Artificial Intelligence (AI) promises transformative advances across various industries, from healthcare and finance to education and transportation. However, along with its immense potential, AI presents complex challenges such as ethical considerations, safety risks, bias and regulatory uncertainties.

Recent research shows that senior sponsorship of AI Governance is the factor most strongly correlated with positive bottom-line impacts.1 Rather than stifling innovation, governance stimulates successful outcomes from AI initiatives. By establishing organizational policies, oversight, accountability structures and ethical guardrails, future-forward businesses can establish a foundation of trust and transparency. This foundation enables them to deploy AI solutions with confidence, ensuring risks are managed and organizational values are upheld.

This guide explores AI governance — the policies, processes and systems that create a culture where AI technologies are adopted safely and effectively at scale — and how to simplify its implementation with robust governance tools in the Informatica Intelligent Data Management Cloud (IDMC).

To illustrate the requirements of AI governance, consider the following example of an AI initiative.
The marketing team at a global retailer wants to use AI to generate brand-focused content for the company’s social media channels. This initiative involves the development of AI agents that monitor recent news and social media trends, producing posts to reflect the brand’s response to relevant events and trends. For now, each post is checked by a human before publishing.

This ambitious project has huge potential value. However, its successful execution is highly complex. The stakes are high, and missteps could result in commercial failure, significant reputational damage and fines of up to 7% of global turnover.²

The company’s chief marketing officer (CMO) sponsors the project and defines its business objectives. A product owner outlines the requirements, while a team of data scientists, AI engineers and software developers is responsible for its delivery.

The project relies on multiple data sources, including filtered social media and news feeds, internal communications, policies, customer Q&A logs and previous company posts and articles. The team discovers and prepares datasets, selects an appropriate foundation model and fine-tunes it for the task.

Next, the team develops and tests the system to ensure it functions correctly and generates relevant, appropriate and engaging content.

Once satisfied with the system’s performance, they deploy it to production, where a human curator reviews the generated posts and flags any problems or corrections. This feedback is used to measure the AI system’s performance. Should the performance metric drop below a specified threshold, the team is alerted, prompting them to fine-tune the model with more recent data, repeat testing and deploy an upgrade.

Finally, at the end of its lifecycle, the AI system must be decommissioned. This phase of the project occurs when the use case is no longer needed, the system no longer delivers value or it is replaced with more advanced technology.

Decommissioning is an important step, ensuring sensitive data is properly archived or destroyed and that the system is properly stood down to prevent safety, reputational and legal risks. Figure 1 illustrates the full lifecycle as previously described.

Figure 1. Representation of the AI lifecyle

In parallel to the steps above, the organization’s governance team must ensure the responsible and compliant use of AI in this initiative. An AI governance steward plays a critical role at each stage, identifying and controlling risks while ensuring that the AI system complies with company policies and applicable regulations.

The entire AI initiative must be approved by the company’s legal, ethics, security and architecture experts, including the required datasets and AI models. The AI governance steward oversees testing of the AI system to ensure it is comprehensive. Once in production, the steward monitors for accuracy and fairness, checking for any drift.

To maintain a complete system of record for the project, all details about the use case, data lineage, model details, testing and evaluation results, updates, approvals and system performance metrics needs to be captured.

AI projects unlock significant value to enterprises. Business leaders are now expected to embrace AI and generative AI programs to provide new capabilities and competitive advantages. As a result, the scale at which AI programs need to be managed and governed can be substantial. Minimizing governance will create ever greater risk as the number and complexity of AI programs scale. The organization’s AI governance team is overwhelmed by the number of AI initiatives they oversee in parallel.

Our example AI initiative illustrates that comprehensive data management capabilities are critical across the AI project lifecycle.

The new generation of AI governance tools will need to meet five key requirements:

1. Govern initiatives across the AI lifecycle

AI projects are complex and require numerous steps, including ideation of the use case, sourcing data and AI models, developing and testing this system, deploying and monitoring, retraining and upgrading, and finally decommissioning. Governance activities including risk assessment, compliance checking, approval, oversight and auditing need to happen across this lifecycle.

Governance tooling must be capable of managing the project appropriately at each stage in its lifecycle.

