Data Intelligence Monthly: Executive Insights on AI Governance

11 February 2026 - ID G00845303 - 14 min read
By Lulu Wang, David Pidsley,  and 1 more
This edition presents the latest research on artificial intelligence governance for data and analytics leaders, drawn from proprietary surveys and lessons from your peers. Use these data-driven insights to better structure and operationalize your AI governance program to drive ROI.

Strategic Planning Assumptions

By 2027, 60% of organizations will fail to realize AI value due to a lack of integration between data governance and AI governance.
By 2029, “death by AI” legal claims will have doubled from the previous decade because decision automation deployments lacked sufficient AI risk guardrails.

Analysis

AI governance has rapidly emerged as a trend for data and analytics (D&A) leaders because organizations face increasingly complex regulatory, operational, and ethical challenges. Amid the accelerated adoption of generative AI (GenAI) and other artificial intelligence (AI) solutions, the findings show what matters when establishing governance frameworks.
While 51% of D&A leaders now hold primary responsibility for AI governance (Gartner Chief Data and Analytics Officer Agenda Survey for 2026),1 a stark “readiness gap” persists: only 13% of surveyed leaders feel their organization’s D&A governance function was fully capable of leading this task,2 according to 2025 Gartner Evolution of D&A Governance for AI Survey.

Data Intelligence Monthly

This edition of Data Intelligence Monthly delivers in-depth insights from Gartner expert research and Peer voices to help you, as D&A leaders, navigate the evolving landscape of AI governance. It highlights current trends, challenges, and key considerations for strengthening governance practices in AI-first enterprises.
First, find out if and why you need to act now on AI governance:
Next, get practical research highlights for D&A leaders on what to do about AI governance:

AI Governance Is an Enabler of Business Value

Value-based AI governance goes beyond compliance and risk mitigation; it embeds AI initiatives within the broader context of business value generation, cost efficiency and risk management.
Integrating AI governance into D&A governance framework is a value multiplier to drive business outcomes.
  • Organizations that involve the AI governance team directly in the delivery of AI-ready data are three times more likely to achieve high-impact business outcomes, according to the 2025 Gartner State of AI-ready data Survey,3 as shown in Figure 1.
Figure 1: Driver of AI Business Outcomes and Their Impact on Business Outcomes
Involving the AI governance team in delivering AI-ready data has the greatest positive impact on AI business outcomes, followed by incorporating AI-ready data assessment in model development, certification processes, and data product shareability.
  • Expanding governance to include AI security policies makes an organization 3.8 times more likely to achieve high business impact from their AI-ready data and AI governance programs.3 This outweighs the impact of technical platforms alone.
Governance drives AI engineering effectiveness.
  • Investing in D&A governance tooling and processes drastically improves the engineering team’s ability to execute within budget and timelines,3 as shown in Figure 2.
  • Organizations that have deployed AI governance platforms are 3.4 times more likely to reach “high effectiveness” in their AI governance practices (defined as speed of execution, risk identification quality, senior leaders’ confidence).3
  • Clear ownership identification (such as with a RACI matrix) and decision rights are crucial, as having explicit ownership of AI use cases gain 3.1 times more effectiveness than those operating without this clarity.3
  • Incorporating AI-ready data assessments directly into model development makes data engineering practices 3 times more likely to be highly effective.3
Figure 2: Drivers of AI Business Outcomes and Impact on Effectiveness
Comprehensive and widely implemented AI security policies and AI governance platforms have the greatest positive impact on AI governance practice effectiveness, outperforming other drivers such as data quality policies and guideline granularity.

