Enterprises are racing to deploy AI applications and data analytics at scale that promise to personalize customer experiences, ease product decision-making and unlock new revenue sources. But there’s a hidden roadblock to adopting these technologies that most data teams don’t want to talk about.
The infrastructure needed to track data permissions hasn’t kept pace with this explosive AI and analytics demand. Although companies have built sophisticated systems to collect and store customer information, they haven’t built the tools to track granular permissions or usage restrictions at scale. This is a growing problem for enterprise data teams because it limits the potential of their data assets, despite massive investments in collection.
My team recently surveyed 265 Global 2000 executives and found that, while 100 percent of respondents recognize the value of properly governed data for product development, more than 70 percent reported difficulties implementing the necessary governance controls to use it. And with the EU AI Act and eight new state privacy laws taking effect in 2025, these governance gaps have also created substantial new business risks.
Without appropriate governance infrastructure, data leaders face an impossible choice: take on regulatory risk or watch from the sidelines as competitors pull ahead. Those that solve the data governance challenge will unlock AI’s full potential, and those that don’t will find themselves with paralyzed data assets despite investing millions of dollars and years of time in data collection.
The Challenge of Data Governance in the Age of AI
Enterprises struggle to implement data governance controls, hindering AI and data analytics adoption. This gap creates regulatory risks and limits the potential of data assets, despite significant investments. Strong data governance is crucial for unlocking AI’s full potential and achieving competitive advantage.
The Root Problem Is Tech Debt
Enterprise data architectures have evolved to prioritize collection and storage over governance. Companies built systems over time to gather customer information efficiently but have failed to design them to track granular permissions or usage restrictions at scale.
This is a practical problem for any enterprise team working with data, which now includes virtually every department. For example, when marketing departments want to use customer data for personalization, it’s hard to verify what permissions exist for which use cases. A customer who agreed to promotional emails may not have consented to location-based push notifications, meaning their data may be technically accessible, but operationally unusable.
This challenge only multiplies as companies scale across multiple platforms and business units or diversify into new revenue streams. One example is major retail companies operating advertising networks, those like Amazon DSP or Target Roundel, who need to keep detailed records of user permissions for third-party targeting. If permissions aren’t tracked across platforms, they introduce serious compliance risks.
Large organizations trying to share customer data between business units (like a bank marketing credit cards to checking account customers or a media company promoting streaming services to magazine subscribers) also run into the same hurdles.
It’s rare for mature enterprises to have the infrastructure to track permissions across organizational boundaries, let alone understand what data they can use for AI initiatives and how they can use it.
Why Does Governance Matter Now?
Regulatory complexity is at a breaking point. FTC Chairman Andrew Ferguson recently sent warnings to dozens of tech companies reminding them of their obligations to protect Americans’ data, even when complying with the EU’s Digital Services Act and UK’s Online Safety Act. Meanwhile, age verification laws in the EU and Mississippi are forcing companies to make drastic operational decisions. In light of this, Bluesky chose to block all users from the state rather than navigate the compliance burden.
And with the current federal administration pumping the brakes on privacy and AI laws, state attorneys general in Texas and California are stepping into the vacuum with more aggressive enforcement, including a record $1.55M settlement with Healthline.com for consent violations.
Combine this landscape with the competitive pressure of AI adoption, and data governance gaps become impossible to ignore. AI applications need clean, well-documented data sets with clear usage permissions to function. For most organizations, that governance infrastructure has never existed at scale, especially infrastructure that can meet the detailed documentation requirements for training data under the EU AI Act (which, if found non-compliant, would mean risking up to $41M in fines).
Beyond AI applications, even basic personalization programs have become table stakes for a competitive edge. McKinsey reports that fast-growing companies drive 40 percent more revenue from personalization than their slower peers.
Bottom line: Companies seeing clear ROI from AI projects and data-driven personalization initiatives have invested in infrastructure that treats permission tracking and consent as core technical capabilities, just like security or identity management systems. Retailers who have adopted AI and ML analytics have 5 to 6 percent higher sales and profit growth rates than those without.
What’s a Data Leader to Do?
Many companies think of this challenge as a technology problem, but it’s also an organizational one. Data leaders, engineering teams and legal counsel each hold part of the solution — business context, regulatory knowledge and technical capability — but rarely collaborate effectively on data asset management. Success will require executive sponsorship that forces cross-functional cooperation and clear metrics that link governance to revenue impact, like revenue generated from personalization programs or percentage of customer data assets cleared for AI training.
Competitive and regulatory pressure is growing, and data governance is fast becoming a linchpin for growth initiatives. Data leaders that continue to view governance as an afterthought will watch their data investments gather cobwebs while competitors pull ahead.
Third-party cookies are disappearing, AI regulations are tightening around the world, and according to IBM, only a quarter of AI projects are delivering expected ROI. In five years, every industry will tell the same story: the winners will have built their companies on governed data, and the losers will have simply built expensive digital graveyards.
