Data Governance and Quality: Charting a Way Forward in the AI Era

Written By Jesse Wilson

Data is no longer just a by‑product of business systems—it is the fuel that powers innovation, strategic decision‑making and, increasingly, generative AI. As organisations rush to tap the value locked in data, many are discovering that quality and governance are prerequisites, not after‑thoughts. Messy data causes broken dashboards, missed opportunities and compliance problems, and it erodes the very trust needed to deploy AI responsibly. In this post I explore the current state of data governance and quality, the costs of doing nothing, the frameworks and regulations shaping the field, and some practical steps leaders can take to move forward.

The State of Data Governance and Quality

The last few years have seen a dramatic increase in awareness of data governance and quality. Multiple surveys across sectors suggest that organisations are investing more in formal programs, but progress remains uneven and challenges persist.

  • Adoption is climbing, but maturity is patchy. Precisely and Drexel University’s 2024 Data Integrity survey found that 71% of organisations now have a data governance program, up from 60$ in 2023.¹ At the Gartner Data & Analytics Summit, 65% of data leaders ranked data governance as their top priority and 47% cited data quality.² However, a Monte Carlo survey of 200 data professionals reports that data incidents increased from 59 to 67 per month, with detection times often exceeding four hours, and resolution times averaging 15 hours. More than half of respondents said that at least 25% of revenue is affected by data quality issues, with the average revenue impact climbing to 31%.³ Only 12% of the respondents in a DBTA survey felt their data was of sufficient quality and accessibility for AI, while 67% admitted they do not fully trust their data.⁴ The same survey shows that 62% cite lack of data governance and 64% cite poor quality as top obstacles to data integrity.⁴

  • The measurement gap and structural debates. Board.org’s 2025 State of Enterprise Data Governance report highlights a disconnect between program goals and executive perception. Nearly 39% of surveyed data leaders struggle to demonstrate governance’s value to leadership and still measure success through operational metrics such as quality scores and user adoption.⁵ Structure remains contested: 36% of leaders favour a centralised model, another 36% favour federated governance, and 29% use hybrids.⁵ Despite structural differences, a third of respondents see automation and embedding controls into data workflows as their top modernisation priority.⁵ Notably, only 7% list AI governance among their top focus areas, revealing a blind spot that will need to be closed as AI adoption accelerates.⁵

  • Data quality remains a top priority. The Business Application Research Center (BARC) surveyed more than 1,500 participants for its Data, BI and Analytics Trend Monitor 2026. Data quality management reclaimed the number‑one priority with an importance rating of 7.9/10, ahead of data security/privacy, data governance, data‑driven culture and data literacy.⁶ Best‑in‑class companies emphasise quality, governance and culture far more strongly than less‑mature organisations.⁶ A companion piece notes that generative AI depends on rigorous data quality and that hallucinations and bias cannot be solved by algorithms alone.⁷ The BARC analysis cautions that while AI and automation trends are important, they do not override the need for clean, secure and trusted data.⁶

  • Programs struggle to scale. Despite growing investments, 87%of organisations remain at low business intelligence and analytics maturity even though 60% prioritise governance initiatives.⁸ Precisely’s survey echoes this: although governance adoption is rising, 54% of respondents rank governance as a top data‑integrity challenge and 56% rank data quality.¹ Data mesh and data fabric approaches emphasising metadata and data catalogs are gaining traction, but leaders remain cautious.¹ In Atlan’s survey, only about 30% of organisations had generative AI proof‑of‑concepts, and just 11% had metrics linking data team return on investment to business outcomes.²

  • Emerging trends and fines. Dataversity reports that roughly 60% of corporate leaders prioritise data governance, and that governance is ahead of AI by 80% for data platform and security practitioners.⁹ European regulators have started levying heavy fines—up to £17.29 million or 4% of global revenue—for non‑compliance.⁹ Dr Peter Aiken of DAMA International estimates that fixing poor governance consumes 20‑40% of IT budgets.⁹ As a result, 62% of organisations plan to audit their data governance programs to align policies, involve executives and explore federated structures.⁹

The Cost of Poor Data Quality and Governance

Failing to invest in data quality and governance is no longer a benign oversight. Poorly governed and inaccurate data carries direct and indirect costs that harm the bottom line and undermine strategic initiatives:

  • Lost revenue and operational inefficiencies. Gartner research consistently finds that poor data quality costs the average enterprise approximately US$12.9 million per year, a figure echoed by multiple sources.¹⁰˒¹¹ Revefi’s analysis notes that over 25% of data and analytics employees estimate they lose more than US$5 million annually, and 7% report losses exceeding US$25 million.¹⁰ Acceldata adds that 20‑30% of enterprise revenue is lost to data inefficiencies, and that data teams spend up to half of their time on remediation.¹¹ Fixing issues after they hit dashboards can cost 100× more than catching them at ingestion.¹¹

  • Business disruption and compliance risk. Poor data quality creates faulty analytics, operational bottlenecks, supply chain disruptions, lost customer trust and missed revenue opportunities.¹⁰ It also increases the risk of regulatory penalties and fines, particularly in regulated industries. The cost of compliance failure can include reputational damage, higher insurance premiums and legal expenses.

