Executive Summary
Every major technology shift eventually reaches a point where the conversation changes. Early discussions focus on capability. Attention centres on what the technology can do, how quickly it can be deployed and where it might create value. Over time, however, the conversation matures. The focus shifts away from possibility and towards accountability. Questions emerge around ownership, governance, trust and risk. Artificial intelligence is rapidly reaching that point.
This is what makes Gartner's recent article, AI Governance and TRiSM: Your Questions Answered, particularly significant. While much of the market remains focused on models, copilots, prompts and agents, Gartner's AI Trust, Risk and Security Management (AI TRiSM) framework signals that enterprise AI is entering a new phase of maturity. The challenge is no longer simply how organizations deploy AI. The challenge is how they govern it, trust it and ultimately scale it across the enterprise with confidence.
For executive leaders, this distinction matters because access to AI is no longer the primary barrier to adoption. Most organizations can access powerful AI capabilities. What remains significantly more difficult is creating confidence in the information feeding those systems, confidence in the decisions they support and confidence in the governance structures surrounding them. AI may be advancing rapidly, but trust continues to move at the speed of governance.
At Data Tiles, we believe Gartner's framework highlights one of the most important realities facing enterprise leaders today. AI can only be trusted if the information it relies upon is trusted. Governance cannot begin at the model layer. It must begin with the data layer. Organizations that attempt to govern AI without first establishing trust in the information ecosystem supporting it may find themselves struggling to scale AI despite significant investment. Those that establish trusted data products, active governance and clear business ownership will be significantly better positioned to move from experimentation to enterprise adoption.
Original Gartner Research
This Market Signal is based on Gartner's article AI Governance and TRiSM: Your Questions Answered by Avivah Litan, Distinguished VP Analyst at Gartner.
Original Article: https://www.gartner.com/en/articles/ai-governance-trism
The article explores how organizations can establish trust, security and accountability as AI adoption accelerates across the enterprise. Gartner argues that governance models designed for traditional technology environments are no longer sufficient for AI-driven organizations and must evolve into operational capabilities that continuously monitor, validate and enforce controls.
What makes the article particularly significant is that it reframes AI governance as a business challenge rather than a purely technical one. The discussion is no longer centred on whether organizations can deploy AI. The discussion is increasingly centred on whether they can trust, govern and scale AI responsibly. This shift represents a meaningful change in market maturity and provides important context for executive leaders navigating their own AI transformation journeys.
A Signal That Enterprise AI Governance Is Growing Up
One of the most interesting aspects of Gartner's AI TRiSM framework is that it reveals how quickly the enterprise AI conversation is evolving. Over the past several years, most AI discussions have focused on capability. Organizations have explored what AI can do, how quickly it can be implemented and where it might generate value. The majority of conversations have revolved around models, platforms and innovation opportunities. Yet as AI adoption accelerates, a different set of questions is beginning to emerge.
Leaders are increasingly asking whether AI outputs can be trusted, who is accountable when AI influences a decision, how governance policies can be applied consistently and how risk can be monitored as AI systems become more autonomous. These questions reflect a natural progression in organizational maturity. As AI moves from experimentation into everyday operations, trust becomes more important than novelty.
This shift becomes even more significant as agentic AI begins to move from concept to reality. Traditional analytics systems delivered information. Machine learning systems delivered predictions. AI agents are increasingly capable of initiating actions, orchestrating workflows and interacting directly with operational processes. The governance challenge changes significantly when systems are no longer simply informing decisions but are beginning to influence how those decisions are executed.
In that environment, governance can no longer sit outside the operational process. Policies documented in governance frameworks are valuable, but they are not enough. Governance must become operational. It must become continuous. Most importantly, it must become active while information is being accessed, decisions are being made and actions are being taken.
This is ultimately what Gartner's AI TRiSM framework is pointing towards. The future of governance is not oversight alone. The future of governance is operational enforcement.
The Governance Gap Beneath Most AI Strategies
What makes Gartner's framework particularly relevant is that it exposes a challenge many organizations have not yet fully addressed.
Most AI governance initiatives begin with AI itself. Organizations evaluate models, implement prompt controls, conduct security reviews and establish monitoring frameworks. These are all sensible activities and will remain important components of any governance strategy. However, relatively few organizations apply the same level of attention to the information feeding those systems.
