awareness of the value (and risks) of data may mean access to this highly valuable training data will be harder to secure in future.
This is not just an issue for WTC, but for anyone seeking to compete with them on this front.
Where WiseTech may have a relevant advantage is their sheer size and scale combined with how early they have been in pursuing their AI strategy.
Competitors looking to go it alone like DSV (Tango) will only have access to whatever data they generate internally plus whatever they can scrape or buy externally.
The CVP changes may become easier for customers to swallow if WTC can demo improvements in the platform that make this new commercial model more palatable.
The own goal of setting some staff into an open mutiny by publicly announcing massive staff cuts without internally explaining a pathway for this will need to be quickly offset with Agentic capability internally so the remaining staff are productive enough to more than cover the exiles and rebuild staff morale.
All this while integrating E2Open and dealing with governance and related issues.
The Threat from AI natives
Wise Tech currently sits inside a rolling three-year audit cycle with hundreds of sovereign customs agencies.
A good AI native setup can write brilliant code in seconds, but cannot quickly pass a multi-year government compliance audit.
Disc: Held