Building Trusted Data and AI Governance in a Regulated World

Senior Product Marketing Manager

Data & AI Governance and Privacy

Building Trusted Data and AI Governance in a Regulated World

Last Published: Jul 30, 2025 |

Share this on:

From the European Union (EU) AI Act, Corporate Sustainability Report Directive (CSRD), European Union Deforestation Regulation (EUDR), to the Digital Operations Resilience Act (DORA) in financial services, a wave of regulations is reshaping how organizations collect, use and manage data in different regions around the world. .

In this situation, data governance becomes increasingly important for organizations wanting to manage their data more effectively. The new TDWI Checklist Report, “Building Trusted Data and AI Governance in a Regulated World,” examines the evolution of recent regulatory changes, some new legislation with far reaching impact, and outlines seven steps required to establish trustworthy data and AI governance.

The Latest Regulations and Their Impact

Significant shifts and disruptions are reshaping the modern enterprise compliance landscape. Technology advances, such as generative AI (GenAI) systems, are entering into the mainstream. Sustainability has become a vital business imperative, while AI-powered cybersecurity threats highlight the growing need to protect data. Hyperautomation¹ is driving greater enterprise intelligence and cloud modernization is continuing to rise across all organizations.

Principle among these new regulations is the EU AI Act,² which establishes rules for creating and using AI in the EU, aiming to foster innovation and curb potentially harmful uses. There is a critical focus on data management, including the training, validation and testing of data sets (which) shall be subject to data governance and management practices appropriate for the intended purpose of the high-risk AI system.³

Additionally, the risk of non-compliance is a significant factor for many businesses. Upskilling organizations, utilizing external consultants and improving operational processes are part of the challenge of de-risking compliance, and this can add substantial business costs. Of 350 chief information security officers recently surveyed on the new DORA fulfillment preparations, 47% of those in the UK and 38% in the EU said their organization spent over €1m on compliance.⁴

88% of global companies say that Global Data Protection Regulation (GDPR) compliance alone costs their organization more than $1 million annually, while 40% spend more than $10 million.⁵

Coupled to this, financial penalties for non-compliance have been rising rapidly. More fines have been imposed by GDPR in 2023 alone, more than 2019, 2020 and 2021 combined, according to enforcementtracker.com, reaching over €1.6 billion ($1.8 billion), including some of the largest companies in the world.⁶ The string of GDPR fines in 2023 highlights the critical importance of compliance in today’s data-driven landscape.

Data Governance Critical to Regulatory Compliance

The importance of data governance continues to grow as regulatory compliance demands intensify. Recent updates to the Basel Committee on Banking Supervision’s BCBS 239 standards (effective May 2024) highlight the critical role of strategic data management. According to the European Central Bank’s (ECB) Risk Data Aggregation and Risk Reporting (RDARR) Guide, “Banks that unlock the full capabilities of BCBS 239 can boost operational efficiency and strengthen resilience. Having access to high-quality, well-governed data is also vital for leveraging advanced technologies like artificial intelligence and analytics to create innovative products and services.”

AI technology has rapidly moved from the edge of the adoption curve to mainstream interest. This pace of change can be unsettling for many enterprises, especially as they grapple with the reality of using AI effectively and responsibly; that is, managing data and its governance is crucial for AI because it ensures that the data used to train, validate and deploy AI systems is high-quality, secure, reliable and compliant.

Regulatory concerns for GenAI are very real for data leaders using or planning to use GenAI, outlined in Informatica’s recent survey of 600 CDOs globally. In fact, for 93% of these leaders, the regulatory environment has held back AI efforts, with 39% seeing projects stalled due to this.

Across jurisdictions, these regulations share a common emphasis on transparency, accountability, and risk management in the use of trusted data and responsible AI.