Governance Models Are Evolving Fast

Traditional D&A governance models can be inherently rigid and often lack the mandate and flexibility required for dynamic AI environments. D&A leaders must adapt their governance models to support the agility, scalability, and risk management demands of modern AI initiatives.
Many D&A governance models are insufficient for AI, resulting in a gap between leaders’ responsibilities and their ability to govern AI effectively.
There’s a stark disconnect between D&A leaders’ current responsibilities and their readiness to govern AI.
  • 62% of organizations report that their D&A governance is only “partially coordinated, with significant gaps” when aligning with other governance mechanisms (such as legal or IT) to govern AI across the enterprise, and an additional 15% are not coordinated at all.2
  • Only 26% of surveyed D&A or AI leaders report that their organizations have fully integrated AI governance structures and policies that are aligned with their data governance, and provide strong oversight and accountability,3 as shown in Figure 3.
Figure 3: Opinion on the Statements — Data Governance Practices
Only 26% of organizations strongly agree their AI governance structure and policies are fully integrated and aligned with data governance, indicating limited maturity in aligning AI and data governance practices.
Traditional D&A governance models are currently failing to deliver the level of confidence in data required by business and technology leaders seeking to be AI-first. See Top Trends in Data and Analytics for 2026.
Siloed D&A governance creates risk by limiting coordination between departments.
D&A governance frequently operates in isolated compliance risks, limiting its effectiveness in managing AI-related risks. Effective AI governance demands deep integration with risk functions such as cybersecurity, ethics and legal. Low levels of coordination, exposing organizations to increased risk and governance gaps in oversight:
  • Responsibility for AI policy management is inherently distributed across multiple departments, as demonstrated by the quantitative analysis of policy ownership in Table 1. No single function possesses sufficient oversight to govern AI independently. Instead, appointing an AI governance lead who is ultimately accountable for the integrated governance model is essential. This leader should align governance activities with a comprehensive AI risk management checklist and delegate specific responsibilities to the appropriate departmental stakeholders.

Responsibility and Accountability for Applying Al-ready Data Governance Policies

Table 1: Responsibility and Accountability for Applying Al-ready Data Governance Policies
AI and Data Science function
Data Management function
Shared between business risk functions
Owned by a single business risk function
Model observability and explainability
(68%)
Data quality (72%)
Privacy (40%)
Privacy (40%)
Stakeholder management for Al use cases (65%)
Data governance (71%)
Data security (31%)
Data Security (31%)
Al governance and risk management
(48%)
Data security (32%)
AI governance and risk management (31%)
Source: 2025 Gartner State of AI-Ready Data Survey
To bridge the identified capability and coordination gaps, organizations are leveraging their existing governance structures rather than building new, specialized teams.
How Your Peers Have Approached AI Governance
Key Finding: An AI Governance “Extension” strategy beats a “Specialization” strategy.
The most common approach to AI Governance, adopted by 45% of organizations, is to simply “extend the remit of existing groups” (such as privacy, security, or data governance) to cover AI, according to the 2025 Gartner Peer Community Poll.4
This is more than double the percentage of organizations that have established a “Dedicated AI governance group” (21%).4

Bridge the Agentic AI Risk Gap

Agentic AI marks a significant advancement over traditional AI models by transforming passive information processors into autonomous agents. But there is a significant disconnection between the rapid development of AI agents and many organizations’ confidence in governing them.
While development is surging, governance structures are largely viewed as inadequate.
  • Only 24% of organizations with a formal centralized GenAI strategy applied consistently strongly agree they have the right governance structures in place to manage AI agents, based on the 2025 Gartner Generative and Agentic AI in Enterprise Applications Survey.5
  • For organizations without a formal centralized GenAI strategy, this confidence drops to just 4%. In the meantime, 79% of IT leaders expect that AI agents will provide at least significant productivity benefits, driving pressure to deploy despite governance gaps.5
IT leaders are signaling that only having policies are insufficient for managing AI that executes decisions without a human-in-the-loop:
  • 33% of IT leaders strongly agree they need additional technical controls to help manage, govern, and secure AI agents.5
  • For D&A leaders, this means that governance must expand to include controls embedded directly into each stage of AI agent deployment.
Effective AI governance demands D&A leaders prioritize dynamic models, clear AI policies and processes, robust ethical oversight, and collaborative frameworks.
These elements enable organizations to manage operational risks, meet regulatory requirements and ensure safe, beneficial AI deployment. The path to safe and valuable AI at scale requires continuous forward-looking approach, collaborative development, and the establishment of agile frameworks that adapt to emerging technological trends. By taking these steps, D&A leaders will position themselves to build AI governance programs that are flexible and adaptive to realize the value of AI enterprisewide.

Research Highlights

Some recommended content may not be available as part of your current Gartner subscription.

Get Started With AI Governance

Integrating AI governance into existing domains requires a streamlined structure and operating model. D&A leaders should anchor AI governance efforts in a clear code of conduct and a robust framework, then translate these principles into actionable governance processes. This lightweight approach enables rapid adoption, minimizes operational overhead, and ensures AI (especially AI agents) oversight is both practical and effective within established risk management practices.

