AI governance frameworks are now identity governance problems

At a glance

What this is: This is a practical guide to building an enterprise AI governance framework, with the core finding that governance must span use cases, data, models, agents and monitoring.

Why it matters: It matters because IAM, NHI and AI programmes increasingly govern the same operational surface, and siloed reviews will miss shadow AI, unclear ownership and uncontrolled access.

👉 Read Collibra's practical guide to governing AI at enterprise scale

Context

AI governance framework is the operating model that decides which AI use cases, models, agents and datasets are allowed to move from idea into production. Collibra’s central point is that AI scale fails when teams cannot answer basic ownership, approval and monitoring questions across the full lifecycle.

For identity teams, the important shift is that governance no longer stops at people and service accounts. As AI agents begin retrieving data, triggering workflows and acting inside business processes, identity, access and evidence controls have to follow the same lifecycle discipline that IAM and NHI programmes already apply elsewhere.

Key questions

Q: How should teams govern AI agents that can act on enterprise data?

A: Teams should govern AI agents with the same lifecycle discipline used for privileged identities, but extend it to include autonomy, data lineage and approved actions. Every agent needs an owner, a bounded purpose, explicit escalation paths and continuous monitoring. If the system can trigger workflows or change state, approval records alone are not enough.

Q: What breaks when AI governance is handled as a one-time approval?

A: One-time approval fails because AI systems change after launch. Data sources shift, vendors update functionality, and agents may gain new behaviour or access. Without continuous inventory, monitoring and evidence capture, organisations cannot prove which use case is active, what it is touching or whether the original approval still applies.

Q: What do security teams get wrong about AI governance frameworks?

A: They often treat AI governance as documentation instead of operating control. A framework must connect intake, risk review, data policy, model documentation, access oversight and monitoring into one lifecycle process. If those elements sit in separate tools or spreadsheets, governance becomes fragmented and the organisation loses accountability.

Q: Who should own AI governance in the enterprise?

A: Ownership should be shared, but accountability must be explicit. Business owners define purpose, data teams govern source quality, AI teams manage models and agents, and risk or identity teams enforce approval, access and evidence controls. No single function can govern AI alone, because the control surface spans all of them.

Technical breakdown

AI governance framework intake and inventory

The first control problem is visibility. An AI intake process should register each use case, model or agent before production, capture its owner, business purpose, data sources, expected autonomy and approval status, and place it into a central inventory. Without that inventory, organisations cannot distinguish approved systems from shadow AI, or trace which data and controls belong to which workflow. For identity governance teams, inventory is not administrative paperwork. It is the foundation for lifecycle control, evidence collection and accountability across AI, NHI and human workflows.

Practical implication: require every AI use case and agent to enter a governed inventory before it can receive production access.

Data traceability, policy alignment and AI model governance

AI governance breaks when teams separate data policy from model oversight. A model or agent can only be governed if the organisation knows which datasets and knowledge sources it uses, what policies apply to those sources, and what limitations, validations and risks are attached to the model itself. For generative systems, output reliability, prompt behaviour and retrieval quality also become governance objects. For agentic systems, permitted actions and escalation paths must be documented, because the actor is not just producing output, it is initiating action inside the enterprise.

Practical implication: map each AI system to approved data, policy controls and documented operating limits before approving production use.

Monitoring and evidence across AI, data and agents

Governance does not end at approval. Data changes, models drift, vendors update functionality and agents expand what they can do. A usable framework therefore needs continuous monitoring for policy adherence, access, usage, performance and incident signals, plus evidence that controls were actually working. That evidence is what lets risk, compliance and executive stakeholders move from one-off review to repeatable oversight. In identity terms, this is the difference between knowing a system was approved once and proving it remained governed after change.

Practical implication: build monitoring and evidence capture into the AI control plane, not into a separate after-the-fact review process.

NHI Mgmt Group analysis

AI governance is becoming identity governance by another name. Collibra’s framework is really describing how enterprises decide who or what may act, with which data, under what approval path, and with what evidence trail. That is the same governance problem IAM, PAM and NHI teams already handle, only now the subject includes models and agents alongside people and service accounts. Practitioners should treat AI governance as an extension of identity control, not a separate discipline.