  • Hidden cultural costs. When employees cannot trust data, they fall back on manual work‑arounds or gut instinct, undermining analytics investments. The Monte Carlo survey reveals that 74% of data quality issues are first identified by business stakeholders rather than data teams.³ Responsibility for data quality is widely dispersed—50% place it on data engineering, 26% on analysts and 5% on data governance teams—which can lead to finger‑pointing and delays.³

  • Opportunity cost. Because data teams are busy fixing problems, they spend less time building new capabilities. The DBTA survey found that only 12% of organisations feel their data is ready for AI, meaning most enterprises are starting from a poor foundation.⁴ Without trust, companies are reluctant to deploy AI in production, leaving competitors to capture early value.

Frameworks for Data Governance and Quality

No single framework is a silver bullet, but established standards provide useful scaffolding for governance programs. Several well‑known frameworks can be combined and adapted to suit organisational culture and regulatory obligations:

  • DAMA–DMBOK (Data Management Body of Knowledge).¹² The DMBOK, maintained by DAMA International, covers eleven core knowledge areas including data governance, architecture, modelling and design, storage and operations, security, integration, documents and content management, reference and master data, warehousing and business intelligence, metadata management and data quality management. It emphasises that data governance sets policies, roles and standards, while data quality management ensures accuracy, completeness, consistency, timeliness and uniqueness. The DMBOK remains vendor‑neutral and is widely adopted by chief data officers and academics.

  • DCAM (Data Management Capability Assessment Model).¹³ Developed by the EDM Council, DCAM provides a capability framework and benchmarking methodology for data management. Its latest version emphasises support for cloud and AI, a stronger focus on governance, privacy and protection, and streamlined capabilities for easier navigation. Benefits include assessing ecosystems, developing business cases, creating strategic roadmaps, mapping to regulations such as Basel Committee BCBS 239 and the EU’s GDPR, and establishing objective metrics for maturity.

  • COBIT.¹⁴ Originally an IT‑governance framework, COBIT links IT policies to business objectives and emphasises risk management and internal controls. It encourages aligning data governance with enterprise goals and emphasises continuous improvement. Because COBIT is broad, it is often used in combination with frameworks like DMBOK or DCAM for greater specificity.¹⁵

  • ISO/IEC 38505. This international standard extends the corporate‑governance principles of ISO/IEC 38500 to data. It outlines six principles—responsibility, strategy, acquisition, performance, conformance and human behaviour—and emphasises strategic alignment, accountability, transparency and ethical data use.¹⁶ ISO 38505 covers the entire data lifecycle from acquisition and storage to processing, archiving and disposal; it stresses data quality management, security and privacy, and calls for defined governance roles, processes and supporting tools.

  • BCBS 239 (Basel Committee on Banking Supervision). While directed at banks, this regulation has broader implications for risk data aggregation and reporting. Principles 1 and 2 demand a robust data governance framework and appropriate IT infrastructure for collecting, aggregating and reporting risk data.¹⁷ Principles 3–6 require data to be accurate, complete, timely and adaptable, using automated validation tools.¹⁷ Reporting must be accurate, comprehensive, clear and frequent, and supervisors are expected to review, require remedial actions and cooperate with regulated entities.¹⁷ For non‑financial firms, BCBS 239 serves as a useful model for risk‑based governance.¹⁶

  • Other frameworks and best practices. The Alation article summarises five governance pillars—data quality management, privacy and security, data stewardship and accountability, data lineage and transparency, and policy and standards management—and suggests steps such as assessing maturity, defining scope, choosing a framework, and establishing a governance structure.¹⁵ Data mesh and fabric approaches emphasise decentralised ownership and active metadata, while the “shift left” concept advocates embedding governance controls early in the data lifecycle.¹˒⁹

Regulations Shaping the Landscape

Beyond voluntary frameworks, several regulations and directives are forcing organisations to invest in governance and quality:

  • EU Data Governance Act. Effective since 24 September 2023, the Data Governance Act aims to enhance trust and encourage voluntary data sharing across the European Union. It establishes common data spaces and neutral data intermediaries, enables data altruism for public‑good purposes and imposes obligations on intermediaries to remain neutral; fines apply for non‑compliance.¹⁸ The Act applies broadly to public‑sector bodies, data intermediaries and organisations that collect protected data.

