Bringing AI and data governance together helps you move fast, stay compliant, and actually get the value you expect from AI.
Organizations are adapting AI at a rapid pace and there are high expectations at the board level and C-level of reaping significant value through these AI initiatives. We are moving at a frantic pace from deploying machine learning (ML)-based solutions to generative AI to AI agents. Industry pioneers are driving the race toward artificial general intelligence (AGI) and artificial super intelligence (ASI).
This environment makes it paramount for organizations to invest and build robust AI governance frameworks that are not just guidelines but have teeth behind them to enforce the practices. However, a recent study by EY found that AI adoption is significantly outpacing AI governance. According to the study that covered 975 C-level executives across 21 countries, 75% of those surveyed use Gen AI, but only a third had responsible controls in place.
In general, organizations implementing AI are increasingly facing tough questions on multiple fronts:
- Are your AI initiatives proceeding at the pace to maintain competitive advantage?
- Are your AI initiatives providing measurable value?
- Are you able to manage risks and compliance through an organized AI governance framework?
Naturally, there is increased attention towards the first two bullet points, causing a reduced focus on the third. While AI governance itself is lacking, the other critical factor that most organizations deal with is the lack of alignment between data governance and AI governance. While everyone understands that data is the lifeblood for all forms of AI, even enterprises that have implemented safe and responsible AI practices tend to have a siloed approach to data governance and AI governance, based on my experience working with Fortune 500 corporations.
Data governance
Most enterprises have implemented a data governance tool or, in some cases, multiple tools to manage data quality, data lineage, data security and data retention needs of the organization. However, most large enterprises suffer from the lack of a single source of truth across several domains, as they have tried to keep pace with the emerging technology solutions over the decades, from RDBMS to data warehouses to data lakes. Data proliferation inherently makes it harder to manage and govern the data. Data latency is another issue that impacts use cases that require real-time data. In their rush to jump on the AI bandwagon, organizations tend to use this current state of data that is plagued with issues and hence are unable to derive the full value of their AI investments.
AI governance
As previously noted, most organizations have yet to implement a robust AI governance framework. The ones that have implemented some form of AI governance have a centralized approach through an AI center of excellence. (AI COE). In most cases, these COEs are managed by a chief AI officer (CAIO). The CAIO tends to focus on AI governance considerations such as model governance, bias, toxicity, hallucination, jailbreaks and the like, and not so much on the underlying data, as this is managed typically by the chief data officer.
The impact of this fragmented approach has legal, regulatory, security and ethical implications. Organizations grapple with questions like:
- Is the data used by AI systems trustworthy?
- Are the models legally and ethically compliant?
- Do the deployed AI solutions respect privacy laws across jurisdictions?
- Is there adequate control over the use of Generative AI and agentic systems?
- Can these systems explain their decisions when challenged?
The risks are high for global enterprises that operate across multiple geographies with disparate privacy laws, regulations and the emerging yet unknown regulatory landscape with AI. C-level executives tend to have a better appreciation for these risks but may not be fully aware of the underlying causes, such as a siloed approach to AI and data governance.
The case for a unified approach to AI and data governance
Given the current state and the challenges associated with it, it is time for organizations to move to a unified approach across AI and data governance. This approach will not only help unleash value from their AI investments but will also ensure regulatory compliance and mitigate risks. A practical approach to accomplish this is articulated below.
Data-first design
Unlike traditional AI governance approach that focuses on models or tools, organizations should focus on where all AI begins: data. By recognizing data as the lifeblood of AI, organizations can govern AI from the ground up, using the quality, sensitivity and lifecycle of data to dynamically assess and control risk—long before a model is even trained.
Adaptive, tiered governance framework
Organizations should embrace an adaptive governance, using real-time risk classification and tiering. This allows organizations to apply stronger controls where risk is high (e.g., PII, PHI, autonomous actions) and lighter controls where speed of innovation is critical – governing at the speed of business without compromising safety.
Leverage generative AI to improve data quality
The potential of generative AI can be unleashed on data to resolve several issues, such as:
- Data classification
- Data cleansing
- Metadata management
Invest in data pipelines and data ops
Organizations tend to have issues with their data pipelines and integrations, causing reliability and performance issues. As organizations start using AI in real-time use cases, issues with data pipelines tend to poor outcomes in those use cases. Organizations should invest in building robust data integrations and pipelines and observability of these pipelines.
AI-driven governance
Build self-learning governance agents that monitor evolving risks, regulatory changes and model behavior across use cases and geographies. These agents can autonomously trigger alerts, suggest controls and adapt policies, turning governance into a living, intelligent system rather than a manual, static checklist.
Central-led but federated execution
Design a central-led governance model with localized execution—perfect for multi-region or multi-business-unit organizations. It ensures consistent guardrails across the enterprise while allowing local flexibility, a critical need for global firms navigating regulatory fragmentation.
Expand the AI governance committee
The AI governance committee should be expanded beyond the traditional representation from IT and business. There should be representation from legal, privacy, compliance, Information security, third-party management and human resources. This level of diversity will ensure that the AI policies take into account not just technical and business priorities but also legal, ethical and social considerations and the impact on stakeholders within and external to the organization.
Benefits of the unified approach
A robust AI and data governance approach is critical to deliver responsible AI. The benefits can be seen across multiple facets:
Privacy
Privacy is key to building trust among stakeholders and avoiding reputational risk. The most common concern in the widespread usage of Gen AI is private data being used to train models without safeguards. A strong data governance framework using tools to enhance privacy (such as anonymization) that serves as a foundation for AI will go a long way in ensuring compliance with privacy regulations and improving trust in the brand.
Cybersecurity
With the rapid adoption of AI and AI agents, cyber security teams within organizations have a huge challenge to mitigate this new and emerging threat landscape. AI governance frameworks that embed cybersecurity ensure that organizations are well-positioned to move fast and innovate without compromising their vulnerabilities.
Regulatory readiness
As the AI landscape evolves at a breakneck speed, the regulatory landscape is trying to keep up with this. The regulatory bodies at a federal level, state level and in other countries outside of the US are grappling with defining policies without stifling innovation. Organizations that stay ahead of the curve with an AI governance framework have a better chance of success in adapting to the changing regulatory landscape.
Third-party risk
Organizations work with several third parties, such as vendors and subcontractors, who have begun to extensively utilize AI in their products and services. Including the third-party management (TPM) function within the organization as part of AI governance and educating the TPM team on the risks and mitigation strategies will reduce friction and enable growth through effective partnerships.
Governance: A business enabler, not a cost center
To summarize, the unified approach outlined above towards AI governance is a paradigm shift: from fragmented controls to unified oversight, from compliance-led to risk-led, and from static frameworks to self-learning governance. This approach will result in driving governance as a business enabler and not a cost center. This will also lead to providing strategic advantage, improving trust and the long-term scalability of AI initiatives.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
