AI Governance vs Data Governance: Why They Need Opposite Approaches

Only 55% of data and analytics teams rate themselves effective at managing governance policies, the lowest score across 14 capabilities measured in the 2025 Gartner CDAO Agenda Survey. Building analytics solutions scored 85%. The gap shows that governance remains the weakest link in data and artificial intelligence programs, and most organizations respond with approaches that make the problem worse.

At the Gartner Data & Analytics Summit in Orlando, Gartner analyst Stephen Kennedy explained why governance programs stall within their first year and why AI governance requires a fundamentally different organizational structure than data governance.

Why Do Most Data Governance Programs Stall?

Most data governance programs get deprioritized nine to 12 months after launch because they default to command-and-control structures the rest of the organization resists. The typical pattern: governance leaders respond to complexity by creating councils, building policies, nominating data owners, and hiring data stewards. Most organizations are not designed for that level of centralized control around their processes.

The fix starts with language. “The first rule of data governance is to not talk about data governance.” Instead of selling governance as a discipline, governance leaders should connect their work to specific business outcomes that executives already care about.

The method: pull down the organization’s most recent annual report and identify the business cases, KPIs, and risk areas management has prioritized. Then work backward to the specific data attributes that need to be governed. In one example from the summit, an enterprise wants to increase revenue by 5% through customer service, with a target of improving customer responsiveness from 93% to 98% by Q3. The governance KPI is order fill rate: the number of orders filled correctly over total orders. Governance work becomes focused on specific master data, application data, and transactional data attributes that affect that metric.

This shifts the conversation from “we need data governance” to “we need this specific data to be accurate so we can hit this revenue target.”

How Is AI Governance Different From Data Governance?

AI governance and data governance have a symbiotic relationship, not an overlapping one, and they require opposite organizational structures. Both struggle with clear accountability because internal functions like risk, legal, HR, and IT all claim partial ownership. Both focus on making data AI-ready. But governing statistical models and GenAI outputs is far more complex than governing structured data.

The critical difference is organizational direction. Data governance has historically defaulted to centralized command-and-control, and it needs to move toward federation and decentralization. AI governance is the opposite: it started decentralized, with individual teams running their own AI projects, and it needs to become more centralized.

A 2024 Gartner AI Mandates for the Enterprise Survey of 251 AI leaders found that when AI development teams, data ideation, prioritization, funding, and application development operated in a decentralized manner, the result was a significantly negative impact on AI maturity. AI strategy, portfolio management, and governance all showed positive impact on maturity when centralized.

This creates a messaging problem for governance leaders. Advocating for federation across the board does not work. They need to specify which governance activities require centralization and which require decentralization.

What Is Adaptive Governance and How Does It Apply to AI?

Adaptive governance replaces the single command-and-control model with four governance styles matched to organizational maturity and use case risk. It runs on a hub-and-spoke structure that balances central standards with federated execution across business units and project teams.

The hub sets strategic direction, but that does not mean enterprise-wide data mandates. Strategic direction is a prioritized set of business cases. The standard is that all data and analytics work must be tied to a demonstrable return on investment. The spokes execute specific requirements within their business units.

Applied to AI, the four styles progress with maturity:

• Control: Compliance-driven governance for early-stage organizations or high-risk AI use cases in regulated industries
• Outcome: Focused on business value and performance, for organizations scaling AI into core processes
• Agility: Rapid experimentation and iterative delivery through distributed decision rights and fusion teams
• Autonomous: AI and ML handle real-time decision-making and automated governance in highly mature organizations

Organizations do not pick one style permanently. They move through them as agentic AI maturity increases, starting with centralized control for initial deployments and gradually federating as processes stabilize.

The Gartner framework also redefines stewardship. Rather than hiring dedicated data stewards, organizations should embed governance in the existing data lifecycle by slightly modifying the behaviors of people who already create, capture, transform, and use data. The knowledge and ability to govern data largely already exists within the organization.

Why Does Unstructured Data Require a Different Governance Approach?

Gartner analysts saw a 150% increase in inquiry volume related to unstructured data over the past 12 months, driven largely by GenAI adoption. GenAI models depend heavily on unstructured data, but most organizations govern it at the business unit level, not the enterprise level.

The complexity is structural. Structured data has predefined schemas, agreed-upon quality dimensions, and a mature vendor market. Unstructured data comes in dozens of formats, has no generally agreed-upon standard for measuring quality, and requires dual-layer metadata: one layer describing the document itself and another describing its contents. The vendor market for unstructured data tools is far less mature.

The Gartner recommendation is a four-step approach: first, identify and prioritize unstructured data sources using automated discovery and classification tools. Second, pre-process and analyze that data. Third, create metadata tags, balancing carefully between too few (which produce an unhelpful knowledge graph) and too many (which produce a confusing one). Fourth, connect structured and unstructured data through a knowledge graph to generate actionable insights.

Throughout this process, organizations need to develop policies for access control, lifecycle management, quality, and security specific to unstructured formats.