In a recent episode of The AI in Business Podcast, Shane Wiggins, Director of Product at OneTrust, argued that enterprises need to rethink governance if they want AI to succeed at scale. The frameworks designed for yesterday’s data systems cannot keep up with the speed and complexity of modern AI. Without a fundamental shift, enterprises risk stalling innovation and opening themselves up to compliance failures.
“Traditional data governance models, often designed for structured databases, are not built to manage today’s dynamic, unstructured AI workflows,” Wiggins said. The result, he explained, is “compliance gaps, inconsistent oversight, and even internal conflict over ownership of AI decision-making.” The problem is most visible in industries with sprawling data sets, like insurance and healthcare.
This lack of visibility into unstructured data is exactly what legacy governance tools were not designed to address. And yet, as Wiggins pointed out, unstructured data (images, documents, audi) is increasingly where the most valuable AI applications are emerging. Unless governance evolves, enterprises risk losing the trust of regulators, customers, and their own teams.
The regulatory environment only amplifies this pressure. More than 144 countries now have national privacy laws, covering over 80 percent of the world’s population. On top of that, at least 45 AI-specific regulations are expected globally by 2026. The European Union’s AI Act alone allows for fines of up to €35 million or 7 percent of global turnover. “It is not just about the existence of the laws,” Wiggins noted, “but also the evolving nature of them. You have to think about designing your processes to be flexible enough to adapt to tomorrow’s rule changes without necessarily grinding innovation to a halt.”
But Wiggins rejects the idea that governance must always slow things down. Instead, he argued for embedding what he calls self-service governance directly into development workflows. Under this approach, product teams have access to a portal where they can see what is already pre-approved and what requires review. “Instead of a three-week cycle for a review process, they are able to go into a self-service portal and launch within hours rather than weeks,” he explained.
The key is that governance becomes both automated and aligned with business risk. Low-risk use cases are provisioned quickly, while higher-risk requests are automatically routed for further review. The result is clarity for developers and confidence for regulators. As Wiggins put it, the goal is “governance essentially to become invisible to developers but visible to auditors.”
Governance is still a hard sell
The challenge: aligning legal, compliance, engineering, and data science teams around a shared playbook. “You have so many different stakeholders in this process,” Wiggins said. “Getting them in the room from the beginning with requirements baked into the governance cycle will enable you to launch AI faster with fewer surprises downstream.”
Transparency with customers and partners is another area where governance can provide a competitive edge. Here, Wiggins pointed to the evolution of “model cards” first introduced by Google, which have since expanded into more comprehensive “AI system cards.” These documents provide context around intended use, data sources, limitations, and potential risks. While they do not expose proprietary details, they give clients enough insight to build trust and confidence in an AI system’s integrity.
Proving the business value of governance is critical, particularly for leaders who see compliance only as a cost center. Wiggins recommended framing impact in terms of cost, speed, trust, and adoption. Inventory completeness is the first benchmark: do you even know how many AI systems are running inside the enterprise? From there, the focus shifts to cost avoidance: every dollar spent on risk management upfront prevents multiples in fines, rework, or crisis response later.
Time to go-live is another tangible metric. Faster approvals mean faster delivery of products to market, which directly affects revenue. Trust, meanwhile, is increasingly a differentiator in sales. “We are seeing a significant amount of deals either hang in the pipeline or draw additional scrutiny because customers are demanding transparency into how AI systems are being built,” Wiggins observed. “When that’s done well, you’re actually turning it into a competitive advantage.”
Industry data supports Wiggins’ view that enterprises are still far behind. A recent survey by Trustmarque found that while 93 percent of organizations are using AI, only 7 percent have embedded governance. Just 8 percent integrate governance into development lifecycles, and fewer than 30 percent practice regular bias testing or maintain audit trails. Without these practices, organizations face what the report called a “ticking time bomb” of regulatory, reputational, and operational risks.
Wiggins’ prescription: visibility, automation, self-service workflows, cross-functional alignment, and measurable impact, offers a clear path forward. “There’s knowledge transfer to be had on both sides,” he concluded, “but ultimately they’re both aligning towards the goal of how can we ensure that we’re using this AI to its max but also using it responsibly.”
For enterprises racing to adopt AI, the message is that governance is not a drag on innovation. Done right, it is the strongest competitive differentiator an organization can have.
