Salesforce Release Spring '26

The Salesforce Spring '26 release (available starting January 2026) marks a significant transition in the maturity of the Salesforce platform, shifting the focus from a rapid accumulation of AI features to thoughtful consolidation and preparing organizations for large-scale transformation. While Agentforce and Data 360 remain strategic pillars, Spring '26 is distinguished by a crucial focus on operational foundations: improving the developer experience, strengthening security, modernizing administrator tools, and enforcing migration to new integration practices. What might appear to be a minor technical update to an optimistic Salesforce marketing team actually represents a major technical debt that every organization will need to absorb.

10 Key Points to Remember

1. API Instance URL: A critical and non-negotiable architectural change — Organisations must replace instance references in their API integrations with My Domain URLs by the enforcement date in Spring '26. This is a real compatibility break, not just a recommendation.
2. Editable Data Table in Flow: Long awaited, but still unstable — The much-requested component makes its debut in Spring '26, but with an "experimental" status: it actually disappeared during initial testing. Use with caution in production.
3. Salesforce Shield becomes a dedicated application — Consolidating security tools (Data Detect, Field Audit Trail, Event Monitoring, Platform Encryption) into a single UI application is a victory for governance, but also reveals that Shield was too scattered to be truly useful.
4. External Client Apps are gradually replacing Connected Apps — Salesforce is phasing out access to the creation of new Connected Apps. For architects and ISV publishers, this represents a complex migration to a 2GP stack. It also sends a strong signal: Salesforce is standardising on metadata compliance and abandoning legacy approaches.
5. Flow Logging in Data 360: Observer becomes traceable — The integration of automatic logging of Flow executions in Data 360 transforms visibility but also increases Data 360 billing. To be budgeted for seriously.
6. Native Kanban Board in Flow: Finally, a real alternative to custom components — After years of requests from the community, Salesforce has delivered a production-ready component for visually managing workflows. It's productive, but still relies on a restrictive architecture.
7. Custom Styling for Screen Flows: More brand alignment, less tinkering — Theme Picker and styling options reduce the need for custom LWC components for visual compliance. However, there is no access to formulas or variables for dynamic colours — a limitation that will persist.
8. Custom Styling for Screen Flows: More brand alignment, less tinkering — Theme Picker and styling options reduce the need for custom LWC components for visual compliance. However, there is no access to formulas or variables for dynamic colours — a limitation that will persist.
9. Data 360 Limits tightened, performance redefined — Batch transforms limited to 1,000 per organisation, real-time graphs limited to 200 KB, insights limited to 300 per tenant: these figures reflect a platform that optimises for scalability, not experimentation. Organisations will hit these ceilings well before Spring '26.
10. Agentforce Builder (Beta): A more structured reasoning engine, but with risks of disruption — The builder's new graph-based architecture offers greater determinism and control, but it represents a break with existing agents. Early adopters will need to revalidate their agents for production.

The 5 Truly Strategic Developments of Spring '26

1. Forced Migration: Instance URLs to My Domain (Critical Impact, Mandatory)

The business problem: For years, Salesforce has been encouraging best practices for integration. Spring '26 stops suggesting and starts enforcing. Once it goes live in production, automatic redirects of instance URLs (e.g., cs123.salesforce.com → myorg.my.salesforce.com) will disappear. Any API integration using the old paths will break silently.

Actual maturity: Enforced — This is not a feature, it is a breaking change. No significant grace period will be granted in production.

Concrete impacts:  

• Businesses: Any middleware, ETL, or external API integration that uses hardcoded instance URLs will cease to function. For large organisations with hundreds of integrations, this means a forced audit and a remediation project lasting several months.
• Salesforce Administrators and Consultants: Mandatory audit of all Apex code, Visualforce, and Lightning configurations that reference instances. High risk of regressions if a single endpoint is missed.
• Integration Teams: Systematic modification of configurations for Data Loader, Zapier, MuleSoft, Informatica, and other tools. Organisations with non-sandboxed instances that have not migrated before the enforcement date will experience service interruptions in production.

What Salesforce doesn't make clear: The transition is not without consequences. Organisations that have postponed this migration for more than two years are now faced with a choice: update everything in a single maintenance window (risky), or risk partial outages in production. Salesforce wants to see an end to this "technical debt", but the cost of transition is being passed on to customers.