Inventory is the new control plane for AI accountability. The article correctly shows that organisations cannot govern what they cannot enumerate. A central registry for AI use cases, models and agents is not a reporting convenience, it is the prerequisite for lifecycle management, ownership assignment and risk review. Without it, shadow AI and untracked automation will outpace policy. Practitioners should require registration before access, not after deployment.

Level of autonomy: The governance assumption that access can be reviewed after it is granted was designed for actors whose behaviour stays stable long enough to observe. That assumption fails when an agent can retrieve data, trigger workflows and expand its own operating scope inside a live session. The implication is that access review cadences, approval checkpoints and static documentation no longer describe the true control boundary for autonomous behaviour.

Data traceability is now inseparable from access governance. Collibra’s emphasis on linking datasets, policies, models and agents reflects a broader reality: AI risk often enters through approved data that is used in the wrong context or by the wrong actor. That makes lineage and policy mapping part of identity governance, not just data governance. Practitioners should expect audit questions to ask who had access, what data fed the system and which policy authorised that combination.

Governance programmes will be judged by evidence, not declarations. The article’s monitoring focus aligns with where enterprise AI is heading. Boards and regulators will not accept a one-time approval narrative when systems drift, vendors change features and agents accumulate new capabilities. The practical question for identity leaders is whether they can prove continuous control across human, machine and agentic actors. That proof is now a governance requirement, not a nice-to-have.

From our research:

• 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to The 2026 Infrastructure Identity Survey.
• The same survey found that only 44% of organisations have implemented any policies to manage their AI agents, even though 92% agree that governing AI agents is critical to enterprise security.
• For a broader practitioner lens, review OWASP Agentic Applications Top 10 for the control failures that show up when autonomous behaviour meets enterprise access.

What this signals

Level of autonomy: as AI systems move from advice into action, governance has to stop assuming that access is a stable post-provisioning state. The practical shift is toward treating autonomy as a variable that changes the control boundary, especially where agents can initiate actions inside business workflows.

With 70% of organisations already granting AI systems more access than human employees in equivalent roles, according to The 2026 Infrastructure Identity Survey, the gap is no longer theoretical. Identity teams should expect pressure to justify why AI approvals, monitoring and evidence trails are not part of the same control plane as IAM and NHI oversight.

The next programme challenge is not whether AI needs governance, but whether governance can keep pace with systems that change behaviour after deployment. That means inventories, policy links and monitoring cannot remain separate projects; they need to become a single operating loop across data, models, agents and access.

For practitioners

• Build a pre-production AI inventory gate Require every use case, model and agent to be registered with owner, purpose, data sources, autonomy level and approval status before any production access is issued.
• Tie AI approvals to data and policy lineage Link each AI workflow to the approved datasets, policy constraints and documented operating limits that justify its use so review teams can verify the full control path.
• Treat agent autonomy as a lifecycle variable Capture permitted actions, escalation paths and human oversight requirements for any agent that can initiate work, then revalidate those assumptions whenever its role changes.
• Move monitoring into the governance workflow Track access, policy drift, model changes and incident signals continuously, and retain evidence in the same governed system that holds the approval record.

Key takeaways

• AI governance is now an identity problem because enterprise control depends on knowing who or what is acting, with which data, and under which approvals.
• Governance breaks down when inventory, policy mapping and monitoring are split across tools, because accountability cannot survive fragmentation.
• Identity teams should move AI governance into the same lifecycle discipline used for privileged access, shadow systems and evidence-backed oversight.

Key terms

• AI Governance Framework: An AI governance framework is the operating model that defines how AI use cases, models, agents, data and risks are approved, monitored and controlled. It turns AI from ad hoc experimentation into a governed lifecycle with clear ownership, evidence and accountability across the enterprise.
• AI Intake And Inventory: AI intake and inventory is the process of registering each AI use case, model or agent before production use. It captures owner, purpose, data sources, autonomy and approval status so the organisation can track what exists, who is responsible and whether the system remains governed after change.
• Data Traceability: Data traceability is the ability to connect an AI system to the datasets, documents or knowledge sources it uses and to the policies that govern those sources. It lets teams prove what informed the system, whether the data was approved and whether the usage stayed within policy.
• Agent Autonomy: Agent autonomy is the degree to which an AI system can initiate actions, choose tools and advance work without human approval at each step. In governance terms, autonomy changes the control boundary because the actor can move from recommendation into execution inside a live session.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by Collibra: AI governance framework, a practical guide to governing AI at enterprise scale. Read the original.