A new survey of 1,250 data governance executives commissioned by OneTrust offers a detailed snapshot of how organizations are grappling with the realities of AI adoption. The findings are clear: Enterprise use of artificial intelligence has surged, but the governance structures required to manage it have not kept pace. As adoption accelerates, governance is no longer optional — it is becoming a strategic necessity.
The Rapid Rise of AI in Production
Just two years after generative AI tools like ChatGPT and Claude captured public imagination, nearly a quarter of organizations (23%) already report in the above research having generative AI in production. This shift illustrates how quickly large language models have moved from consumer novelty to enterprise infrastructure.
Our own research at Dresner Advisory Services confirms the scale of adoption. Seventeen percent of organizations report being in production with generative AI, 6.5% are deploying agentic AI systems, and significantly more are relying on analytical AI. Together, these figures underscore how enterprises are not merely experimenting with AI — they are embedding it into business processes at scale.
Yet rapid adoption has also introduced new operational and governance burdens. AI is no longer a side project — it now touches multiple business units, interacts with sensitive data, and produces outputs that can directly impact customers, regulators, and financial performance.
Growing Pains in Managing AI
While enthusiasm for AI adoption is strong, managing it effectively is another matter. In 2025, our research shows that 62% of survey respondents report difficulty governing AI. For more than a quarter (28%), the challenge is severe. Oversight is consuming far more organizational energy: OneTrust’s survey found time spent managing AI risk has jumped 37% compared to last year.
This is not surprising given the scope of what’s at stake. AI adoption has made privacy, compliance, and risk management dramatically more complex. Unlike traditional software, AI models are probabilistic, adaptive, and capable of generating outcomes that are harder to predict or explain. As Blake Brannon, OneTrust’s chief innovation officer, summarized: “The speed of AI innovation has exposed a fundamental mismatch. While AI projects move at unprecedented speed, traditional governance processes are operating at yesterday’s pace.”
Seventy-three percent of organizations say AI has exposed critical gaps in visibility, collaboration, and policy enforcement. These gaps are most pronounced among advanced adopters — 86% of whom acknowledge weaknesses in oversight. The message is consistent: AI is not just adding new governance challenges, it is revealing long-standing structural weaknesses.
Budgets, Bodies, and the Governance Gap
Organizations are not standing still. Nearly all respondents (98%) plan to increase their governance budgets in the next fiscal year, with an average increase of 24%. This level of investment highlights that governance modernization is being treated as a strategic imperative.
And yet, despite the urgency, formal governance structures remain far from universal. In 2025, our + research found only 41% of organizations report having a formal governance body. While that’s up from 32% the year before, it is still less than half of all enterprises. The presence of formal programs is unevenly distributed across industries and organization sizes.
- Compliance-driven industries lead the way: 50% of regulated firms, 63% of very large enterprises, and most financial services and healthcare organizations have formal governance programs.
- Retail lags badly, with only 11% of organizations reporting formal governance bodies.
- Other industries fall somewhere in between, reflecting different levels of regulatory pressure and risk exposure.
This uneven distribution underscores the central role regulation plays in driving governance adoption. Where regulatory scrutiny is high, governance programs proliferate. Where it is not, progress lags.
From Data Governance to Data and Analytics Governance
These dynamics explain why, several years ago, Dresner Advisory Services shifted its research lens from data governance to data and analytics (D&A) governance. AI adoption makes clear that organizations must treat governance not as a siloed discipline, but as an integrated framework spanning data, analytics, and intelligent systems.
D&A governance is broader in scope than traditional data governance. It encompasses policies, standards, decision rights, procedures, and technologies that govern both data and analytic content across the organization. The goal is not simply control, but confidence—creating an environment in which data and AI can be leveraged responsibly to drive business value.
For D&A governance to succeed, organizations must establish clear roles and responsibilities. These include:
- Executive sponsorship to align governance with strategic priorities.
- Steering committees to balance competing interests and set direction.
- Data owners and stewards to ensure accountability and data quality.
- Subject matter experts to bridge technical expertise and business needs.
In this sense, governance is less about erecting guardrails and more about orchestrating collaboration across functions.
AI as a Catalyst for Modernization
One of the strongest signals in the survey is that AI is serving as a forcing function for governance reform. Eighty-two percent of leaders report that AI risks have driven modernization of their governance practices. Put differently, organizations that might have otherwise delayed investment in governance are now accelerating efforts in direct response to AI adoption.
The modernization is not just about oversight — it is about rethinking priorities. Survey respondents identify data quality and controlled access as the most critical enablers of AI success. Security, privacy, and the governance of data models follow closely behind. Collectively, these priorities reflect an emerging consensus: The real foundation of successful AI is not model architecture, but disciplined, transparent, and enforceable governance of data and analytics.
The Road Ahead: From Hype to Integration
If the first wave of AI adoption was about experimentation, the current wave is about integration. Generative and agentic AI are not theoretical capabilities — they are production systems woven into the fabric of operations. That reality requires a governance foundation that is both robust and adaptable.
Looking ahead, several themes are clear:
- AI is exposing governance gaps that organizations can no longer ignore.
- Governance budgets are rising, but investment must be matched by execution.
- Regulation will remain a primary driver, creating uneven adoption across industries.
- Human and virtual agents must be integrated into governance frameworks to ensure oversight scales with capability.
The broader shift is this: Governance is no longer viewed as a constraint on innovation. It is increasingly recognized as a catalyst. By aligning governance with emerging AI capabilities, organizations can unlock meaningful business value while maintaining trust, compliance, and control.
Conclusion
The data tells a consistent story. AI adoption has moved far beyond pilots and experiments. Enterprises are putting generative, agentic, and analytical AI into production at scale, and in doing so, they are discovering how unprepared many of their governance practices are.
The result is an inflection point. AI has turned governance from an operational concern into a strategic imperative. Organizations that invest in modernized, integrated D&A governance will be positioned to capture AI’s promise responsibly and sustainably. Those that don’t risk being caught in a cycle of adoption without accountability — a path that leads to inefficiency, regulatory exposure, and erosion of trust.
In short: The future of AI is inseparable from the future of governance. The enterprises that understand this — and act accordingly — will lead the next era of data-driven business.
