TL;DR: AI speed without governance creates fragmented models, untrusted data and compliance exposure as organizations rush to scale, according to Collibra. The core issue is not AI adoption itself but the governance assumption that context, ownership and data quality can be added later, with the EU AI Act and other rules raising accountability pressure.
NHIMG editorial — based on content published by Collibra: The CIO’s mandate: Accelerating AI innovation without building a Tower of Babel
Questions worth separating out
Q: How should organisations govern AI programs before scaling them enterprise-wide?
A: Organisations should define ownership, data quality checks, approval gates and retirement criteria before AI use cases proliferate.
Q: Why does AI amplify governance problems instead of solving them?
A: AI amplifies governance problems because it inherits the quality of the inputs, controls and context it is given.
Q: What signals show that an AI governance programme is not working?
A: Warning signs include disconnected models built by different teams, repeated disputes over data ownership, inconsistent approvals and outputs that cannot be explained to stakeholders.
Practitioner guidance
- Define a shared AI governance operating model Assign named owners for data quality, model approval, compliance review and retirement so every AI use case has a clear lifecycle path before production.
- Bind model approval to data confidence checks Require lineage, source quality and business-context review for the datasets feeding any model that supports material decisions or external reporting.
- Create cross-functional review gates Bring legal, privacy, data, security and business leads into a standing approval process for high-risk AI use cases and exceptions.
What's in the full article
Collibra's full article covers the operational detail this post intentionally leaves for the source:
- The AI governance planning workbook that maps roles, checkpoints and ownership across the AI lifecycle.
- The roundtable composition guidance that shows which functions should sit on a standing governance body.
- The operating-model framing for aligning legal, privacy, data, security and business stakeholders.
- The practical link between governance structure and decision quality across enterprise AI programmes.
👉 Read Collibra's guidance on AI governance for faster, safer enterprise AI →
AI governance gaps: what CIOs need to fix before scaling?
Explore further
AI governance is now an identity governance problem as much as a data problem. When AI decisions depend on fragmented data sources and loosely defined ownership, the enterprise is already operating with broken accountability paths. That pattern mirrors the failures seen in identity programmes where access, data and control ownership are split across teams without a single lifecycle view. Practitioners should treat AI governance as part of the broader identity control plane, not as an isolated innovation task.
A few things that frame the scale:
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, according to The 2024 ESG Report: Managing Non-Human Identities.
- Two-thirds of enterprises have endured a successful cyberattack resulting from compromised non-human identities, which shows how quickly identity failures become business failures.
A question worth separating out:
Q: Who should be accountable for AI risk when multiple teams deploy models?
A: Accountability should sit with named lifecycle owners, backed by a governance forum that includes legal, privacy, security, data and business leads. Shared responsibility does not mean shared ambiguity. Each model needs one accountable owner who can answer for the data, use case, controls and retirement state.
👉 Read our full editorial: AI governance gaps are turning CIO speed into enterprise fragility