Grey areas: How will managed partners and managed packages behave with this change? Salesforce has indicated that packages should have been using My Domain URLs for a long time, but older packages will remain fragile.

2. Editable Data Table in Flow: An Expected Component, But Unstable in Preview

The business problem: Since v4.0 of the native Data Table (Spring '24), administrators and developers have been requesting an inline editing feature. Currently, each line modification requires going through a modal form or a custom LWC component. Spring '26 promises to close this gap.

Actual maturity: Experimental/Beta — An initial preview version was withdrawn during the initial preview period after encountering bugs. Current status: in development, activatable but unstable.

Concrete impacts:  

• Admins and Consultants: Access to a native component that eliminates the need for 40% of custom LWCs for simple bulk-editing use cases. Reduction in technical complexity and long-term support.
• Dev teams: Possibility to close long-standing tickets saying "we need an editable table". But be careful: if the component crashes in production, the fallback to a custom LWC takes time.
• CRM managers: Reduction in the total cost of ownership of lightweight automation solutions. Less dependence on developers for every minor UI requirement.

What Salesforce isn't saying: Why did this component disappear in the first place? Performance issues with very large datasets, or permission conflicts. Salesforce is probably waiting until Q1 2026 to stabilise. Early adopters are exposed to regressions.

Risks and points to watch out for: Users with complex permissions or active Field-Level Security may encounter unexpected behaviour. There is no support for form fields or roll-ups (although this is an expected limitation).

3. External Client Apps: The New Era of Integration (Mandatory for 2GP)

The business problem: Salesforce launched External Client Apps as the next generation of Connected Apps, with better support for 2GP (Second-Generation Packaging), separation of admin/developer roles, and metadata compliance. But most organisations continued to use Connected Apps out of inertia.

Actual maturity: Production-ready, but adoption still immature in the ecosystem. Spring '26 pushes the migration timeline by hiding the option to create new Connected Apps behind Salesforce Customer Support.

Concrete impacts:  

• Architects and ISVs: Mandatory migration of all new integrations to External Client Apps. For distributed packages, this is non-negotiable. Local (non-packaged) organisations can continue with Connected Apps for a little while longer, but this path is closing.
• Salesforce Consultants: Need to update integration templates, onboarding processes, and audit checklists. Customers with complex CRMs will need to validate that their existing Connected Apps remain compatible during the transition period.
• Security Teams: External Client Apps offer a better audit model (policy vs. settings), but also introduce new attack surfaces that need to be validated. Permission configurations will need to be reviewed again.

What Salesforce does not clearly state: There is no automated migration tool to convert an existing Connected App into an External Client App. It is a manual process, which causes real friction. In addition, some features (Canvas Apps, User Provisioning) are still only available for Connected Apps.

Grey areas: What is the actual timeline before Connected Apps are completely decommissioned? Salesforce has not given a firm date. Organisations should allow 18-24 months before a forced change.

4. Flow Logging in Data 360: Workflow Observability Becomes Traceable (and Expensive)

The business problem: Admins have always had difficulty diagnosing why a Flow ran poorly or auditing the history of mass executions. Salesforce has integrated Flow execution logging directly into Data 360, creating a single source of truth for operational visibility.

Actual maturity: Production-ready, but tightly coupled with Data 360 (which is not within the budget of all organisations).

Concrete impacts:  

• Admins and DevOps: Detailed visibility of flow executions (execution time, errors, output variables) centralised in a Lightning Page. Reduces the need for custom logs via Apex.
• Compliance and Audit Teams: Ability to track each execution of a business process. Enhanced audit trails for regulated sectors (Finance, Healthcare).
• CRM managers: Clear understanding of who launches which flow, when, and with what results. Better prevention of process drift.

What Salesforce doesn't tell you: Each execution stored in Data 360 consumes Data 360 credits. An org with 10,000 Flow executions per day will see its Data 360 costs increase significantly. There is no option to "only log errors" — it's all or nothing.

Risks and points to watch: Performance. If an organisation launches millions of Flows (batch processing automation-heavy), the volume of logging could create a bottleneck. Salesforce has not published any guidelines on performance thresholds.

