At the weekly Coffee with Digital Trailblazers that I host on LinkedIn on Fridays at 11am ET, our discussions often lead to the governance that CIOs, CTOs, and CDOs must have in place to drive safe and smart innovations in their organizations.

However, we also reflect on how governance is a loathed word – one that’s challenging for leaders to define and enforce, while employees struggle to understand and follow complex rules written as policies.

Poor governance amplifies risks,  promotes inefficiencies, and can lead to organizational chaos, especially when C-levels seek self-organizing teams. So, at the Coffee Hour, we’ve been debating better terms for governance and easier ways to communicate more straightforward policies.

Why one-page non-negotiables

In Digital Trailblazer, I recommend that C-leaders use “one-pagers” as communication tools. For example, the StarCIO Vision Statement Template is a one-pager that helps StarCIO Digital Trailblazers communicate the benefactors, value proposition, strategic value, and urgency of their initiative.

“One‐pagers to describe reference architectures, data models, customer personas, roadmaps, service level objectives, security fundamentals, user experience standards, and style guides—each with a context, scope, and authorities to evolve them over time. Use simple to understand, Twitter‐length language. Add pictures and diagrams where they truly simplify a thousand words.” – Digital Trailblazer: Essential Lessons to Jumpstart Transformation and Accelerate Your Technology Leadership (p. 239). Wiley.

One-pagers do not fully define governance, but they can be key communication tools when focusing on the essentials employees must understand. One pagers require brevity, simplicity, and prioritizing key tenets or practices. They help drive culture change by aligning employees and setting clear expectations.

Some leaders call them “first principles,” but I prefer the term “non-negotiables,” a phrase a StarCIO client I admire introduced to her team to ensure employees understood and followed several crystal-clear guidelines. Organization leaders should debate whether a standard, principle, or other governance is non-negotiable and carefully write it in simple-to-understand and measurable language. Once the behavior is indoctrinated and workflow automation is implemented, leaders can move the non-negotiable into their governance framework and make room for new non-negotiables on the one-pager.

Over the next few months, I plan to share non-negotiables in several areas, including product management-led innovation, agile/DevOps, and leadership development. For today’s article, I share several AI and data governance non-negotiables recommended by several experts.

Non-negotiables are not one-size-fits-all, and as already noted, they need to be crafted to address the behaviors, compliance requirements, and best practices leaders want to ingrain. Please contact StarCIO if you need advisory help on creating non-negotiables, self-organizing standards, and other governance.  

AI and data governance non-negotiables

Data and AI impact the entire organization, and there’s a critical need to explain regulations, compliance factors, standards, and best practices. Proactive data governance requires dataops technologies, robust data pipelines, data governance platforms, easy-to-understand policies, data quality KPIs, and documented responsibilities. Organizations investing in gen AI tools and leveraging LLMs should augment their data governance with AI governance principles.

It’s a long list, so it isn’t trivial to simplify a one-pager.

Many organizations assign a chief data officer to oversee data and AI governance, and the governing committee often includes representation from risk management, legal, information security, business leaders, and IT.  

Below are six non-negotiables to consider in an AI and data governance one-pager. They need more specificity for your organization.

1.  Data owners are responsible for defining access policies and establishing trust

 “As data and AI increasingly shape business decisions, CIOs must establish firm governance standards prioritizing transparency, accountability, and ethical use,” says Ram Ramamoorthy, head of AI research at ManageEngine. Two specific recommendations:

• Data governance should ensure data quality, security, and regulatory compliance, with clear policies on data ownership, lineage, and access control.
• AI governance should mandate explainability, fairness, and transparency in AI models to prevent bias and build trust.

Ramamoorthy recommends regular audits of data and AI systems to help maintain these standards, ensuring alignment with evolving regulations and ethical expectations while enabling confident, compliant AI use at scale.

How to make this non-negotiable: Many data owners are also end-users of their data. Before enabling their access and usage, ensure owners follow through on their responsibilities (like setting access policies) and that their data meets minimal health, quality, and trust metrics.