How to Integrate AI Governance Into a Domain?

Adopting enterprise governance of AI (EGoAI) creates a virtual decision-making layer that spans D&A, IT and risk governance domains, enabling organizations to address enterprisewide AI challenges and opportunities without adding bureaucratic overhead. By leveraging existing governance structures, EGoAI facilitates the resolution of complex, strategic business issues while avoiding the inefficiencies of siloed decision-making. Delegate governance rights based on domain expertise.
Enhance AI Decision Making Through Enterprise Governance of AI

How to Structure and Operate a Lightweight Governance Team?

At the outset of the AI governance journey, most organizations lack dedicated resources for AI governance. Begin with a lightweight structure that leverages existing resources, assigning them additional AI governance responsibilities. As the program matures, these resources should identify specific requirements and build a case for formally defined (and potentially dedicated) AI governance roles. This approach enables organizations to initiate governance with minimal overhead and scale capabilities as needs become clearer.
How to Build a Lightweight Organizational Structure for AI Governance

How Can Partnership Support AI Governance?

Siloed data and analytics (D&A) governance models expose organizations to risks and vulnerabilities introduced with AI. To ensure robust AI governance there is a clear and rising imperative for D&A governance leaders to proactively engage more effectively with peer functions.
D&A Governance Leaders Should Build Key Partnerships to Support AI Governance

What Should the Code of Conduct Be for an AI Agent?

Establishing the code of conduct for AI agents (“the Code”) is a proactive step toward ensuring that autonomous and semiautonomous agentic AI operate within technical, ethical, industry and legal guidelines in an agentic ecosystem. The Code is an essential governance method for managing the novel and compounded complexity and risks presented by agentic systems. It is also a key step to ensure that employees build and use agents in the right way, without elevating organizational risk beyond what is acceptable.
Tool: Craft a Code of Conduct for AI Agents to Govern Them

Should We Develop a Framework Specifically for Agentic Governance?

Organizations must create tailored governance frameworks that specifically address the risks associated with agentic AI. These frameworks should include guidelines for multiagent interaction, coordination, error correction, and accountability. For example, frameworks incorporating TRiSM (trust, risk, and security management) principles can mechanize compliance and risk monitoring across a diverse set of AI agents.
Governance Challenges and Solutions for AI Agents

Operationalize AI Governance

Operationalizing AI governance is a critical phase where high-level principles and policies are translated into practical, scalable engineering processes that ensure accountability, trust, and compliance throughout the AI life cycle.

How to Manage AI Risks?

Leaders responsible for AI have limited resources but must satisfy the increased demand for enterprise use cases while quantifying the associated risks. This can be accomplished by using an adaptive assessment framework that scrutinizes high-risk, high-value use cases and prioritizes innovation in lower-risk use cases.
Implement an Adaptive Assessment to Manage AI Use Case Risks

How to Translate AI Policy Into Governance Controls?

This research provides a practical blueprint to translate high-level AI policy into governance controls. Specifically, it explains how to convert unstructured policy documents into organized, actionable governance controls.
AI Policy Must Be Translated Into Governance Controls

How to Embed AI Governance Controls Into System Design?

AI governance initiatives often fail during implementation due to a disconnect between policy documentation and technical execution. To ensure governance policies are consistently enforced and operationalized throughout the AI life cycle, D&A leaders must bridge this gap by embedding model risk controls directly into infrastructure and making data and AI pipelines self-validating.
AI Governance Controls Must Be Embedded Into System Design

AI Governance Toolkits and Platforms

Below are a range of AI governance-related toolkits, to assist AI governance leaders establishing scalable, proactive, and adaptable AI governance practices. This toolkit provides a template for policy engine technical controls that need to be implemented at each phase of the life cycle of: (1) traditional machine learning, (ML) models, (2) RAG frameworks, (3) fine-tuning LLMs, and (4) agents.

What AI Governance Controls to Implement?

As organizations widely adopt AI, they need robust governance both to attain the goals of AI ambitions and to mitigate risk. AI leaders can use this Toolkit to tailor an AI governance program that meets the organization’s needs.
Toolkit: AI Controls for Governance of Models, Frameworks and Agents

How to Set Up a Committee Charter for AI Governance?

