AI governance and data governance convergence: what teams need now

TL;DR: After evaluating 10 vendors across 19 criteria, Forrester named Collibra a Leader in Data Governance and a Strong Performer in AI Governance, highlighting how enterprises are merging data control, policy management, and AI oversight under one governance model. The bigger issue is that governance stacks are converging faster than most operating models can absorb.

NHIMG editorial — based on content published by Collibra: Collibra receives dual recognition in Forrester Waves in data governance and AI governance

By the numbers:

• Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security.
• 69% of security leaders agree identity management must fundamentally shift to address agentic AI systems.

Questions worth separating out

Q: How should teams govern AI assets and data together without creating duplicate controls?

A: Build a single governance inventory that links datasets, models, policies, and approvals, then reuse governance artefacts only when ownership, versioning, and review evidence remain intact.

Q: Why does AI governance fail when identity controls sit outside the governance model?

A: Because governance stops at description if it cannot show who accessed what, under which entitlement, and with what accountability.

Q: What should security teams measure in a unified data and AI governance programme?

A: Measure whether approvals, lineage, policy application, and audit evidence remain linked across systems and teams.

Practitioner guidance

• Map shared governance artefacts across data and AI Inventory which approvals, policies, lineage records, and audit artefacts can be reused across data governance and AI governance without creating ownership gaps.
• Tie identity controls into the governance plane Confirm that access approvals, entitlement reviews, and privileged access records are linked to AI asset oversight and not managed in a separate toolchain.
• Test whether audit evidence proves enforcement Require evidence that policy was applied during real usage, including monitoring and compliance checks, rather than accepting policy documents as proof.

What's in the full article

Collibra's full blog post covers the award context and report excerpts this analysis intentionally leaves at the source:

• The exact Forrester scoring areas across current offering and strategy that shaped the market view.
• The quoted analyst commentary and reference customer feedback that explain why the vendor's positioning resonated.
• The full list of AI governance criteria, including observability, policy workflows, and compliance audit.
• The separate report links for readers who want the underlying analyst methodology rather than this governance interpretation.

👉 Read Collibra's analysis of its Forrester recognition in data and AI governance →

AI governance and data governance convergence: what teams need now?

Explore further

View Full Forum →  |  NHI Foundation Course →