2.  Measure all data sets’ bias and data quality before using them

For organizations that struggle to define data owners or hold them accountable, creating non-negotiable data quality metrics may be an easier non-negotiable to administer.

“AI-powered transformation of processes, business functions, or even companies, necessitate effective AI and data governance practices,” says Kapil Vyas, CIO of  Automation Anywhere. “Non-negotiables include ethical standards, using datasets that are diverse and without bias, and accuracy of AI output, which will vary with the use case.”

How to make this non-negotiable:  Vyas recommends, “Have a decision-making framework for datasets and AI usage – who can create or update data and how can it be used? AI can’t just be a “black box” – to be trusted, AI decision-making needs processes and systems that operate within clear, ethical boundaries and with transparency.”

3.  All data sets used in ML or AI must trace data lineage

Several experts recommend raising the data governance bar for data sources used in ML and AI.

“As organizations scale their DataOps and AIOps practices, data lineage and traceability become non-negotiable,” says Justin Mullen, CEO and co-founder of Dataops.live. “CIOs must ensure every data transformation and AI model is fully traceable to safeguard data products’ accuracy and trustworthiness while meeting compliance and auditability demands. This traceability is essential for regulatory purposes and for building a culture of trust in AI-driven decisions.”

How to make this non-negotiable: The key to making this non-negotiable a reality is selecting tools and developing expertise where the costs for implementing data lineage and robust data pipelines are small, comparable to the value delivered through AI and ML.

4.  Never share sensitive data in public LLMs

Non-negotiables directed at employees and how they use data, analytics, and AI must be specific and simple.

Kaycee  Lai, CEO and founder of Promethium, says, “A non-negotiable when it comes to governance in an AI world is to ensure that trustworthiness and governance are upheld at all times, meaning in particular that no sensitive data is ever shared with public LLMs.”

Lai says fragmented data management approaches can’t guarantee this level of control, often leading to security gaps, and recommends data fabrics to enforce strict security policies.

How to make this non-negotiable: While this directive is simple, the challenge is ensuring all employees know what data is sensitive and making it difficult for them to share this data on public LLMs. Large enterprises should consider data fabrics to manage data across multi-cloud environments and multiple data management platforms.

5.  Data scientists must follow DevOps deployment standards

When should data scientists follow similar standards as software development teams? While they may use different tools, requiring DevOps best practices, including implementing CI/CD pipelines, establishing continuous testing, and ensuring DataOps observability, should be required for production ML models.

“The rapid iteration/deployment of AI models demands that DataOps and AIOps pipelines be governed with robust CI/CD frameworks to ensure that these pipelines support continuous testing, monitoring, and integration of AI models,” says Mullen of Dataops.live. “CI/CD, in this context, keeps the business agile and mitigates the risk of model drift or performance degradation.”

How to make this non-negotiable: CIOs should be open to what DevOps, MLOps, and ModelOps data scientists need to be successful and invest time to get their buy-in on DevOps principles.

6.  Require third-party risk assessments of all platforms and partners with data access

Employees and data scientists are two internal end-users of data and AI. CIOs and CDOs must also mitigate risks with outside parties and platforms that have access to datasets and require third-party risk assessments.

“Accessing the power of AI comes with increased risk to businesses, so data leaders must maintain strong data governance, data security, customer data privacy, and only leverage ethical AI,” says Grant Peterson, chief product officer of Conga. “CIOs must ensure robust safeguards and not compromise on these imperatives, both within their organization and when adding vendor AI capabilities to their solutions, as the right partners will accelerate AI transformation and help manage risk.”

How to make this non-negotiable: The real effort here is building awareness with employees and department heads on the data supply chain and the risk of third-party data breaches.

What are your AI and data governance non-negotiables?

Please leave a comment here on other AI and data governance non-negotiables that CIOs and CDOs should consider.