Why is the traditional data governance model no longer suitable for artificial intelligence/machine learning?
I. Overview
During the development of the AI/ML data preparation framework for the regulatory system, a question keeps emerging: Given the scalability of AI/ML, is traditional data governance still applicable when applied to AI/ML?
After a detailed review of existing industry frameworks, including the NIST AI Risk Management Framework and emerging data governance standards, the answer is obvious. Traditional data governance remains crucial, but it alone is no longer sufficient to address large language models and modern AI systems.
The traditional governance model is designed for the deterministic world of structured data, where system behavior is predictable and the verification process is largely static. AI/ML systems operate quite differently. They are probabilistic, adaptive, and constantly influenced by new data. Models learn, drift, and in some cases, even "hallucinate." Applying static governance controls to these dynamic systems results in key risks such as model drift, algorithmic bias, and lack of interpretability remaining largely unmanageable.
Traditional data governance provides the necessary foundation, but it alone is not sufficient to effectively govern AI/ML systems. This leads to a practical problem that organizations must now address: In an AI-driven environment, where is traditional data governance still applicable, and where does it fall short?
To effectively manage AI, we must shift from data governance to AI governance (usually in the form of machine learning operations governance). For decades, data governance has been the cornerstone of corporate compliance, especially in regulated industries. It was initially designed for the deterministic world: structured rows and columns, binary access controls, and static definitions of truth. However, the rapid spread of generative AI (GenAI) and large language models (LLMs) has introduced a probabilistic paradigm, making these traditional control measures necessary but insufficient to address the challenges of AI.
This article analyzes why traditional governance models fail to effectively control AI risks, identifies specific failure points (such as "vector blind spots" and the "mosaic effect"), and proposes an "enhanced governance" framework. This approach combines existing data investments with a new "AI control plane" that complies with emerging standards (such as the NIST AI Risk Management Framework (AI RMF) and ISO 42001).
II. Core Friction: Determinism vs. Probability
The fundamental failure of the traditional governance approach lies in the nature of the assets being governed.
The traditional governance approach regulates " storage."
It assumes that data is largely static and that risks can be managed by controlling how data is created, stored, accessed, and changed. For example, if a database field contains "Age: 45," the governance mechanism ensures that the value is accurate, traceable, protected by appropriate access controls, and can only be modified through an approved change process. If these control measures are in place, the data is considered compliant and trustworthy.
However, AI governance must govern " behavior."
Large language models and other AI systems do not passively accept data. They are dynamic agents capable of interpreting, integrating, and inferring information in a non-programmatic way. Even if the underlying data is complete, verified, and fully compliant, the behavior of the model can still pose risks.
Consider a pharmacovigilance application case. An organization may have a well-managed safety database containing accurate and approved adverse event reports, case narratives, and MedDRA coding terms. From a traditional management perspective, this data meets all integrity and access permission requirements. However, a logical model (LLM) used for signal detection or case summarization may still combine irrelevant adverse events, infer undetermined causal relationships, or generate seemingly reliable but incorrect safety signal summaries. In this case, the risk does not come from incorrect data but from how the model interprets and presents the data.
The traditional governance approach does not ask the following questions:
- How does the model aggregate and interpret adverse event information from different cases?
- Under what circumstances might it overestimate or underestimate potential safety signals?
- When must a human safety reviewer intervene before a regulatory decision is made?
- How can safety conclusions based on hallucinations or biases be detected and prevented?
The traditional governance mechanism ensures that the data input into the system is accurate. AI governance, on the other hand, must ensure that the output of the model - especially those that influence patient safety decisions - is reliable, interpretable, and appropriately controlled. Without governance mechanisms for model behavior, such as continuous monitoring, interpretability, and clear human supervision, key pharmacovigilance risks cannot be effectively managed even in an environment with a solid data integrity foundation.
What Works in Traditional Governance
The traditional approach remains crucial and can be directly applied to AI/ML processes.
- Data lineage tracking: Mapping data from its source to the point of consumption, which is already standard practice in regulated systems, naturally extends to tracking training datasets through feature engineering.
- Access control: Role-based permissions and audit trails protect sensitive patient data, requiring only refinement at the model endpoint.
- Quality metrics: Integrity, accuracy, and timeliness checks are equally applicable to models fed with raw data.
- Retention policy: Archiving requirements cover key datasets used in model validation.
The following list compares the functions of traditional systems with the new requirements of LLMs. The application scenarios listed here are not an exhaustive list.
III. In - Depth Analysis: Key Implementation Failure Points
Understanding the theoretical deficiencies is one thing, and seeing these deficiencies in practice is another. Three specific "breakpoints" often occur in enterprise - level RAG (Retrieval - Augmented Generation) systems.
A. "Vector" Blind Spots
Traditional governance tools scan databases for personally identifiable information (e.g., looking for Social Security numbers in SQL tables).
The reality of LLMs: LLMs typically use vector databases to store RAG data. When text is converted into vectors (numbers), traditional DLP (Data Loss Prevention) tools can no longer "read" it.
Risk: If you embed a document containing PII into a vector repository, your traditional governance tools will report "safe," but the LLM can retrieve and decode that PII for the user.
B. The Paradox of Access Control ("Mosaic Effect")
In traditional systems, security is binary. Either you have access to a file, or you don't.
The current situation of LLMs: In the RAG framework, LLMs retrieve data chunks to answer questions. Users interact with the model through natural language. The LLM may have a large document index to answer general questions. A user may ask a strategic question, and the model answers by synthesizing restricted document fragments "read" during training. Even if the user does not have direct access to the file, the model will "leak" information. This inference risk is called the "mosaic effect."