Heads of enterprise architecture must avoid AI architectural anarchy. This toolkit will provide them with the technologies that AI governance requires to prevent AI architectural anarchy from becoming a reality, and the means to use the TRM in a way that consistently delivers value for all AI governance efforts.
Toolkit: Setting Up a Committee Charter for AI Governance

What Are the Trends in AI Governance Platforms?

Enterprise AI adoption is increasing and requires more robust ways to drive central governance oversight and apply risk management frameworks. To ensure AI governance controls are applied, D&A leaders must act on the trend for AI governance platforms to enhance programs to maximize the value of data.
Top Trends in D&A for 2026: AI Governance Platforms

Which AI Governance Platform Should We Buy?

AI governance platforms is an emerging market that provides the leader responsible for AI governance with central oversight of AI, application of risk management frameworks and execution of necessary controls. Use this research to better understand the product capabilities in this emerging market.
Market Guide for AI Governance Platforms

Evidence

1 Gartner Chief Data and Analytics Officer Agenda Survey for 2026. This survey was conducted to determine the priorities and strategic challenges of the chief data and analytics officer (CDAO) role or the office of the CDAO for 2026. It also sought to inform agenda planning or potential research topics for the data and analytics practice, and track the progress of the CDAO role in organizations. The research was conducted online from September through November 2025 among 502 respondents from across the world. All respondents in the survey are data, analytics or AI leaders. The survey sample was gleaned from a variety of sources, including a Gartner-curated list of CDOs and other high-level data and analytics leaders. ​Disclaimer: The results of this survey do not represent global findings or the market as a whole, but reflect the sentiments of the respondents and companies surveyed.​
2 2025 Gartner Evolution of D&A Governance for AI Survey. This survey was conducted online from 22 July through 4 August to understand how D&A governance has evolved in its mandate and scope in the age of AI. In total, 68 respondents participated, all of which were Research Circle members, a Gartner-managed panel. Respondents were qualified based on their involvement and participation in decision making for data and analytics governance at their organizations in North America (n = 39), EMEA (n = 15), Asia/Pacific (n = 5) and Latin America (n = 9) regions. Disclaimer: The results of this survey do not represent global findings or the market as a whole, but reflect the sentiments of the respondents and companies surveyed.
3 2025 Gartner State of AI-ready Data Survey. This study was conducted to understand how data management organizations evolve for AI and to glean insight into how organizations are developing capabilities, skills, techniques, tools, and technologies to support AI-ready data. The research was conducted online from June through August 2025 among 250 respondents from North America (n = 100), EMEA (n = 70), Asia/Pacific (n = 50), and LATAM (n = 30). Quotas were established for company sizes and for industries to ensure a good representation across the sample. Respondents were screened for involvement and knowledge of data and analytics, data science, and AI strategy and initiative. Disclaimer: The results of this study do not represent global findings or the market as a whole, but reflect the sentiment of the respondents and companies surveyed.
4 2025 Gartner Peer Community Poll. This poll was conducted to explore “If your organization has rolled out or is preparing to roll out AI technology, how have you approached AI governance?” The poll was conducted online among 119 respondents.
5 2025 Gartner Generative and Agentic AI in Enterprise Applications Survey. This study was conducted to understand the key challenges and opportunities when deploying generative AI (GenAI) tools, and where organizations should focus their AI investments. This research also aims to understand what stage organizations are at on their AI agent journey and their thoughts on AI agents. The research was conducted online from May through June 2025 among 360 respondents from organizations with at least 250 full-time employees across all industries (except IT software) in North America (n = 149), Europe (n = 140) and Asia/Pacific (n = 71). Soft quotas were established for country, company size, and respondent’s function type and job level to ensure a good representation across the sample. Organizations were required to have deployed or plan to deploy in less than one year at least one generative AI tool in at least one core enterprise application domain: digital workplace applications, customer relationship management applications, or enterprise resource planning applications. Respondents were team leaders or above, excluding C level, and involved in the rollout of generative AI tools; they were required to have certain responsibilities regarding these generative AI tools. Disclaimer: The results of this survey do not represent global findings or the market as a whole, but reflect the sentiments of the respondents and companies surveyed.