Fragmented governance and AI scaling: what IAM teams should watch

TL;DR: Fragmented governance creates blind spots in data discovery, policy enforcement, lineage and access control, and those gaps become more damaging as organisations scale generative AI, according to Collibra. The core issue is not AI ambition but the structural mismatch between fast model adoption and disconnected governance that cannot preserve trust, context or compliance.

NHIMG editorial — based on content published by Collibra: The AI gold rush: Why fragmented governance is your unseen claim jumper

By the numbers:

• IDC projects AI will add $20 trillion to the global economy by 2030.
• 72% of organisations have experienced or suspect they have experienced a breach of non-human identities.

Questions worth separating out

Q: How should teams prevent fragmented governance from undermining AI projects?

A: Teams should centralise policy, lineage and access evidence for AI-critical data before models reach production.

Q: Why does fragmented governance create more risk as AI adoption grows?

A: AI increases the speed and reach of data usage, so any inconsistency in policy or access control is amplified across more workflows, more users and more decisions.

Q: What do security and IAM teams get wrong about AI governance?

A: They often treat AI governance as a model or analytics problem instead of an identity and control problem.

Practitioner guidance

• Map every AI-critical dataset to an accountable owner Require a named business owner and a technical steward for each dataset that feeds models, reports or automated decisions.
• Unify policy, lineage and access evidence Make one control path answer who approved access, what policy applied and where the data came from.
• Classify AI data access as an identity control surface Review service accounts, API tokens and delegated permissions that move data into model pipelines, because those identities determine whether governance is enforceable or merely documented.

What's in the full article

Collibra's full blog post covers the operational detail this post intentionally leaves for the source:

• A breakdown of how fragmented governance affects data discovery, policy enforcement and lineage in day-to-day AI programmes
• Examples of the specific control gaps that create blind spots across clouds, domains and applications
• Collibra's description of unified governance patterns for AI data control across the full lifecycle
• The source article's framing of Data Confidence as the business outcome of tighter governance

👉 Read Collibra's analysis of how fragmented governance undermines AI scale →

Fragmented governance and AI scaling: what IAM teams should watch?

Explore further

View Full Forum →  |  NHI Foundation Course →