This creates a fundamental problem because AI systems inherit the characteristics of the environments that support them. If ownership is unclear, AI inherits that uncertainty. If governance is inconsistent, AI inherits that inconsistency. If access controls are fragmented, those weaknesses become embedded within the AI ecosystem itself. If business meaning has been lost somewhere between source systems and consumption layers, AI inherits that confusion as well.
This reality is often overlooked because organizations tend to view AI as a technology challenge. In practice, many AI challenges are information challenges. The quality of AI outcomes is directly influenced by the quality, governance and trustworthiness of the information ecosystem beneath it.
This is one of the reasons many organizations struggle to move beyond pilot programs despite significant investment in AI. The models may perform exactly as intended. The technology may work as designed. Yet confidence remains elusive because the underlying information landscape lacks the ownership, governance and trust required to support enterprise-scale decision making.
The industry has spent years discussing how to govern AI. Perhaps the more important question is whether the information supporting AI is governed in the first place.
From our perspective, this is where the real AI readiness gap begins to emerge. Enterprise AI readiness is not simply about selecting the right model or deploying the right platform. It is about creating an information environment that AI can operate within confidently, transparently and responsibly.
That foundation begins with trusted data products.
Why Trusted Data Products Matter More Than Ever
The AI conversation has largely focused on models. The governance conversation has largely focused on policies. Yet neither can solve the trust problem on their own.
Trust emerges when information is understood, governed, owned and controlled in a way that the business can confidently rely upon. This is where trusted data products become increasingly important. While the industry often talks about data as an asset, organizations rarely make decisions based on raw data alone. Decisions are made using information that has been interpreted, contextualized and aligned to a business outcome. The challenge is that, over time, that context is often lost as information moves through multiple systems, teams and processes.
The result is familiar to most organizations. Different teams interpret the same information differently. Ownership becomes difficult to identify. Governance becomes increasingly disconnected from operational usage. Trust erodes not because the data is necessarily wrong, but because confidence in its meaning, ownership and accountability becomes increasingly difficult to maintain.
AI amplifies this challenge. When a human encounters uncertainty, they can often compensate through experience, judgement and contextual understanding. AI systems cannot. They rely entirely on the information made available to them. If that information lacks context, ownership or governance, the AI inherits those weaknesses. The result may be technically accurate outputs that are nevertheless difficult for the business to trust.
This is why trusted data products are becoming such an important concept within modern information architectures. A trusted data product is not simply a dataset packaged differently. It is a business asset that combines information, context, ownership, governance and accountability into a reusable and understandable form. It allows organizations to move beyond managing data as a technical resource and begin managing information as a decision-making asset.
Viewed through the lens of Gartner's AI TRiSM framework, trusted data products become particularly significant because they address one of the most difficult governance challenges organizations face. They create a mechanism through which governance can move closer to the point where information is actually consumed.
Why Governance Must Move From Documentation To Operation
For many years, governance has largely been implemented as a combination of policies, standards, frameworks and oversight processes. These approaches have provided important foundations for accountability and compliance. However, they were designed for environments where governance could operate at a different pace to decision making.
AI changes that assumption.
AI systems operate continuously. They consume information continuously. They generate outputs continuously. Increasingly, they influence actions continuously. Governance models that depend upon periodic reviews or manual intervention struggle to keep pace with this reality.
This is why Gartner's AI TRiSM framework is so important. At its core, the framework acknowledges that governance must evolve from something organizations document to something organizations operationalize.
Documented governance describes intent. Operational governance enforces intent. Documented governance explains who should have access to information. Operational governance determines who actually has access.
The future of enterprise AI will increasingly depend upon the ability to operationalize governance at scale. As organizations introduce AI agents into business processes, governance cannot remain dependent upon manual intervention alone. Controls must become active, continuous and enforceable.
Where Latttice Aligns With Gartner's Vision
At Data Tiles, we have consistently argued that governance should exist wherever information is accessed, shared and consumed. Governance should not be something organizations describe. It should be something organizations experience.
Latttice enables business teams to create trusted data products without requiring deep technical expertise. These products combine information, business context, ownership structures, governance controls and policy frameworks into assets that can be consumed confidently across the organization. Rather than separating governance from information, governance becomes part of the product itself.
Many governance platforms focus on documenting governance intent. Latttice focuses on operationalizing governance intent. Rather than describing who should have access, controls can be enforced when access occurs. Rather than documenting ownership separately from information, ownership becomes embedded within the product itself. Rather than relying on governance reviews to identify issues after the fact, governance can operate continuously at runtime.
