What does a data strategy for AI actually look like?
A short summary
Most organisations believe they are “doing data”. They have platforms, dashboards, pipelines and compliance frameworks.
Yet many still struggle to produce consistent metrics, trusted analysis or AI systems that work beyond experimentation.
In practice, many enterprise data strategies were never designed for AI, leaving organisations unprepared for machine-led access, governance and scale.
A data strategy for AI is not a document or a set of principles. It is an operating model that determines whether data can be queried, controlled, audited and governed at scale. Without it, AI initiatives don't get off the ground, not because the models fail, but because the foundations aren't there.
Across the industry, one idea is repeated so often it feels beyond question: to adopt AI successfully, organisations need a strong data strategy.
That statement is true. But it hides a more uncomfortable reality.
Most organisations don’t actually lack data platforms or tooling. What they lack is a cohesive enterprise data platform and strategy that is ready for AI. Instead, they operate a collection of siloed data systems that have evolved organically over time, each built to solve a local problem.
Some of this data flows upwards into BI tools, creating the impression that things are under control. But scratch the surface and familiar issues appear: inconsistent definitions, duplicated datasets, and errors that are known but never corrected because fixing them at source sits too low on the priority list.
The proof is everywhere, and despite years of investment, many organisations still struggle to answer basic questions with confidence. Metrics change depending on who runs the report. Trust lives in people, not in systems.
That isn’t the sign of a weak data strategy. It’s the sign that there isn’t one, and AI is exposing that very quickly.
AI doesn’t use data the way people do
Traditional data environments were built with people in mind. They assume human interpretation, contextual understanding and the ability to question or override results.
AI doesn’t work like that.
AI systems access data directly. They do it repeatedly, automatically and at scale. They don’t reconcile ambiguity, infer intent or pause when something feels off. Whatever they are given, they amplify, quickly and confidently.
This is why so many AI initiatives never escape experimentation. Dashboards look impressive. Proofs of concept show promise. But as soon as organisations try to operationalise AI - enabling query, prediction, enrichment or conversational access, the cracks start to show.
A data strategy for AI isn’t about aspiration. It’s about whether the technology and data platforms and structures can actually support machine-led consumption.
If your data doesn't agree on it's meaning, AI never will
When people talk about “structured data”, they often mean where data is stored. For AI, structure is about something else entirely: consistent meaning.
A usable source of truth requires:
Clear, enforced data models, with schemas that are explicit, versioned and validated
Predictable, traceable transformations, so the same input always produces the same output
Consistent, enterprise-wide definitions that don’t change depending on system, team or reporting context
When organisations run multiple platforms with loosely aligned schemas, AI doesn’t resolve the differences, it absorbs them. The result is AI that looks sophisticated on paper but behaves unreliably in practice.
When trust in AI erodes, it’s rarely because the model is wrong.
It’s because the data never agreed with itself.
AI fails when data can’t be queried at scale
AI can’t work with data it can’t reliably access.
That sounds obvious, but it’s one of the most common failure points. Many organisations technically “have” the data they need, but only expose it in very limited ways, often just enough to support front-end applications or visualisations.
That’s fine for dashboards. It’s not enough for evolved AI use cases.
AI use cases such as conversational query, prediction, enrichment and agent-driven workflows depend on:
High-frequency, automated access
Consistent performance under load
APIs designed as products, not afterthoughts
In practice, many organisations are barely scratching the surface of the value in the data they already hold.
Modern AI architectures, including agent frameworks and MCP-style access layers make this limitation very clear. Even the most advanced model is constrained by the weakest data interface it depends on. If access is brittle, everything downstream becomes fragile.
Corporate policy doesn’t control AI - systems do
AI systems don’t follow policy. They follow rules.
A practical data strategy for AI defines, in technical terms:
How data access is authenticated
How authorisation is enforced
How internal and external parties are handled
This is especially important because many AI interactions are machine-to-machine. Traditional corporate controls such as employee identity systems or 2FA often don’t apply. Token-based access, scoped entitlements and runtime enforcement are not edge cases, they are foundational.
This is also where many organisations overestimate their maturity.
A significant number work hard to achieve ISO and similar compliance standards. In principle, this should provide confidence. In practice, there is often a wide gap between documented policy and how systems actually behave.