2. Encourage stakeholder collaboration

AI governance programs involve multiple stakeholders from across the organization. These typically fall into two categories:

AI developers and consumers are the team members tasked with delivering the AI initiative and realizing business value. They include the line of business leaders who define the strategic objectives, product owners, data scientists and AI and data engineers.

Governance stakeholders are officers and subject matter experts in the business who are tasked with ensuring the safe and responsible development, deployment and use of AI technologies for appropriate use cases. They include CDOs who provide the strategic vision for the use and governance of data and AI, data and AI stewards, legal and compliance officers, security experts, ethics officers and AI governance boards.

These stakeholders collaborate throughout the project lifecycle. AI developers and consumers must outline the AI project’s context, its use case, the data and models to be used, compliance requirements, identified and mitigated risks and testing and evaluations they have performed. Governance stakeholders must understand the context of the data and AI usage, elaborate potential risks, ensure these have been mitigated and check for compliance. Crucially, they provide approvals for the project throughout the lifecycle.

3. Provide broad ecosystem support

Enterprises are increasingly wary of being locked into a single cloud ecosystem. Flexibility and adaptability are crucial for leveraging the latest innovations and maintaining competitive advantages. Often, different teams use different tools, such as Azure AI, AWS Bedrock and SageMaker, Google Vertex AI, Databricks Mosiac AI, Dataiku, HuggingFace and GitHub.

As AI continues its rapid advancement, the tools designed for training, fine-tuning, experimentation and monitoring AI are evolving with equal speed. AI governance solutions must accommodate a diverse array of tools and platforms. By integrating across these varied systems, governance officers can obtain a comprehensive, single pane of glass view ensuring efficient oversight.

4. Support innovation alongside compliance

AI governance is not merely rules and regulations. It helps organizations bridge the gap between innovation and oversight, both enabling AI programs and ensuring compliance and responsible practices.

AI governance tooling must support the oversight of AI use at scale, providing organizations with confidence in their use of AI with transparency throughout the AI lifecycle. It simplifies risk assessments, eases the approval process and facilitates continuous monitoring with proactive notifications.

However, successful AI governance solutions provide a host of additional benefits for AI delivery teams. For example, model registries used to oversee AI models and use cases can also help AI teams discover high-quality, relevant training data, find and reuse approved foundation models, supply contextual information to governance teams and monitor their AI systems’ outcomes in production. These capabilities enable AI teams to accelerate their initiatives, ensuring robust delivery and tangible business results.

5. Implement effective data management strategies

Data management and governance are critical components of AI governance. The data used to train, test, ground and query AI systems is foundational to achieving successful outcomes. Without relevant, reliable and responsible input data AI initiatives fail.⁴

Data needs to be discoverable and well understood. AI teams must be able to find data that is relevant for their use case. The data should be classified, both to understand what it contains and how it can be used, but also to know whether personal or company-sensitive information is present.

Understanding the lineage provides confidence in the provenance of the data, ensuring that it comes from a trustworthy, authoritative source and that there is a legal basis for its use. Data must be checked for quality and cleansed and prepared for use with AI.

Access to data must be carefully managed to ensure that personal data is only used for the intended purposes set out in privacy policies and that corporate secrets are not accidentally disclosed in public-facing AI systems.

Informatica’s approach to AI governance is based on four foundational concepts that place the AI project itself at the core. These concepts include inventory, control, deliver and observe (see Figure 2). This framework helps organizations deliver business value safely and efficiently for diverse AI use cases.

Figure 2. Informatica’s AI governance foundational concepts.

Let’s explore each of these concepts, delve into the capabilities they offer and outline the ways in which they empower organizations.

Inventory

Discover and Oversee the Use of Data and AI Assets

Model discovery enables governance teams to significantly reduce the time needed to maintain model and AI use case registries and to oversee compliant data usage for AI.

IDMC’s comprehensive inventory of assets related to AI initiatives delivers the clarity and transparency that are critical to effective AI governance. The inventory forms an overview of where AI is used within the organization and for what purpose. Drilling down into assets provides a complete system of record, that supports auditing for each use case.