5. Agentforce Builder (Beta): A Deterministic Engine, But Complex Migrations

The business problem: The original Agentforce Builder was entirely LLM-based: the AI essentially decided how the agent would behave. Spring '26 introduces a new graph-based architecture where conversation flows are more structured and predictable, combining natural language and scripting.

Actual maturity: Experimental/Beta — Available to organisations, but recommended for sandbox testing first. Existing agents built with the old architecture will continue to function, but new agents will utilise the new engine.

Concrete impacts:  

• Agentforce developers: Greater control over agent logic. Improved debugging, tracing, and reliability. The ability to write in Agent Script (a dedicated scripting language) offers possibilities that natural language alone cannot always cover.
• Project Managers: Reduced risk of hallucinations or unexpected behaviour. Agents built with this architecture are more predictable and better suited to critical production uses.
• IT and Governance Teams: Improved agent monitoring thanks to Agentforce Observability. Ability to track each agent's decisions and identify where an agent is going astray.

What Salesforce doesn't say: Migrating existing agents from the legacy builder to the new builder is not automatic. It is a re-validation process. Critical agents will need to undergo comprehensive testing. In addition, some features of the legacy builder (e.g., actions based entirely on LLM) may not have a direct equivalent in the new architecture.

Risks and points to watch out for: For organisations with complex Agentforce agents already in production, this transition represents a risk of regression. The timing of this beta is tight — it will be necessary to quickly validate that the new agents are working as expected before implementation.

6. Salesforce Shield Dedicated App: Centralised Security, But Rising Operating Costs

The business problem: Salesforce Shield (Data Detect, Field Audit Trail, Event Monitoring, Platform Encryption) was scattered throughout Setup. Spring '26 consolidates these tools into a dedicated application, reducing friction for security administrators.

Actual maturity: Production-Ready — This is a UI reorganisation, not a new feature.

Concrete impacts:  

• Security and Compliance Managers: A single destination for managing all monitoring and auditing. Better UX, fewer clicks to configure audit trails or enable encryption.
• Salesforce administrators: Smoother access to security tools. Reduced configuration time and learning curve.
• Compliance teams: More accessible and understandable audit trails to demonstrate compliance (GDPR, HIPAA, SOC 2).

What Salesforce doesn't clearly state: The creation of a dedicated application for Shield indirectly acknowledges that these tools were too hidden to be truly useful. Many organisations paying for Shield are not utilising even 10% of its capabilities. Now that the UX is improving, organisations without Shield will make the same request of their publishers.

Risks and points to watch out for: Costs. Shield is a premium add-on. The easier it is for organisations to access Shield, the more they understand what they are missing out on by not having a Shield licence. This is a business driver for Salesforce, but a new cost for customers.

7. Data 360 Limits Enforced: Scalability Redefined, Performance Compromised

The business challenge: Data 360 has become central to CDP and AI strategies. But as adoption increases, Salesforce must protect service performance for everyone.

Actual maturity: Enforced — These limits are not new, but Spring '26 makes them more visible and strictly enforced.

Concrete impacts:  

• Data Architects and BI Managers:
  • Batch transforms: maximum 1,000 per organisation, 50 concurrent users
  • Real-time graphs: maximum size 200 KB, 200 million records as standard
  • Calculated insights: maximum 300 per tenant, 30 manual executions per day
  • Organisations will need to optimise their data models to stay within these limits.
• Data Engineering Teams: Re-architecture requirements for complex pipelines. Partitioning, segmentation, and pruning become essential.
• CRM managers: Clear understanding that Data 360 is not an unlimited data lake. It is a highly optimised CDP platform with boundaries.

What Salesforce does not clearly state: These limits reflect engineering choices made to protect performance. But they also mean that highly complex use cases (hundreds of calculated insights, millions of data points to be unified in real time) will quickly exceed the limits. Organisations will have to make choices: limit complexity or accept a degradation in performance.

Grey areas: What happens when an organisation reaches these limits? Does Salesforce throttle? Refuse creation? There is no clear communication about fallback behaviour.

8. Connected Apps Deprecation Quietly Enforced: A paradigm shift for integrators

The business problem: Salesforce is gradually removing access to the creation of new Connected Apps, forcing them towards External Client Apps.