Controls exist on paper, but are not consistently embedded into technology workflows. Enforcement relies on people following process rather than systems enforcing rules. That approach is fragile even in human-led environments. At AI scale, it breaks down entirely.
Compliance frameworks remain valuable, but only when their intent is translated into executable, technical controls. Without that translation, governance becomes an audit exercise rather than an operational safeguard.
If data isn’t explicitly classified, it isn’t governed
Governance frameworks often look robust on paper, but fall apart in practice because the data itself isn’t clearly identifiable.
For AI, classification cannot live in policy documents or spreadsheets. It has to be attached to the data in a way systems can act on.
In practice, that means data must be:
Explicitly classified, so sensitivity, usage constraints and risk are unambiguous
Machine-readable, allowing systems to make decisions without human interpretation
Governed through enforceable rules, not advisory guidelines
Whether classification is implemented through tags, labels, metadata or access policies matters less than consistency and enforcement. What matters is that classification directly influences what systems are allowed to do at runtime.
This is especially important in AI environments, where data is:
Queried dynamically
Combined and enriched across sources
Propagated into downstream models, caches and derived datasets
If classification does not travel with the data, and if systems cannot enforce it automatically, governance stops at the first integration point.
AI can respect boundaries - but only when those boundaries exist in code, not just in policy documents no system ever reads.
At AI scale, “we think this happened” isn’t good enough
As AI systems influence more decisions, organisations need to know what is actually happening inside their data and AI environments, not just what was intended to happen.
At AI scale, visibility has to move beyond logs that are checked after the fact. A credible data strategy provides continuous, machine-level audit capability across access and execution.
In practice, that means being able to answer:
Who accessed which data, whether human, system or agent
What was requested, including parameters, scope and purpose
Whether the request succeeded, failed or partially completed
How the system behaved under load, including latency, errors and degradation
This level of visibility is not just about compliance. It’s about confidence.
When an executive, customer or regulator asks, “Why did the system do this?”, the answer cannot rely on inference or reconstruction. It has to be grounded in evidence.
At scale, guessing isn’t good enough.
AI will use expired data unless you stop it
Data has a lifecycle, just like content or media rights.
Availability windows, licence constraints and contractual limits don’t enforce themselves. If AI systems are given clear, machine-readable rules about what data is valid, and for how long, they will respect them. If they aren’t, they will continue to use data long after it should have expired.
This is not an AI problem.
It’s a data controls problem.
In practice, time-bound data governance requires:
Explicit validity windows attached to data, not buried in contracts or policy documents
Runtime checks at the point of access, so expiry is enforced automatically rather than reviewed manually
Consistent behaviour across pipelines and models, ensuring expired data isn’t reintroduced downstream through caching, enrichment or derived datasets
Our industries of sports, media and entertainment already operate this way for content rights and availability windows. Applying the same discipline to data is not a conceptual leap - it’s an operational one.
Until lifecycle rules are enforced by systems, AI will continue to use data that humans assume is no longer in play.
You can’t fix AI after the fact
One of the biggest misconceptions about AI governance is the belief that problems can be fixed afterwards.
They can’t.
Trying to correct AI is like trying to take an egg out of a baked cake. Once data has been accessed, learned from and propagated through multiple pipelines and models, control is largely gone. In modern AI workflows, systems routinely feed other systems, and sometimes themselves, making retroactive correction impractical at best.
This is why effective governance focuses on what happens before and during access, not after.
In practice, that means:
Preventing the wrong data from being used in the first place, through explicit classification, enforceable access rules and runtime authorisation - not reliance on policy or convention.
Being able to revoke or correct data at the source, with changes automatically respected by downstream systems, models and agents.
Ensuring lineage and propagation are understood, so organisations know where data has flowed and which systems are affected when something changes.
These controls don’t need to be complex, but they do need to be technical. Governance that exists only in documents cannot operate at AI scale.
If governance can’t be enforced by systems, it won’t scale, no matter how well written the policy is.
Strategy doesn’t have to mean paralysis
One of the reasons data strategy conversations stall is that “strategy” is often interpreted as a large, upfront organisational shift - new operating models, new governance structures, new everything.
In practice, that approach delays progress rather than enabling it.