Various AI assets can be used together for a complete representation of the AI use case, geographies where it will be deployed, policies and regulations that apply and the AI models it uses. AI asset types include:

• Projects: Describe the business use case for the AI initiative, detailing the problem to be solved, the purpose of the AI system and the business owner accountable for the initiative.
• Regulations: Document key clauses of major legislation that the AI project must adhere to.
• Geographies: Capture areas, regions or countries relevant to where the AI project will operate.
• Policies: Capture internal policies and guidance for developing and deploying AI initiatives, which can be based on standards, regulations and best practices.
• Data Sets: Include the data used to train, fine-tune, evaluate or ground an AI model.
• AI Models: Provide summary information about the underlying AI model powering a system, including the algorithm, training data, ownership, evaluation and performance.
• AI Systems: Document systems such as AI applications, deployed model endpoints, AI agents and multi-agent systems. They include input and output data lineage, ownership and association with AI models, retrieval data, operational systems and projects.⁴

The inventory has multiple uses for the governance team, including:

• Providing a library of pre-approved foundation models for use in the organization.
• Viewing the detailed lineage of a model, including its base foundation model and internal data that was used for fine-tuning.
• Oversight of all AI used in initiatives throughout the organization.
• Understanding the use cases for AI and their potential impact.
• Driving approval and risk assessment workflows based on relevant geographies and applicable policies and regulations.

AI consumers and developers benefit from the inventory by accessing and reusing datasets, AI models and systems that are already published and approved.

Control

Control Access to Data and AI Assets

With governed access, governance teams streamline collaborative approval workflows and complex risk assessments. Access management controls ensure precise policy enforcement.

IDMC provides access controls and workflows to support customized chains of approval to support AI governance processes.

An AI governance steward can set up approval processes such as:

• Approval to make a foundation model available to AI consumers and development teams via the IDMC catalog, involving reviews from AI architects, compliance officers and security teams.
• Approval of a use case involving the use of AI by ethics officers and business leaders.
• Approval for the use of specific datasets and AI Models for system development by legal, security and data protection teams.

Approval chains can be customized to involve the appropriate stakeholders within an organization. Workflows are triggered at appropriate points in the AI project lifecycle, providing input into risk assessments, capturing and linking to external documentation and offering an audit trail of each step’s assessment and approval.

Approvers can view the comprehensive inventory of AI assets related to the project, including AI models, data, regulations and geography, to assess risk levels, determine appropriate use and approve the project.

IDMC provides visibility into workflow steps and current ownership. AI development teams can accelerate their work using detailed records of the project’s context, including how AI will be used, who will be impacted and what AI models, data and protections are implemented.

For common, repeatable use cases, access to data assets can be automated and enforced using IDMC’s access management. Governance teams can build metadata-driven access policies that facilitate self-service access to assets and prevent unauthorized usage. These are enforced automatically through pushdown to common data stores.

Deliver

Ensure Relevant, High-Quality, Safe Data for AI

With delivery of trusted data, AI teams ensure high-quality, safe data for successful AI outcomes.

High-quality data is crucial for training, fine-tuning, grounding and evaluating AI systems. The data must be recent, reliable and relevant to the AI use case.

Data Quality

Informatica is the industry leader in delivering trustworthy data for AI use cases. The capabilities of IDMC’s Data Quality empower users to profile data, define data quality rules and continuously monitor the quality of data in use.

Data is profiled to assess its accuracy, completeness, consistency, timeliness and uniqueness. Additionally, users have the flexibility to add custom data quality measures, ensuring datasets meet their unique requirements. This approach avoids poor quality data reaching AI systems, thereby helping to prevent inaccuracies and erroneous outputs or hallucinations.

Classification, Search and Lineage

Relevancy is another critical factor for AI datasets. IDMC provides classification and search capabilities enabling AI teams to discover and access data that is pertinent to their specific use cases. Data lineage offers transparency into the origin and transformation of datasets reinforcing trust by verifying data provenance from reliable sources.

Data Privacy and Compliance

It is equally important to ensure that the data is safe to use particularly with regards to personal data or sensitive corporate information.