Actual maturity: Enforced — The creation of new Connected Apps is now behind Customer Support. The business problem: Salesforce is gradually withdrawing access to the creation of new Connected Apps, forcing them towards External Client Apps.

Concrete impacts:  

• Architects and Consultants: Obligation to rethink each new integration. For ISVs, this means migrating to 2GP and revalidating packages. The business issue: Salesforce is gradually withdrawing access to the creation of new Connected Apps, forcing them towards External Client Apps.
• Security teams: External Client Apps offer a better security model (separation of roles), but require reconfiguration. The business issue: Salesforce is gradually phasing out access to the creation of new Connected Apps, forcing them to use External Client Apps.
• Managed Partners: If an ISV partner distributes a package with Connected Apps, that package will gradually become unusable. Pressure to migrate before the option disappears completely. The business problem: Salesforce is gradually removing access to the creation of new Connected Apps, forcing them towards External Client Apps.

What Salesforce isn't saying: Timeline specifies that existing Connected Apps will continue to function indefinitely, but without new support. It's a slow death, not a kill switch. The business problem: Salesforce is gradually removing access to the creation of new Connected Apps, forcing them towards External Client Apps.

What Has Changed Compared to Previous Versions ​

vs. Winter '26

Aspect	Winter '26	Spring '26
Instance URL Enforcement	Recommended in sandboxes	Enforced en production
Connected Apps	Always creatable	Restricted creation, behind Support
Flow Builder Debugging	Modern debugging en Canvas	Debug Screen Flows further as well
Agentforce	Default legacy builder	New graph-based builder (Beta)
Shield	Scattered throughout Setup ​	Dedicated app, better UX ​
Data 360 Scale	Stated limits	Stricter enforcement of limits

vs. Summer '25

Spring '26 consolidates rather than adds. Less feature mania, more stabilisation.

What Salesforce Doesn't Clearly State: Grey Areas and Limitations

1. Agentforce Builder: Hidden Discontinuity

Salesforce presents the new Agentforce Builder as an "improvement," but it is actually an architectural break. Agents built with the old architecture will continue to run, but all new agents will use the graph-based engine. This creates two generations of agents within the same organisation — a risk of confusion and fragmented maintenance.

Unresolved question: Will all agents be forced to migrate at some point? Or is there a genuine long-term path for coexistence?

2. External Client Apps: Feature Parity Still Incomplete

Salesforce claims that External Client Apps are "the next generation," but several key features are still missing (Canvas Apps, User Provisioning). This creates pressure to migrate to a technology that is not yet complete.

3. Data 360 Limits: No Guidance on Fallback

When an organisation reaches 1,000 batch transforms, what happens? Salesforce does not say clearly. Is the 1,001st rejected? Or does performance silently deteriorate?

4. Editable Data Table: Truly Stable?

The component disappeared during the preview. This is a sign that Salesforce is not entirely confident. Using this component in production before Q2 2026 represents a risk.

5. Instance URL Change: Impact on Managed Packages

For older packages that hardcode instance URLs, Spring '26 may break them. Salesforce has not provided guidance on responsibility: should the package provider fix it? Or does the customer accept that the package is unsuitable?

Practical Recommendations

For a Company Already on Salesforce

Immediately (Before January 2026): ​

1. Instance URL Audit: Scan all apex, flows, LWC, and integration configurations for references to instance URLs. List all external integrations (Data Loader, Zapier, MuleSoft, etc.) and verify that they use My Domain URLs.
2. Sandbox preparation: Activate Spring '26 preview as soon as possible (9 January 2026). Systematically test all critical integrations to ensure they do not break.
3. Changeover planning: Schedule a maintenance window in production to deploy integration fixes just before going live. Do not wait for the official release date for your instance.

Short term (Q1 2026):

1. Evaluate External Client Apps: If you have existing Connected Apps or are considering new integrations, start evaluating External Client Apps. Not urgent, but the trend is clear.
2. Pilot Agentforce Builder Beta: For organisations with agents in production, start testing the new architecture in a sandbox. This should not be an emergency, but rather a proactive exploration.
3. Optimise Data 360: If you use Data 360, audit your data models to ensure that you do not run into limitations (1,000 batch transforms, 300 insights, 200 KB for real-time graphs).