Becoming AI-ready does not require a single, monolithic strategy programme. It requires pragmatic programmes of work that change how data behaves in the systems that matter most.
These typically start with:
Making a critical dataset consistently queryable through a robust API
Introducing enforceable access and lifecycle controls where none exist today
Standardising definitions and transformations in a high-impact domain
None of these require waiting for enterprise alignment. But together, they create momentum, and tangible progress towards AI-capable systems.
Organisations that move in this way make measurable strides. Those that wait for a perfect strategy often find themselves having the same conversations years later, with little to show for it.
For AI, readiness is built incrementally. Strategy follows progress, not the other way around.
What this means for leaders
A data strategy for AI isn’t about producing more policy documents.
It’s about whether data can be:
Queried reliably
Controlled at runtime
Audited end to end
Governed throughout its lifecycle
Organisations that treat data as infrastructure, not just as a by-product of applications are already unlocking more value from analytics, automation and generative AI. Those that don’t will keep wondering why AI never quite makes it into production.
AI doesn’t fail because organisations lack ambition.
It fails because the data strategy was never built for it - and progress stalls while organisations debate strategy instead of delivering change.
What does a data strategy for AI actually look like?
A short summary
Most organisations believe they are “doing data”. They have platforms, dashboards, pipelines and compliance frameworks.
Yet many still struggle to produce consistent metrics, trusted analysis or AI systems that work beyond experimentation.
In practice, many enterprise data strategies were never designed for AI, leaving organisations unprepared for machine-led access, governance and scale.
A data strategy for AI is not a document or a set of principles. It is an operating model that determines whether data can be queried, controlled, audited and governed at scale. Without it, AI initiatives don't get off the ground, not because the models fail, but because the foundations aren't there.
Across the industry, one idea is repeated so often it feels beyond question: to adopt AI successfully, organisations need a strong data strategy.
That statement is true. But it hides a more uncomfortable reality.
Most organisations don’t actually lack data platforms or tooling. What they lack is a cohesive enterprise data platform and strategy that is ready for AI. Instead, they operate a collection of siloed data systems that have evolved organically over time, each built to solve a local problem.
Some of this data flows upwards into BI tools, creating the impression that things are under control. But scratch the surface and familiar issues appear: inconsistent definitions, duplicated datasets, and errors that are known but never corrected because fixing them at source sits too low on the priority list.
The proof is everywhere, and despite years of investment, many organisations still struggle to answer basic questions with confidence. Metrics change depending on who runs the report. Trust lives in people, not in systems.
That isn’t the sign of a weak data strategy. It’s the sign that there isn’t one, and AI is exposing that very quickly.
AI doesn’t use data the way people do
Traditional data environments were built with people in mind. They assume human interpretation, contextual understanding and the ability to question or override results.
AI doesn’t work like that.
AI systems access data directly. They do it repeatedly, automatically and at scale. They don’t reconcile ambiguity, infer intent or pause when something feels off. Whatever they are given, they amplify, quickly and confidently.
This is why so many AI initiatives never escape experimentation. Dashboards look impressive. Proofs of concept show promise. But as soon as organisations try to operationalise AI - enabling query, prediction, enrichment or conversational access, the cracks start to show.
A data strategy for AI isn’t about aspiration. It’s about whether the technology and data platforms and structures can actually support machine-led consumption.
If your data doesn't agree on it's meaning, AI never will
When people talk about “structured data”, they often mean where data is stored. For AI, structure is about something else entirely: consistent meaning.
A usable source of truth requires:
Clear, enforced data models, with schemas that are explicit, versioned and validated
Predictable, traceable transformations, so the same input always produces the same output
Consistent, enterprise-wide definitions that don’t change depending on system, team or reporting context
When organisations run multiple platforms with loosely aligned schemas, AI doesn’t resolve the differences, it absorbs them. The result is AI that looks sophisticated on paper but behaves unreliably in practice.
When trust in AI erodes, it’s rarely because the model is wrong.
It’s because the data never agreed with itself.
AI fails when data can’t be queried at scale
AI can’t work with data it can’t reliably access.
That sounds obvious, but it’s one of the most common failure points. Many organisations technically “have” the data they need, but only expose it in very limited ways, often just enough to support front-end applications or visualisations.