Risk: A user requests "List the clinical trial results of recent high - risk patients." Even if the user does not have direct access to the original clinical trial reports, the LLM may access indexed summaries or extracted data chunks approved for other queries. Therefore, the model may inadvertently combine and disclose sensitive patient - level information, effectively bypassing traditional access restrictions.
Now, governance must shift from the file level to the chunk level or vector level.
C. The "Time Freeze" Problem
Traditional data is updated in real - time; when you update a customer's address in the main database, it is immediately reflected everywhere (ideally).
The reality of LLMs: LLMs are trained based on partial data snapshots. They have a "knowledge cutoff point."
Risk: If the policy changes today, the LLM (logical model) will continue to implement the old policy until it is retrained or the RAG knowledge base is updated. The traditional governance approach assumes that the "source of truth" is always up - to - date; however, LLMs deviate from the truth immediately after training. AI governance must manage model drift and concept drift.
IV. Solution: The "Enhanced Governance" Framework
To bridge these gaps without "starting from scratch" and replacing existing investments, organizations can adopt the following defense strategies.
1. Input Governance ("Gold" Layer)
Goal: Protect unstructured data before it reaches the model.
Measure: Data desensitization before embedding. Remove personally identifiable information/personal health information or other sensitive data from documents before they are vectorized. Once data enters the model, it is difficult to remove it (machine learning forgetting).
Curated corpus: Do not use raw data for training. Move from a "data lake" (a data dumping ground) to a "curated corpus" where only data marked as "AI - ready" is indexed. Use tools to add metadata such as "AI - ready" or "Prohibited for training" to unstructured data (PDFs/documents) before they enter the vector database.
2. Feature and Fairness Governance ("Transformation" Layer)
Goal: Ensure fairness and prevent the introduction of implicit discrimination during feature transformation.
Focus: Treat the model as a "black box" that requires external verification.
Action: Feature - level governance. Extend the scope of governance from raw data to engineered features (mathematical transformations used by the model).
Bias and proxy detection: Identify proxy variables that may indirectly re - introduce protected attributes (e.g., shopping habits as a proxy for gender).
Pre - processing audit: Conduct bias assessment during the feature engineering phase, not just during the data ingestion phase, because bias is often introduced during the transformation process, not during storage.
3. Model Transparency Governance ("Interpretability" Layer)
Goal: Ensure that model decisions are interpretable, defensible, and reviewable.
Action: Interpretability requirements. Require interpretable AI (XAI) artifacts (such as SHAP or LIME values) as part of the model release and validation gate.
Logical verification: Verify not only what decision is made but also why it is made (e.g., ensure that an image classifier identifies a wolf by the animal's features rather than the snow in the background).
Audit readiness: Treat interpretability reports as regulated documents, similar to validation documents in traditional systems.
4. Model Governance ("Engine" Layer)
Goal: Treat the model as a "black box" that requires external verification.
Operation: Model cards. In addition to the data dictionary, you need model cards to define the model's intended use, training data snapshot date, and known limitations.
Automated red - team exercises: Implement an "LLM as a judge" evaluation suite. Before deployment, use an independent LLM or other tools (such as TruLens or Arize) to try to "break" the application to test for toxicity or hallucinations.
5. Model Lifecycle Governance ("Time" Layer)
(1) Probability Drift (Model Decay)
Goal: Ensure that the model remains effective as real - world behavior evolves.
Action: Continuous performance monitoring. Implement automated runtime monitoring to track the accuracy, precision, and recall of real - time data.
Drift detection: Detect concept drift when the statistical relationship between inputs and outputs changes (e.g., financial behavior in 2023 no longer represents consumers in 2025).
Governance triggers: Define policy thresholds to automatically trigger alerts, retraining, or rollbacks when performance declines. The traditional governance approach assumes that the system is static and cannot control time - based decay.
(2) Output Governance ("Firewall" Layer)
Goal: Control how the model interacts with users.
Operation: Block - level access control. In the RAG system, the retrieval layer must filter search results based on the user's permissions before providing them to the LLM.
Protective measures: Deploy an interception layer (such as NeMo Guardrails) to scan the generated output content for harmful language or off - topic suggestions and intercept them in real - time. The traditional governance approach never needed to govern "output" content but only storage. We must govern the output content.
(3) Generation Behavior Governance ("Truth" Layer)
Goal: Prevent users from receiving seemingly reliable but actually incorrect results. (Random results and hallucinations)
Action: RAG guardrails. Implement RAG to limit the model to approved authoritative sources rather than open - ended generation.
Argumentation and confidence scoring: Apply argumentation scores to measure the degree of support between the response and the retrieved evidence.
Semantic verification: Traditional data quality checks verify syntax; GenAI governance must verify semantic truth, which requires new control measures beyond traditional rule engines.
V. GenAI Governance Readiness: A Comprehensive Checklist
As enterprises integrate generative AI (GenAI) into business operations, traditional hierarchical governance is no longer sufficient. Machine learning (ML) systems and other AI/ML systems process unstructured data and exhibit probabilistic behavior, creating new risk profiles. To bridge this gap, we have developed this GenAI governance readiness checklist - a structured framework that complies with emerging standards such as the NIST AI RMF and ISO 42001 - aiming to ensure that AI projects are both compliant and trustworthy.
As mentioned above, this framework shifts from "managing storage" to managing behavior and extends the traditional governance approach through artifact - level controls, treating datasets and models as software artifacts.
Phase 1: Data Foundation (Input Layer)
Focus: Protect unstructured data before it reaches the model.
Phase 2: Model and Logic (Engine Layer)
Focus: Treat the model as a "black box" that requires external verification.
Phase 3: Application Layer and RAG Security (Interaction Layer)
Focus: Control how the model retrieves data and communicates with users.