  • EU Data Act. Entering into force on 11 January 2024 and applying from 12 September 2025, the Data Act gives users more control over data generated by connected devices and aims to foster a competitive data economy.¹⁹ It ensures that devices allow data sharing, empowers consumers to choose service providers, enables business users to access performance data to improve efficiency, prohibits unfair contracts that prevent data sharing and allows for switching between cloud providers.¹⁹ It also increases legal certainty and permits public‑sector bodies to access private data during emergencies.¹⁹

  • EU NIS2 Directive. The NIS2 Directive, effective January 2023 with implementation deadlines in late 2024, establishes a unified cybersecurity framework across the European Union. It expands coverage to more critical sectors—transport, finance, healthcare, digital infrastructure and more—and requires risk management measures, incident reporting and board‑level accountability.²⁰ Member states were required to set up national cybersecurity strategies and participate in cross‑border cooperation networks by October 2024.²⁰ For data governance teams, NIS2 underscores the need for secure infrastructure and executive oversight.

  • Other sector‑specific regimes. Financial services, health care and privacy laws (e.g., GDPR, HIPAA) impose stringent data quality and retention requirements. DCAM explicitly maps its capabilities to major regulations such as BCBS 239 and GDPR.¹³ Organisations should monitor new rules such as the Digital Operational Resilience Act (DORA) and state privacy laws to ensure compliance.²¹

Putting Governance into Action

Statistics, frameworks and laws are useful signposts, but success ultimately depends on people and processes. Based on the research and my experience working with small‑ and medium‑sized enterprises and large corporations, here are some practical steps to strengthen data governance and quality:

  1. Define the “why” and secure executive sponsorship. Data governance often fails because it is framed as a technical or compliance exercise. Start by articulating how trustworthy data supports growth, innovation and risk management. Use statistics—like the US$12.9 million annual cost of poor quality and the fact that 74% of quality issues are discovered by business users—to build a business case.¹⁰˒³ Securing board‑level sponsorship ensures that governance initiatives receive resources and attention.

  2. Assess current maturity and choose a framework. Conduct a best‑practice assessment to understand your baseline.⁹ Frameworks like DMBOK and DCAM provide comprehensive checklists; others such as COBIT or ISO/IEC 38505 may be more suitable for specific industries. The right choice depends on organisational culture, regulatory obligations and desired outcomes.

  3. Establish clear roles and accountability. Governance requires defined responsibilities for data owners, stewards and custodians. The decentralised nature of data mesh or federated models means that business units must take ownership while central teams provide standards and oversight. Formal data stewardship programmes help prevent the diffusion of responsibility observed in surveys.³ Encourage collaboration between IT, legal, risk and business teams.

  4. Embed governance into workflows and automate controls. Automation is emerging as the key to scalable governance.⁵ Embed data quality checks, lineage capture, access controls and ethical‑use guidelines into data pipelines and product development lifecycles. Adopt a “shift left” approach that integrates governance at the earliest stage of data creation.⁹ Use active metadata and observability tools to detect issues early and reduce remediation costs.

  5. Measure what matters and communicate value. Move beyond operational metrics to business‑centric measures such as revenue protected, compliance risk mitigated, time‑to‑insight improved or AI models deployed. Align your metrics with executive priorities to bridge the measurement gap identified in the Board.org study.⁵ Transparently reporting wins builds credibility and maintains momentum.

  6. Invest in culture and literacy. Data governance is as much about people as processes. Best‑in‑class companies emphasise data literacy and a data‑driven culture.⁶ Provide training on ethics, privacy and responsible AI. Promote collaboration and celebrate teams that uphold quality and governance standards.

Conclusion

The era of generative AI and ubiquitous data sharing has elevated the stakes for data governance and quality. Surveys show that adoption is rising, yet maturity gaps and measurement challenges persist. The cost of poor quality runs into millions of dollars, and regulatory fines are becoming more severe. Frameworks like DMBOK, DCAM, COBIT, ISO/IEC 38505 and BCBS 239 offer robust foundations, while new regulations such as the EU Data Governance Act, Data Act and NIS2 signal that compliance cannot be an after‑thought. Organisations that invest in clear roles, automation, cultural change and meaningful metrics will position themselves to harness AI responsibly, unlock innovation and build enduring trust. It’s time to treat data governance and quality not as overhead, but as strategic enablers.