That’s fine for dashboards. It’s not enough for evolved AI use cases.
AI use cases such as conversational query, prediction, enrichment and agent-driven workflows depend on:
High-frequency, automated access
Consistent performance under load
APIs designed as products, not afterthoughts
In practice, many organisations are barely scratching the surface of the value in the data they already hold.
Modern AI architectures, including agent frameworks and MCP-style access layers make this limitation very clear. Even the most advanced model is constrained by the weakest data interface it depends on. If access is brittle, everything downstream becomes fragile.
Corporate policy doesn’t control AI - systems do
AI systems don’t follow policy. They follow rules.
A practical data strategy for AI defines, in technical terms:
How data access is authenticated
How authorisation is enforced
How internal and external parties are handled
This is especially important because many AI interactions are machine-to-machine. Traditional corporate controls such as employee identity systems or 2FA often don’t apply. Token-based access, scoped entitlements and runtime enforcement are not edge cases, they are foundational.
This is also where many organisations overestimate their maturity.
A significant number work hard to achieve ISO and similar compliance standards. In principle, this should provide confidence. In practice, there is often a wide gap between documented policy and how systems actually behave.
Controls exist on paper, but are not consistently embedded into technology workflows. Enforcement relies on people following process rather than systems enforcing rules. That approach is fragile even in human-led environments. At AI scale, it breaks down entirely.
Compliance frameworks remain valuable, but only when their intent is translated into executable, technical controls. Without that translation, governance becomes an audit exercise rather than an operational safeguard.
If data isn’t explicitly classified, it isn’t governed
Governance frameworks often look robust on paper, but fall apart in practice because the data itself isn’t clearly identifiable.
For AI, classification cannot live in policy documents or spreadsheets. It has to be attached to the data in a way systems can act on.
In practice, that means data must be:
Explicitly classified, so sensitivity, usage constraints and risk are unambiguous
Machine-readable, allowing systems to make decisions without human interpretation
Governed through enforceable rules, not advisory guidelines
Whether classification is implemented through tags, labels, metadata or access policies matters less than consistency and enforcement. What matters is that classification directly influences what systems are allowed to do at runtime.
This is especially important in AI environments, where data is:
Queried dynamically
Combined and enriched across sources
Propagated into downstream models, caches and derived datasets
If classification does not travel with the data, and if systems cannot enforce it automatically, governance stops at the first integration point.
AI can respect boundaries - but only when those boundaries exist in code, not just in policy documents no system ever reads.
At AI scale, “we think this happened” isn’t good enough
As AI systems influence more decisions, organisations need to know what is actually happening inside their data and AI environments, not just what was intended to happen.
At AI scale, visibility has to move beyond logs that are checked after the fact. A credible data strategy provides continuous, machine-level audit capability across access and execution.
In practice, that means being able to answer:
Who accessed which data, whether human, system or agent
What was requested, including parameters, scope and purpose
Whether the request succeeded, failed or partially completed
How the system behaved under load, including latency, errors and degradation
This level of visibility is not just about compliance. It’s about confidence.
When an executive, customer or regulator asks, “Why did the system do this?”, the answer cannot rely on inference or reconstruction. It has to be grounded in evidence.
At scale, guessing isn’t good enough.
AI will use expired data unless you stop it
Data has a lifecycle, just like content or media rights.
Availability windows, licence constraints and contractual limits don’t enforce themselves. If AI systems are given clear, machine-readable rules about what data is valid, and for how long, they will respect them. If they aren’t, they will continue to use data long after it should have expired.
This is not an AI problem.
It’s a data controls problem.
In practice, time-bound data governance requires:
Explicit validity windows attached to data, not buried in contracts or policy documents
Runtime checks at the point of access, so expiry is enforced automatically rather than reviewed manually
Consistent behaviour across pipelines and models, ensuring expired data isn’t reintroduced downstream through caching, enrichment or derived datasets
Our industries of sports, media and entertainment already operate this way for content rights and availability windows. Applying the same discipline to data is not a conceptual leap - it’s an operational one.
Until lifecycle rules are enforced by systems, AI will continue to use data that humans assume is no longer in play.
You can’t fix AI after the fact
One of the biggest misconceptions about AI governance is the belief that problems can be fixed afterwards.