Trusted data products are not simply a data management construct. They are a governance construct, a trust construct and increasingly an AI readiness construct.
How Data Tiles Aligns With Gartner's AI TRiSM Framework
| Gartner AI TRiSM Requirement | Data Tiles Alignment |
|---|---|
| Continuous governance rather than static policies | Latttice applies governance controls at runtime where data is accessed and consumed |
| Strong data and access governance | Business-owned data products include ownership, permissions, policies and accountability |
| Visibility into AI and data usage | Trusted data products create governance boundaries, transparency and auditability |
| Policy enforcement and validation | Governance rules remain attached to data products throughout their lifecycle |
| Agentic AI oversight | AI agents operate on trusted, governed and business-defined data products |
| Governance embedded in operations | Governance becomes part of everyday data usage rather than a separate compliance activity |
Why Lenz Extends The TRiSM Vision
The second part of Gartner's framework focuses on the operation of AI itself. Even when organizations establish governance foundations, they still face an important question. How should AI systems interact with enterprise information?
Lenz enables organizations to build AI agents using trusted business-built data products as their foundation. Rather than connecting AI directly to broad enterprise data estates and relying on downstream controls to manage risk, Lenz agents operate on information that has already been curated, governed and aligned to business outcomes.
Because Lenz operates on trusted data products, the AI does not need to determine which information should be trusted, infer ownership structures or interpret governance requirements. Those foundations already exist within the products themselves. Governance becomes part of the operating environment rather than an external control mechanism.
The result is not simply better governance. The result is greater confidence in the recommendations, decisions and actions AI systems generate because those outcomes are grounded in trusted information, clear ownership structures and governance controls that remain active throughout the decision-making process.
As organizations increasingly explore agentic AI, this relationship between trusted data products and trusted AI agents will become increasingly important. Trust is not created by the model alone. Trust is created by the information ecosystem surrounding it.
Regional and Partner Perspectives
North America Perspective
Across North America, the conversation around AI is changing noticeably. Twelve months ago, most executive discussions focused on capability, experimentation and opportunity. Organizations wanted to understand how quickly AI could be deployed, where productivity improvements might be found and how emerging technologies could create competitive advantage. Today, those conversations are increasingly centred on accountability. Boards want to understand how AI-supported decisions are governed. Regulators want greater transparency. Business leaders want confidence that AI systems can scale without introducing unacceptable levels of risk.
What many organizations are discovering is that governance challenges rarely originate with the AI itself. They originate within fragmented information ecosystems where ownership is unclear, governance is inconsistent and business context has been lost over time. In those environments, AI simply amplifies existing weaknesses. The result is often hesitation, uncertainty and an inability to move beyond pilot programs despite significant investment. Organizations are beginning to recognize that successful AI adoption requires more than access to advanced models. It requires trusted information foundations capable of supporting AI at scale.
This is why Gartner's AI TRiSM framework resonates so strongly in the North American market. It acknowledges that governance is no longer an abstract discussion or a compliance exercise. It is becoming an operational requirement. Trusted data products provide a practical path forward because they create a foundation that AI systems can reliably operate upon. When governance becomes embedded within the products supplying information to AI, organizations gain greater visibility, stronger accountability and significantly more confidence in the outcomes being generated. Gartner's framework provides the governance blueprint. Trusted data products provide the operational foundation required to make that blueprint executable.
United Kingdom and Europe Perspective
Across the United Kingdom and Europe, the conversation around AI governance is being shaped not only by technology adoption but also by an increasingly complex regulatory landscape. The introduction of the EU AI Act, alongside established frameworks such as GDPR and growing expectations around transparency, accountability and data protection, is forcing organizations to think differently about how AI is governed. The discussion is no longer simply about innovation. It is increasingly about demonstrating trust, explainability and responsible operational control.
What makes this particularly challenging is that many organizations continue to operate with governance models designed for traditional reporting and compliance environments. AI introduces a different reality. Decisions can be influenced in real time. Information can be accessed dynamically. AI agents may eventually execute actions with limited human intervention. In this environment, governance frameworks that rely solely on documentation, policies and periodic review cycles become increasingly difficult to maintain at scale.