IDMC’s Value for Regulatory Compliance

Informatica’s vision for data management is one of unification and empowerment. It encompasses a foundation enabling self-serve access to valid, trustworthy data, with AI-infused tools amplifying productivity and enriching user experiences. Informatica Intelligent Data Management Cloud™ (IDMC) plays a central role in de-risking AI initiatives and enhancing compliance with regulations such as the EU AI Act. As shown in Figure 1, the comprehensive solution offers data governance with privacy controls, data quality improvement and AI-powered data cataloging to ensure the transparency, reliability and integrity of data.

This is all done through a data management platform that is multi-vendor, multi-cloud (including AWS, Azure and Google) and hybrid, supporting on-premises and cloud-based data storage and management. Through automated data management tasks and seamless data integration, IDMC increases operational efficiency and creates a single source of truth.

Leveraging CLAIRE®, Informatica’s unified metadata intelligence of 40 petabytes, introduces a natural language (NL)-based experience to the IDMC. This dramatically simplifies tasks such as data discovery, integration, quality, governance and master data management. The Informatica CLAIRE GPT, a generative AI-powered version of our pioneering AI engine CLAIRE, will enhance data management and data utilization experience for all users. This rapidly improves a company’s time-to-value and amplifies business insights. Search-and-discover data assets are available in the data catalog through a natural language interface powered by Informatica's large language model (LLM).

CLAIRE GPT helps simplify, accelerate and optimize data management operations, driving enormous gains in productivity for data teams.

IDMC offers a comprehensive set of compliance capabilities:

Data Catalog – Automatically discover, classify and catalog data across the enterprise, helping to ensure that sensitive data is identified and managed according to regulatory requirements, such as GDPR and CCPA.
Data Integration – Facilitate the accurate and secure integration of data from various sources. Maintain data integrity and compliance with regulations by providing a single, consistent view of data.
Master Data Management (MDM) – Enable accurate, consistent and complete data across the organization, essential for compliance with regulations that require accurate reporting and data consistency.
Data Governance - Provide a comprehensive data governance framework that includes policies, processes and standards to ensure data accuracy, security and compliance, helping your organization meet regulatory requirements and maintain data integrity.
Access and Privacy – Protect sensitive data from unauthorized access and breaches with automated, policy-based security and privacy controls to support data protection regulations.
Data Quality – Maintain high standards of data accuracy, completeness and reliability, crucial for compliance with regulations that require accurate and reliable data for reporting and decision-making.
Data Marketplace – Support secure and governed data sharing within the organization to facilitate responsible data sharing and in compliance with regulatory requirements.
API and Application Integration – Integrate various applications and data sources securely, helping ensure that data flows are managed in compliance with regulatory standards.

The benefits for businesses are significant:

Enhancing Regulatory Reporting: Ensure sensitive data is identified and managed according to regulatory requirements, such as GDPR, CCPA and the EU AI Act. IDMC data cataloging capabilities automatically discover, classify and catalog data across the enterprise.
Mitigating Risk for Reliable Outcomes: Reduce compliance risks and penalties through effective integration and accurate data management across platforms. IDMC proactively identifies compliance issues to maintain profitability and reputation.
Empowering Data Sharing and Collaboration: Enhance data literacy and stakeholder collaboration with partners, customers and regulators. IDMC enables transparent and efficient data democratization, allowing secure access while adhering to compliance policies and fostering informed decision-making.
Automating Compliance Processes: Free up budget for growth and innovation from optimized resource usage and a reduction in manual workload with a scalable, cloud-native platform.
Advanced Analytics for Strategic Insights: Support strategic planning and competitive advantage through richer business insights and improved performance. IDMC AI capabilities such as CLAIRE offer advanced analytics to detect patterns, enabling efficient regulatory reporting and informed decision-making.

Strong governance and compliance not only reduce risk but also enhance operational efficiency, strengthen investor confidence and build brand trust with customers, ultimately positioning organizations to compete more effectively.

Take a look at the new TDWI Checklist Report on building trusted data and AI governance in a regulated world, watch our webinar with TDWI and learn more about how Informatica supports regulatory compliance.