They can’t.
Trying to correct AI is like trying to take an egg out of a baked cake. Once data has been accessed, learned from and propagated through multiple pipelines and models, control is largely gone. In modern AI workflows, systems routinely feed other systems, and sometimes themselves, making retroactive correction impractical at best.
This is why effective governance focuses on what happens before and during access, not after.
In practice, that means:
Preventing the wrong data from being used in the first place, through explicit classification, enforceable access rules and runtime authorisation - not reliance on policy or convention.
Being able to revoke or correct data at the source, with changes automatically respected by downstream systems, models and agents.
Ensuring lineage and propagation are understood, so organisations know where data has flowed and which systems are affected when something changes.
These controls don’t need to be complex, but they do need to be technical. Governance that exists only in documents cannot operate at AI scale.
If governance can’t be enforced by systems, it won’t scale, no matter how well written the policy is.
Strategy doesn’t have to mean paralysis
One of the reasons data strategy conversations stall is that “strategy” is often interpreted as a large, upfront organisational shift - new operating models, new governance structures, new everything.
In practice, that approach delays progress rather than enabling it.
Becoming AI-ready does not require a single, monolithic strategy programme. It requires pragmatic programmes of work that change how data behaves in the systems that matter most.
These typically start with:
Making a critical dataset consistently queryable through a robust API
Introducing enforceable access and lifecycle controls where none exist today
Standardising definitions and transformations in a high-impact domain
None of these require waiting for enterprise alignment. But together, they create momentum, and tangible progress towards AI-capable systems.
Organisations that move in this way make measurable strides. Those that wait for a perfect strategy often find themselves having the same conversations years later, with little to show for it.
For AI, readiness is built incrementally. Strategy follows progress, not the other way around.
What this means for leaders
A data strategy for AI isn’t about producing more policy documents.
It’s about whether data can be:
Queried reliably
Controlled at runtime
Audited end to end
Governed throughout its lifecycle
Organisations that treat data as infrastructure, not just as a by-product of applications are already unlocking more value from analytics, automation and generative AI. Those that don’t will keep wondering why AI never quite makes it into production.
AI doesn’t fail because organisations lack ambition.
It fails because the data strategy was never built for it - and progress stalls while organisations debate strategy instead of delivering change.
What does a data strategy for AI actually look like?
A short summary
Most organisations believe they are “doing data”. They have platforms, dashboards, pipelines and compliance frameworks.
Yet many still struggle to produce consistent metrics, trusted analysis or AI systems that work beyond experimentation.
In practice, many enterprise data strategies were never designed for AI, leaving organisations unprepared for machine-led access, governance and scale.
A data strategy for AI is not a document or a set of principles. It is an operating model that determines whether data can be queried, controlled, audited and governed at scale. Without it, AI initiatives don't get off the ground, not because the models fail, but because the foundations aren't there.
Across the industry, one idea is repeated so often it feels beyond question: to adopt AI successfully, organisations need a strong data strategy.
That statement is true. But it hides a more uncomfortable reality.
Most organisations don’t actually lack data platforms or tooling. What they lack is a cohesive enterprise data platform and strategy that is ready for AI. Instead, they operate a collection of siloed data systems that have evolved organically over time, each built to solve a local problem.
Some of this data flows upwards into BI tools, creating the impression that things are under control. But scratch the surface and familiar issues appear: inconsistent definitions, duplicated datasets, and errors that are known but never corrected because fixing them at source sits too low on the priority list.
The proof is everywhere, and despite years of investment, many organisations still struggle to answer basic questions with confidence. Metrics change depending on who runs the report. Trust lives in people, not in systems.
That isn’t the sign of a weak data strategy. It’s the sign that there isn’t one, and AI is exposing that very quickly.
AI doesn’t use data the way people do
Traditional data environments were built with people in mind. They assume human interpretation, contextual understanding and the ability to question or override results.
AI doesn’t work like that.
AI systems access data directly. They do it repeatedly, automatically and at scale. They don’t reconcile ambiguity, infer intent or pause when something feels off. Whatever they are given, they amplify, quickly and confidently.
This is why so many AI initiatives never escape experimentation. Dashboards look impressive. Proofs of concept show promise. But as soon as organisations try to operationalise AI - enabling query, prediction, enrichment or conversational access, the cracks start to show.