References

  1. Galvez, Rachel. “2025 Planning Insights: Data Governance Adoption Has Risen Dramatically.” Precisely.com, December 09, 2024. Accessed May 19, 2026. https://www.precisely.com/blog/data-integrity/2025-planning-insights-data-governance-adoption-has-risen-dramatically/.

  2. Austin Kronz, “Data Governance Is a Top Priority for 65% of Data Leaders – Insights From 600+ Data Leaders for 2024,” Atlan | Humans of Data, April 1, 2024, https://humansofdata.atlan.com/2024/03/future-of-data-analytics-2024/.

  3. Segner, Michael. “The Annual State of Data Quality Survey, 2026.” Monte Carlo Data, July 2, 2025. https://www.montecarlodata.com/blog-data-quality-survey.

  4. McKendrick, Joe. “RESEARCH@DBTA: Survey: Data Quality and Governance Issues Hold Back AI.” Database Trends and Applications, October 10, 2024. https://www.dbta.com/Editorial/Trends-and-Applications/RESEARCH-at-DBTA-Survey-Data-Quality-and-Governance-Issues-Hold-Back-AI-166534.aspx.

  5. Board.org Editor and By Board.org Editor. “2025 State of Enterprise Data Governance | Board.org.” Board.org, January 30, 2026. https://board.org/data/resources/what-we-learned-from-the-2025-state-of-enterprise-data-governance-report.

  6. BARC - Data Decisions. Built on BARC. “BARC News | Data Quality Beats AI Hype,” November 12, 2025. https://barc.com/news/barc-publishes-the-data-bi-and-analytics-trend-monitor-2026/#:~:text=1%2C579%20Experts%20Confirm%3A%20Data%20Quality%2C,Foundation%20for%20Analytics%20and%20AI.

  7. Strategy. “Why Data Quality Is Key to AI Success in 2026,” n.d. https://www.strategy.com/software/blog/why-data-quality-is-key-to-ai-success-in-2026.

  8. Tobin, Donal. “Data Quality Improvement Stats From ETL – 50+ Key Facts Every Data Leader Should Know in 2026.” Integrate.io, January 12, 2026. https://www.integrate.io/blog/data-quality-improvement-stats-from-etl/.

  9. Michelle Knight, “Data Governance Trends in 2024 - Dataversity,” Dataversity, January 30, 2024, accessed May 19, 2026, https://www.dataversity.net/articles/data-governance-trends-in-2024.

  10. Revefi. “The Increasing Cost of Poor Data Quality on Business Operations.” Revefi Inc. (blog), March 26, 2026. https://www.revefi.com/blog/business-operations-poor-data-quality-cost.

  11. Chen, Ramon. “Turn Data Quality Risks Into Revenue With ADM.” Acceldata, January 31, 2026. https://www.acceldata.io/blog/the-hidden-cost-of-poor-data-quality-governance-adm-turns-risk-into-revenue.

  12. DAMA International®. “DAMA-DMBOK® - DAMA International®,” November 24, 2025. https://dama.org/dmbok2r-infographics/.

  13. EDM Council. “Data Management - DCAM - EDM Council,” February 20, 2026. https://edmcouncil.org/frameworks/dcam/.

  14. “COBIT®| Control Objectives for Information Technologies®,” ISACA, n.d., https://www.isaca.org/resources/cobit.

  15. “Data Governance Frameworks Explained: Your Roadmap to Success,” August 6, 2025. https://www.alation.com/blog/data-governance-framework/.

  16. Matta, Ishmeet, and Ishmeet Matta. “Data Governance Frameworks -The ISO 38505.” Sogeti Labs, March 13, 2025. https://labs.sogeti.com/data-governance-frameworks-the-iso-38505/.

  17. Wright, Verrion. “BCBS 239 Compliance: A Guide to Effective Risk Data Aggregation and Reporting.” BigID, February 5, 2026. https://www.bigid.com/blog/bcbs-239-compliance.

  18. “Data Governance Act | Freshfields,” n.d. https://www.freshfields.com/en/our-thinking/campaigns/tech-data-and-ai-the-digital-frontier/eu-digital-strategy/data-governance-act.

  19. European Commission. “Data Act.” Shaping Europe’s Digital Future, n.d. https://digital-strategy.ec.europa.eu/en/policies/data-act.

  20. European Commission. “NIS2 Directive: Securing Network and Information Systems.” Shaping Europe’s Digital Future, n.d. https://digital-strategy.ec.europa.eu/en/policies/nis2-directive.

  21. European Insurance and Occupational Pensions Authority. “Digital Operational Resilience Act (DORA),” n.d. https://www.eiopa.europa.eu/digital-operational-resilience-act-dora_en.

Jesse Wilson
Next

Governing AI in 2026: Managing Risk and Unlocking Value