This is why Gartner's AI TRiSM framework is particularly relevant for organizations operating across the UK and Europe. The framework aligns closely with a broader regulatory trend that is pushing governance closer to operational execution. Organizations are increasingly being asked not only to define governance policies, but to demonstrate that those controls are functioning effectively in practice. Trusted data products support this objective by embedding ownership, accountability and governance directly into the information assets AI systems consume. As regulatory expectations continue to evolve, organizations that can operationalize governance will be better positioned to balance innovation with compliance, trust and transparency.
APJ Perspective
Across Asia Pacific, organizations are moving aggressively to capture the opportunities AI presents, but they are doing so across incredibly diverse regulatory environments, operating models and levels of governance maturity. This makes trust one of the most important strategic considerations for leaders across the region. While enthusiasm for AI remains strong, organizations are increasingly recognizing that long-term success depends upon more than rapid deployment. It depends upon creating confidence in the information and governance structures supporting AI initiatives.
Many organizations across APJ are balancing rapid innovation with increasing regulatory expectations, expanding digital economies and growing concerns around data sovereignty. They are attempting to scale AI while maintaining customer trust, protecting sensitive information and ensuring governance obligations are met. This creates a complex operating environment where governance can no longer remain disconnected from business outcomes. Leaders need governance approaches that can adapt across multiple jurisdictions while remaining practical enough to support innovation.
What makes Gartner's AI TRiSM framework particularly valuable in this region is that it shifts the conversation away from technology alone and towards accountability. It encourages organizations to think beyond implementation and begin focusing on how trust is established, how governance is maintained and how confidence can be created as AI becomes embedded within operational processes. Trusted data products create a bridge between governance requirements and business outcomes, enabling organizations to scale AI while maintaining confidence in the information supporting it. As AI adoption accelerates across the region, the organizations that succeed will be those that combine strong governance foundations with a deep understanding of business context and decision making. Technology will remain important, but trust will become the true differentiator.
Partner & Customer Perspective
From a customer and partner perspective, Gartner's AI TRiSM framework reinforces something we encounter regularly. Customers rarely struggle to understand the value of AI. The opportunity is usually clear. What they struggle with is trust.
They want confidence that the information feeding AI systems is accurate. They want to know who owns that information. They want to understand why recommendations are being generated and whether governance controls are functioning as intended. They want assurance that governance is not sitting inside a policy document somewhere, but is actively operating whenever information is accessed and used.
This is where many AI initiatives encounter friction. The technology may be capable. The use case may be compelling. Yet uncertainty surrounding ownership, governance and trust can slow adoption significantly. Business leaders want confidence that AI systems are operating within environments they understand and can explain.
This is why trusted data products are such an important part of the conversation. They create transparency. They establish ownership. They embed governance into everyday usage. Most importantly, they provide a foundation that customers, partners and business leaders can understand.
The combination of Latttice and Lenz creates a practical pathway from governance design to AI execution. It enables organizations to move beyond theoretical discussions about trusted AI and begin building environments where trust becomes part of how AI operates every day. For partners, this represents an opportunity to help customers connect governance strategy directly to business outcomes and AI adoption initiatives. For customers, it creates a clearer path from experimentation to confidence.
Lili Marsh
Head of Partner & Customer Success
The Real AI Readiness Gap
Perhaps the most important aspect of Gartner's AI TRiSM framework is what it reveals about the future direction of enterprise governance. For years, governance has largely been treated as an oversight function operating alongside technology. AI is challenging that assumption. Governance is becoming embedded within operational systems themselves, moving closer to the point where information is accessed, decisions are made and actions are executed.
Organizations that recognize this shift early will be better positioned to scale AI confidently. Those that continue to rely on governance models designed for a pre-AI world may find themselves struggling to balance innovation, trust and accountability as AI adoption accelerates.
Trusted AI begins with trusted information. Trusted information begins with trusted data products.
Gartner's AI TRiSM framework is not simply a framework for governing artificial intelligence. It is a signal that governance itself is evolving. The conversation is moving beyond compliance and oversight towards operational trust. It is moving beyond documentation and towards enforcement. It is moving beyond policies and towards active governance operating in real time.
That is where we believe the real AI readiness gap exists, and it is where the next generation of enterprise AI leaders will differentiate themselves.
References
Primary Research
Litan, A. AI Governance and TRiSM: Your Questions Answered. Gartner.
Original Gartner Article: https://www.gartner.com/en/articles/ai-governance-trism
This Market Signals article represents Data Tiles' interpretation of publicly available Gartner research and industry trends. All Gartner research and intellectual property remain the property of Gartner, Inc.