A data strategy for AI isn’t about aspiration. It’s about whether the technology and data platforms and structures can actually support machine-led consumption.
If your data doesn't agree on it's meaning, AI never will
When people talk about “structured data”, they often mean where data is stored. For AI, structure is about something else entirely: consistent meaning.
A usable source of truth requires:
Clear, enforced data models, with schemas that are explicit, versioned and validated
Predictable, traceable transformations, so the same input always produces the same output
Consistent, enterprise-wide definitions that don’t change depending on system, team or reporting context
When organisations run multiple platforms with loosely aligned schemas, AI doesn’t resolve the differences, it absorbs them. The result is AI that looks sophisticated on paper but behaves unreliably in practice.
When trust in AI erodes, it’s rarely because the model is wrong.
It’s because the data never agreed with itself.
AI fails when data can’t be queried at scale
AI can’t work with data it can’t reliably access.
That sounds obvious, but it’s one of the most common failure points. Many organisations technically “have” the data they need, but only expose it in very limited ways, often just enough to support front-end applications or visualisations.
That’s fine for dashboards. It’s not enough for evolved AI use cases.
AI use cases such as conversational query, prediction, enrichment and agent-driven workflows depend on:
High-frequency, automated access
Consistent performance under load
APIs designed as products, not afterthoughts
In practice, many organisations are barely scratching the surface of the value in the data they already hold.
Modern AI architectures, including agent frameworks and MCP-style access layers make this limitation very clear. Even the most advanced model is constrained by the weakest data interface it depends on. If access is brittle, everything downstream becomes fragile.
Corporate policy doesn’t control AI - systems do
AI systems don’t follow policy. They follow rules.
A practical data strategy for AI defines, in technical terms:
How data access is authenticated
How authorisation is enforced
How internal and external parties are handled
This is especially important because many AI interactions are machine-to-machine. Traditional corporate controls such as employee identity systems or 2FA often don’t apply. Token-based access, scoped entitlements and runtime enforcement are not edge cases, they are foundational.
This is also where many organisations overestimate their maturity.
A significant number work hard to achieve ISO and similar compliance standards. In principle, this should provide confidence. In practice, there is often a wide gap between documented policy and how systems actually behave.
Controls exist on paper, but are not consistently embedded into technology workflows. Enforcement relies on people following process rather than systems enforcing rules. That approach is fragile even in human-led environments. At AI scale, it breaks down entirely.
Compliance frameworks remain valuable, but only when their intent is translated into executable, technical controls. Without that translation, governance becomes an audit exercise rather than an operational safeguard.
If data isn’t explicitly classified, it isn’t governed
Governance frameworks often look robust on paper, but fall apart in practice because the data itself isn’t clearly identifiable.
For AI, classification cannot live in policy documents or spreadsheets. It has to be attached to the data in a way systems can act on.
In practice, that means data must be:
Explicitly classified, so sensitivity, usage constraints and risk are unambiguous
Machine-readable, allowing systems to make decisions without human interpretation
Governed through enforceable rules, not advisory guidelines
Whether classification is implemented through tags, labels, metadata or access policies matters less than consistency and enforcement. What matters is that classification directly influences what systems are allowed to do at runtime.
This is especially important in AI environments, where data is:
Queried dynamically
Combined and enriched across sources
Propagated into downstream models, caches and derived datasets
If classification does not travel with the data, and if systems cannot enforce it automatically, governance stops at the first integration point.
AI can respect boundaries - but only when those boundaries exist in code, not just in policy documents no system ever reads.
At AI scale, “we think this happened” isn’t good enough
As AI systems influence more decisions, organisations need to know what is actually happening inside their data and AI environments, not just what was intended to happen.
At AI scale, visibility has to move beyond logs that are checked after the fact. A credible data strategy provides continuous, machine-level audit capability across access and execution.
In practice, that means being able to answer:
Who accessed which data, whether human, system or agent
What was requested, including parameters, scope and purpose
Whether the request succeeded, failed or partially completed
How the system behaved under load, including latency, errors and degradation
This level of visibility is not just about compliance. It’s about confidence.
