Data Governance and AI Governance: Where Do They Intersect?

By on
aniqpixel / Shutterstock

Artificial intelligence (AI) is transforming businesses and industries worldwide with new data products and services. A recent Stanford University AI Index Report found that about 55% of companies have already implemented AI in at least one business unit or function. To get the best results, organizations need to connect AI and its data activity with their business strategy. So, data governance (DG) and AI governance (AIG) need to come into play.

Data governance harmonizes data activities across organizations, with 88% having an established program. AIG is newer, focusing on supervising machine learning (ML) algorithms and other AI systems to achieve profitability and ensure fair and respectful use, aligned with regulations.

As demands for data governance and AI governance increase, how can companies make them work together? This article explores their scopes, overlaps, differences, and which approaches to consider.

What Is Data Governance?

Data governance is a set of processes, roles, policies, standards, and metrics that ensure the effective and efficient use of information across an organization. This program involves managing the planning and operations of data – “facts that can be analyzed or used to gain knowledge or make decisions” as the American Heritage Dictionary states. With good data governance, organizations trust and use their data.

The core objectives of data governance are achieved through collaborative governance. It aims to fulfill the organization’s needs for data-driven insights, enable the efficient use of technology, and drive digital transformation initiatives. See the diagram below:

Consequently, data governance leads make decisions, such as:

  • Allocating resources to support the data strategy and meet business needs
  • Defining data roles: who produces, manages, and consumes data and how
  • Understanding data lineage: where it moves and how it changes
  • Balancing data access and security to achieve business goals while maintaining compliance
  • Measuring DG performance and driving continuous improvement

These decisions impact AI training and content generation. For example, AI could define, produce, and use organizational data that is governed. These results impact key data governance deliverables. However, AI initiatives are just one part of DG’s concern. 

Data Governance Governs More Than AI

Data governance services data needs from all corporate technologies and employees that handle data. AI is only one part of this ecosystem, which also includes compliance with data regulations like the EU’s GDPR. Physical systems that include functionality outside of AI consist of:

  • Transaction-based schemas, like relational databases and data warehouses
  • Big data tools, like data lakes and graph databases
  • Sensor data associated with any device, the Internet of Things (IoT)
  • Data stored or computed using cloud computing

Also, DG mainly focuses on data and its implications, skipping technical details that are not relevant to businesspeople. For example, data governance discussions may center around standards needed to secure data with encryption. However, a conversation about what encryption algorithm to use or how to customize it through ENCRYPT-CSA typically exceeds the scope of DG.

These aspects of data governance imply that DG services data needs from all corporate technologies and employees that handle data. AI initiatives are just one part of DG’s concern. As AI capabilities grow, organizations also need dedicated AI governance frameworks to manage the distinct challenges surrounding their development and use.

What Is AI Governance?

AI governance (AIG) governs the processes, roles, and technologies underlying the computer’s cognitive capabilities that resemble the human mind, beyond just data.

These components include system architecture, observation, and risk mitigation.

Though AIG frameworks vary, all aim to promote understanding, accountability, and transparency around AI development, evolution, and outputs. In this context, AIG delivers guardrails for organizations to get business value from AI initiatives while ensuring AI tools and systems remain safe and ethical. 

For success, AI governance leaders must consider:

  • How AI planning and activities support the AI strategy, a comprehensive roadmap for integrating AI technology in a way that meets the overarching business strategy and desired results.
  • What kinds of AI technologies does the organization have, and what AI capabilities is it planning to obtain and when? 
  • What are the identified associated risks of the AI technologies?
  • Who has accountability for researching, developing, and using what available AI technology? What are the third-party contractual obligations and requirements?
  • How can our organization ensure the quality of each AI model? This includes the AI model’s strengths and weaknesses, behavioral outcomes, and potential biases.
  • How can AIG’s deliverables be measured, and how can it improve?

