What AI Governance Can Learn From The Data Governance Era
Data governance took most enterprises a decade to get right, and those that started late paid the price.
Vinod Bijlani, Forbes Councils Member
Forbes
3 min read
6/10
Key Takeaways
Enterprises took 7–10 years on average to mature data governance programs, with late adopters facing $14.8 million average compliance incident costs (Forbes Tech Council, 2026).
78% of surveyed enterprises reported an AI-related compliance near-miss in 2025, up from 45% in 2023, signaling escalating risk.
The EU AI Act's phased compliance starts in mid-2026, with U.S. states like Colorado and California expected to pass AI transparency laws by 2027.
AI governance parallels data governance in needing cross-functional ownership, lifecycle management (model versioning), and proactive regulation adoption.
Forbes analysis recommends immediate AI risk inventory, appointment of an AI ethics officer, and embedding governance into model development pipelines.
Unlike data governance, AI systems introduce opacity challenges (e.g., black-box models) that require new auditability techniques.
**Hook:** Enterprises that dragged their feet on data governance paid dearly in fines, breaches, and lost trust — and AI governance is shaping up to be an even costlier lesson for those who delay. **Lead:** According to a Forbes Tech Council analysis published on May 29, 2026, the decade-long struggle to establish robust data governance frameworks offers a stark blueprint for the emerging field of AI governance. Companies that waited until regulations like GDPR were in full force faced scramble-mode compliance, reputational damage, and competitive disadvantage — a pattern now repeating with AI. **Context:** Data governance became a boardroom priority only after high-profile scandals — think Cambridge Analytica and the EU's General Data Protection Regulation — forced action. The process took most enterprises 7–10 years to mature, from understanding data lineage to implementing access controls and audit trails. AI governance today is roughly where data governance was in 2016: fragmented, reactive, and largely voluntary. The Forbes piece argues that organizations can compress that learning curve by applying proven principles from the data era — but only if they start now. **Key Details:** The article, authored by a member of the Forbes Technology Council (the council comprises CTOs, CIOs, and senior tech executives), highlights three critical parallels: the need for cross-functional ownership (data stewards → AI stewards), the importance of lifecycle management (data retention → model versioning and monitoring), and the inevitability of regulation (GDPR → proposed EU AI Act and emerging U.S. state AI laws). It cites that 78% of enterprises surveyed in 2025 reported at least one AI-related compliance near-miss, up from 45% in 2023. The cost of non-compliance with data regulations averaged $14.8 million per incident for large firms; early indications suggest AI violations could exceed that due to higher operational and reputational stakes. **Analysis:** The core insight is that AI governance cannot be a purely technical checkbox. Just as data governance required a cultural shift — embedding privacy-by-design into product development — AI governance demands fairness-by-design, transparency-by-design, and accountability-by-design from the outset. Critics point out that AI systems are more opaque than databases, making auditability harder. Yet the consequences of ungoverned AI — biased hiring algorithms, hallucinating chatbots, opaque credit decisions — are already generating regulatory and consumer backlash. The Forbes analysis reinforces a growing consensus: governance is not a bottleneck but a competitive moat. **Outlook:** The next 18 months are critical. The EU AI Act's tiered compliance deadlines begin phasing in mid-2026, and several U.S. states are expected to pass AI-specific transparency laws by 2027. Enterprises that treat AI governance as a strategic project — with dedicated budgets, C-suite sponsorship, and iterative maturity models — will avoid the 'panic-and-patch' cycle that plagued data governance. The article's closing advice: start with a risk inventory of high-impact AI use cases, appoint an AI ethics officer, and build governance into model development pipelines today. The cost of acting is far lower than the cost of reacting.
Frequently Asked Questions
AI governance refers to the frameworks, policies, and practices that ensure artificial intelligence systems are developed and used responsibly, transparently, and in compliance with laws and ethical standards. It covers model lifecycle management, bias detection, accountability, and auditability.
Data governance provides a historical blueprint for AI governance. Both require cross-functional ownership, lifecycle management, and proactive compliance. Data governance took a decade to mature; AI governance can learn from that timeline to avoid costly reactive fixes.
Three key lessons: start early and treat governance as strategic, not technical; embed accountability into product development; and anticipate regulation before it forces compliance. Delaying leads to higher costs and reputational damage.
The EU AI Act begins phased compliance in mid-2026. Several U.S. states are expected to pass AI transparency laws by 2027. Enterprises should prepare now by conducting risk inventories and appointing AI ethics officers.
Poor AI governance can lead to biased outputs, regulatory fines, consumer backlash, and loss of trust. Early indicators suggest AI compliance incidents could cost more than data breaches, with $14.8 million per incident in the data era as a baseline.
Start with a risk inventory of high-impact AI use cases, appoint an AI ethics officer, build governance into model development pipelines, and establish cross-functional oversight teams. Iterate using maturity models similar to data governance frameworks.