When an executive, customer or regulator asks, “Why did the system do this?”, the answer cannot rely on inference or reconstruction. It has to be grounded in evidence.
At scale, guessing isn’t good enough.
AI will use expired data unless you stop it
Data has a lifecycle, just like content or media rights.
Availability windows, licence constraints and contractual limits don’t enforce themselves. If AI systems are given clear, machine-readable rules about what data is valid, and for how long, they will respect them. If they aren’t, they will continue to use data long after it should have expired.
This is not an AI problem.
It’s a data controls problem.
In practice, time-bound data governance requires:
Explicit validity windows attached to data, not buried in contracts or policy documents
Runtime checks at the point of access, so expiry is enforced automatically rather than reviewed manually
Consistent behaviour across pipelines and models, ensuring expired data isn’t reintroduced downstream through caching, enrichment or derived datasets
Our industries of sports, media and entertainment already operate this way for content rights and availability windows. Applying the same discipline to data is not a conceptual leap - it’s an operational one.
Until lifecycle rules are enforced by systems, AI will continue to use data that humans assume is no longer in play.
You can’t fix AI after the fact
One of the biggest misconceptions about AI governance is the belief that problems can be fixed afterwards.
They can’t.
Trying to correct AI is like trying to take an egg out of a baked cake. Once data has been accessed, learned from and propagated through multiple pipelines and models, control is largely gone. In modern AI workflows, systems routinely feed other systems, and sometimes themselves, making retroactive correction impractical at best.
This is why effective governance focuses on what happens before and during access, not after.
In practice, that means:
Preventing the wrong data from being used in the first place, through explicit classification, enforceable access rules and runtime authorisation - not reliance on policy or convention.
Being able to revoke or correct data at the source, with changes automatically respected by downstream systems, models and agents.
Ensuring lineage and propagation are understood, so organisations know where data has flowed and which systems are affected when something changes.
These controls don’t need to be complex, but they do need to be technical. Governance that exists only in documents cannot operate at AI scale.
If governance can’t be enforced by systems, it won’t scale, no matter how well written the policy is.
Strategy doesn’t have to mean paralysis
One of the reasons data strategy conversations stall is that “strategy” is often interpreted as a large, upfront organisational shift - new operating models, new governance structures, new everything.
In practice, that approach delays progress rather than enabling it.
Becoming AI-ready does not require a single, monolithic strategy programme. It requires pragmatic programmes of work that change how data behaves in the systems that matter most.
These typically start with:
Making a critical dataset consistently queryable through a robust API
Introducing enforceable access and lifecycle controls where none exist today
Standardising definitions and transformations in a high-impact domain
None of these require waiting for enterprise alignment. But together, they create momentum, and tangible progress towards AI-capable systems.
Organisations that move in this way make measurable strides. Those that wait for a perfect strategy often find themselves having the same conversations years later, with little to show for it.
For AI, readiness is built incrementally. Strategy follows progress, not the other way around.
What this means for leaders
A data strategy for AI isn’t about producing more policy documents.
It’s about whether data can be:
Queried reliably
Controlled at runtime
Audited end to end
Governed throughout its lifecycle
Organisations that treat data as infrastructure, not just as a by-product of applications are already unlocking more value from analytics, automation and generative AI. Those that don’t will keep wondering why AI never quite makes it into production.
AI doesn’t fail because organisations lack ambition.
It fails because the data strategy was never built for it - and progress stalls while organisations debate strategy instead of delivering change.
What does a data strategy for AI actually look like?
A short summary
Most organisations believe they are “doing data”. They have platforms, dashboards, pipelines and compliance frameworks.
Yet many still struggle to produce consistent metrics, trusted analysis or AI systems that work beyond experimentation.
In practice, many enterprise data strategies were never designed for AI, leaving organisations unprepared for machine-led access, governance and scale.
A data strategy for AI is not a document or a set of principles. It is an operating model that determines whether data can be queried, controlled, audited and governed at scale. Without it, AI initiatives don't get off the ground, not because the models fail, but because the foundations aren't there.
Across the industry, one idea is repeated so often it feels beyond question: to adopt AI successfully, organisations need a strong data strategy.
That statement is true. But it hides a more uncomfortable reality.