IDMC’s Data Access Management provides robust access control and de-identification capabilities. Governance teams can centrally establish data protection policies that use metadata to understand the data’s content and the context in which it is being used. These policies ensure sensitive information is masked, transformed or redacted before use, maintaining compliance with privacy regulations.

The policies can be triggered as part of any data pipeline and are automatically enforced through pushdown in common source systems. This automatic enforcement ensures the consistent application of protection measures across many different data ecosystems.

Data Marketplace

IDMC’s Data Marketplace provides an automated data and AI shopping experience for AI teams to discover and access curated datasets and AI models. Data and AI model owners can curate, document and publish collections of data, AI models and systems.

AI teams can leverage marketplace capabilities including a search engine, approval workflows, metadata management and usage analysis to discover and “checkout” the assets they need.

Once access is approved, provisioning can be completely automated, including mapping execution, access control management and external job execution in third-party provisioning engines, to deliver trusted data where and when it's needed by the AI team.

Observe

With AI observability, governance teams are alerted to potential problems early, allowing them to be addressed promptly.

Foster Accurate and Responsible AI

Transitioning AI projects from early pilots and prototypes to robust, production-ready solutions requires rigorous testing and evaluation. AI systems should demonstrate responsible AI characteristics such as validity, reliability, accuracy, fairness and enhanced privacy. Although these traits can initially be assured through testing and validation, they may change over time due to data drift, model staleness, model version upgrades and environment changes. Continual monitoring of the AI system is needed to maintain confidence.

IDMC provides AI and governance teams multiple layers of monitoring and observability throughout the AI lifecycle:

Evaluation Metrics

During model selection, AI development teams can leverage detailed metadata, encompassing input/output data formats, model architecture, parameters, libraries, training data and source repositories. Evaluation metrics capture accuracy, fairness and other key performance indicators.

Model Drift Metrics

Once an AI model is deployed, performance is continuously measured; visualizations of model drift and bias help alert teams when significant deviations occur, ensuring issues can be addressed promptly.

Observability of AI System Input Data

The effectiveness of AI models hinges largely on the quality of the data they utilize. Inaccurate or biased data can lead to flawed predictions, exacerbate existing biases and induce incorrect outputs. To mitigate this, data observability involves the ongoing monitoring of the data ingested by AI systems. This practice ensures the accuracy and reliability of input data, thereby preventing potential issues from arising in the outputs of the system.

Observability of AI System Output Data

By comparing output data against established statistical baselines, the observability framework detects anomalies that could indicate potential issues, ensuring that the AI’s results remain trustworthy.

Governance Dashboards

Custom dashboards provide governance teams with real-time insights into AI models, projects and data flows (both input and output), enabling rapid identification and resolution of potential issues across the organization.

Audit Trail

A complete audit trail is maintained for AI models, capturing metadata around algorithm types, model architectures and training data to support explainability and interpretability while ensuring accountability throughout the model’s lifecycle. 

As AI becomes embedded in core business processes, organizations face increasing pressure to deploy responsibly, securely and at scale. AI governance enables innovation with control to earn stakeholder trust and maximize the value of your data.

Informatica’s AI governance solution delivers an integrated, metadata-driven framework on four foundational concepts — inventory, control, deliver and observe — to help enterprises navigate the complexities of AI development and deployment with confidence. By extending enterprise data governance to cover AI models, data pipelines, access policies and operational metrics, Informatica enables you to manage risk, ensure compliance and deliver trusted AI outcomes.

With Informatica, you gain visibility and control across the entire AI lifecycle, from data sourcing and model registration to lineage, monitoring and operational accountability. This allows your organization to move faster, mitigate risk and unlock the full strategic potential of AI — securely and responsibly.

Contact us to explore how Informatica can transform and elevate your AI governance approach.

Learn more

The Data and AI Governance Program Workbook

Chart the Course for Responsible AI Governance

Responsible AI for Dummies

_{¹The state of AI: How organizations are rewiring to capture value, McKinsey, March 2025
²https://artificialintelligenceact.eu/article/99/
³https://www.informatica.com/blogs/cdo-insights-2025-global-data-leaders-racing-ahead-despite-headwinds-to-being-ai-ready-latest-survey-finds.html
⁴Available in Cloud Data Governance and Catalog from July 2025}