Clearly, AIG objectives will intersect with those of data governance. Both will need to ensure any training data for and any data products from AI align with business needs. 

Additionally, AI governors will need to trace any data that flows through AI and what happens to it. However, AI governance covers more than just its data components.   

AI Governance Expands Beyond Data

An AI governance framework must also establish best practices for system architecture in addition to governing data practices. For example, AIG needs to monitor and measure performance benefits and risks to AI’s functioning. Systems with higher intelligence mean more AIG oversight to meet safety and ethical needs. Different AI application types include the following:

  • Narrow intelligence: The AI is trained and focused to perform only specific tasks. For example, a customer chatbot assistant on an e-commerce site handles frequently asked questions (FAQs). 
  • Strong intelligence: The AI has general intelligence like humans. It can do many similar things it’s asked. For example, self-driving cars would have strong intelligence. An AI entering a house and making coffee would also indicate strong intelligence.
  • Super intelligence: The AI software can outsmart humans in cognitive function, and it currently exists in science fiction. For example, HAL computer from 2001: A Space Odyssey presents a superintelligence.

While AI applications with higher intelligence levels may offer greater business value, they also pose increased risks to human safety and well-being. This assessment adds a perspective to AIG that is not present in DG. For example, any governance needs to consider a risk-based approach as shown in the model below to comply with the EU’s AI Act.

A risk-based approach (The European Commission)

AI governance needs to cover the contents of the data fed to and retrieved through AI, in addition to considering the level of AI intelligence. Doing so addresses issues like biases, privacy, use of intellectual property, and misuse of the technology.

Consequently, AIG needs to guide what subject matter can be processed through AI, when, and in what contexts. For example, if an AI tool generates a list of job candidates, the AIG framework needs to follow up with recommendations to ensure it is composed fairly and used appropriately.

Similarities Between AIG and DG

AIG and DG share common responsibilities in guiding data as a product that AI systems create and consume, despite their differences. Both governance programs evaluate data integration, quality, security, privacy, and accessibility.

For instance, both governance frameworks need to ensure quality information meets business needs. If a major retailer discovered their AI-powered product recommendation engine was suggesting irrelevant items to customers, then DG and AIG would want the issue resolved. 

However, either approach or a combination could be best to solving the problem. Determining the right governance response requires analyzing the root issue.

Differences Between AIG and DG

DG and AIG provide different approaches; which works best depends on the problem. Take the example, above, of the inaccurate pricing information to a customer in response to a query.

The data governance team audits the product data pipeline and finds inconsistent data standards and missing attributes feeding into the AI model. However, the AI governance team also identifies opportunities to enhance the recommendation algorithm’s logic for weighting customer preferences.

The retailer could resolve the data quality issues through DG while AIG improved the AI model’s mechanics by taking a collaborative approach with both data governance and AI governance perspectives. This combined effort ultimately could provide more relevant, valuable product recommendations to customers.

But the organization may not have enough information to pinpoint the root cause. Both hypotheses may be suggested to leadership or an alternative, like a networking error due to a security protocol. In such cases, the different approaches of DG and AIG may or may not adequately address the problem.


In a podcast, Karen Meppen, Director of Client Services at Hakkoda, suggested making sense of the situation surrounding a business objective to see whether governance is the next step and what kind of governance is needed. The questions to understanding a business objective may be clear and lend themselves to either a data governance or AIG approach or a combination of the two.

While both DG and AIG frameworks overlap, they are distinct with different expectations and outcomes. Sometimes the best the organization can do is to learn more about the data problem or opportunity before deciding whether it belongs to DG or AIG.

Meppen says, “There is a lot of different things you can do to your dataset that can have cascading negative consequences. Simultaneously, some data actions lead to cascading positive outcomes.”

The trick is to plan accordingly for not knowing about the problem and to learn about the data issues that emerge. Understanding the problem is key to deciding whether and how to apply a data governance vs. AI governance framework.