Medium term (Q2-Q3 2026):

1. Strengthen Security: Use the new Salesforce Shield App to audit your security posture. Understand what you can do but are not yet doing.
2. Work with the new Flow Components: Integrate the Kanban Board and Editable Data Table (once stabilised) into lightweight processes. This will reduce your dependence on custom LWCs.

For a Salesforce Consultant/Administrator

Immediately:

1. Update your release readiness checklist: Add "Audit URL instances" and "Review connected apps" as mandatory steps.
2. Learn about External Client Apps: Read the complete documentation, understand the feature-by-feature comparison with Connected Apps, and be ready to advise customers.
3. Prepare a risk report for each customer: For each organisation, identify non-compliant integrations and packages potentially affected by changes to instance URLs.

Short term:

1. Preview testing: For your largest customers, test Spring '26 immediately in preview mode to identify any issues before they affect production.
2. Launch Agentforce pilots: For customers who have not yet explored Agentforce, use Spring '26 as a trigger point. The new architecture is more stable and suitable for production use cases.
3. Document Data 360 limitations: For customers planning Data 360 implementations, clarify upfront limitations and design architectures accordingly.

Medium term:

1. Become an External Client Apps expert: This is the future of integrations. Consultants who can guide clients through this transition will be in high demand.
2. Offer a Data 360 optimisation service: Many organisations will start to reach their limits. Proactive analysis and re-architecture can be a premium service offering.

Projection: What Spring '26 Holds for the Future (12-24 Months)

Immediate Trajectory (H1 2026)

1. The URL change will be universally applied. Any non-compliant organisation will experience interruptions. This will create a wave of reactive (costly) corrections.
2. Agentforce Builder Beta will be released from beta. The new architecture will become the standard. Legacy agents will continue, but new agents will utilise the deterministic engine.
3. External Client Apps will become the de facto standard. ISVs will have migrated most packages. Connected Apps will be seen as legacy.
4. Data 360 Limits will start to become a pain point. Organisations with complex use cases will see performance degradation or additional configurations being denied.

Medium-term outlook (H2 2026 – H1 2027)

1. Shield will become more central: With the dedicated app, security will be less of a "nice-to-have" and more of a basic expectation. CSOs will start mandating Shield audits.
2. Agentforce Grid and Observability will mature: These tools (announced in Winter '26) will crystallise. Organisations will no longer see Agentforce as an experiment, but as a central part of their operations.
3. Data 360 will evolve into a truly purpose-built CDP. Current limitations will be relaxed for premium customers, creating a tiered pricing model. Small-to-mid market organisations will find that Data 360 costs much more than advertised.

Long-term outlook (2027+)

1. Flow Automation + Agentforce merger: These two pillars (low-code automation and AI agents) will converge. A single orchestration engine will drive both deterministic logic and AI logic.
2. Connected Apps will be completely phased out: Estimated timeline: late 2027 to early 2028.
3. Data 360 is becoming a major budget line item for large customers. Unifying data at scale is expensive. Organisations will find that the total cost of ownership of Data 360 rivals that of their current data warehouses.
4. Agentforce marketplace will emerge: Predefined agents ("Lead Qualification Agent", "Customer Support Agent") will be downloadable, configurable, and deployable within hours. This will democratise Agentforce but also create a new competitive dynamic (commercial agents vs. proprietary agents).

Conclusion

Salesforce Spring '26 is not a "sexy" release. It does not bring major breakthroughs in AI or radically new cloud integrations. Instead, it consolidates, matures, and forces organisations to clean up their technical debt.

For decision-makers, this is a sign that Salesforce cares about the stability of the platform, not just adding features. But it's also a sign that the cost of operating Salesforce will increase: instance URL migrations, Data 360 optimisation, external client app migrations — all of this comes with an implementation cost.

For consultants and administrators, this is an opportunity. Organisations will need guidance, audits, and migration projects. Consultants who can offer services related to preparing for Spring '26 will be in high demand.

For CRM managers, this is a call to action. Use the window before January 2026 to audit your Salesforce landscape, validate your readiness, and plan your migration. Inaction creates risk.