Most organisations don’t actually lack data platforms or tooling. What they lack is a cohesive enterprise data platform and strategy that is ready for AI. Instead, they operate a collection of siloed data systems that have evolved organically over time, each built to solve a local problem.
Some of this data flows upwards into BI tools, creating the impression that things are under control. But scratch the surface and familiar issues appear: inconsistent definitions, duplicated datasets, and errors that are known but never corrected because fixing them at source sits too low on the priority list.
The proof is everywhere, and despite years of investment, many organisations still struggle to answer basic questions with confidence. Metrics change depending on who runs the report. Trust lives in people, not in systems.
That isn’t the sign of a weak data strategy. It’s the sign that there isn’t one, and AI is exposing that very quickly.
AI doesn’t use data the way people do
Traditional data environments were built with people in mind. They assume human interpretation, contextual understanding and the ability to question or override results.
AI doesn’t work like that.
AI systems access data directly. They do it repeatedly, automatically and at scale. They don’t reconcile ambiguity, infer intent or pause when something feels off. Whatever they are given, they amplify, quickly and confidently.
This is why so many AI initiatives never escape experimentation. Dashboards look impressive. Proofs of concept show promise. But as soon as organisations try to operationalise AI - enabling query, prediction, enrichment or conversational access, the cracks start to show.
A data strategy for AI isn’t about aspiration. It’s about whether the technology and data platforms and structures can actually support machine-led consumption.
If your data doesn't agree on it's meaning, AI never will
When people talk about “structured data”, they often mean where data is stored. For AI, structure is about something else entirely: consistent meaning.
A usable source of truth requires:
Clear, enforced data models, with schemas that are explicit, versioned and validated
Predictable, traceable transformations, so the same input always produces the same output
Consistent, enterprise-wide definitions that don’t change depending on system, team or reporting context
When organisations run multiple platforms with loosely aligned schemas, AI doesn’t resolve the differences, it absorbs them. The result is AI that looks sophisticated on paper but behaves unreliably in practice.
When trust in AI erodes, it’s rarely because the model is wrong.
It’s because the data never agreed with itself.
AI fails when data can’t be queried at scale
AI can’t work with data it can’t reliably access.
That sounds obvious, but it’s one of the most common failure points. Many organisations technically “have” the data they need, but only expose it in very limited ways, often just enough to support front-end applications or visualisations.
That’s fine for dashboards. It’s not enough for evolved AI use cases.
AI use cases such as conversational query, prediction, enrichment and agent-driven workflows depend on:
High-frequency, automated access
Consistent performance under load
APIs designed as products, not afterthoughts
In practice, many organisations are barely scratching the surface of the value in the data they already hold.
Modern AI architectures, including agent frameworks and MCP-style access layers make this limitation very clear. Even the most advanced model is constrained by the weakest data interface it depends on. If access is brittle, everything downstream becomes fragile.
Corporate policy doesn’t control AI - systems do
AI systems don’t follow policy. They follow rules.
A practical data strategy for AI defines, in technical terms:
How data access is authenticated
How authorisation is enforced
How internal and external parties are handled
This is especially important because many AI interactions are machine-to-machine. Traditional corporate controls such as employee identity systems or 2FA often don’t apply. Token-based access, scoped entitlements and runtime enforcement are not edge cases, they are foundational.
This is also where many organisations overestimate their maturity.
A significant number work hard to achieve ISO and similar compliance standards. In principle, this should provide confidence. In practice, there is often a wide gap between documented policy and how systems actually behave.
Controls exist on paper, but are not consistently embedded into technology workflows. Enforcement relies on people following process rather than systems enforcing rules. That approach is fragile even in human-led environments. At AI scale, it breaks down entirely.
Compliance frameworks remain valuable, but only when their intent is translated into executable, technical controls. Without that translation, governance becomes an audit exercise rather than an operational safeguard.
If data isn’t explicitly classified, it isn’t governed
Governance frameworks often look robust on paper, but fall apart in practice because the data itself isn’t clearly identifiable.
For AI, classification cannot live in policy documents or spreadsheets. It has to be attached to the data in a way systems can act on.
In practice, that means data must be:
Explicitly classified, so sensitivity, usage constraints and risk are unambiguous
Machine-readable, allowing systems to make decisions without human interpretation
Governed through enforceable rules, not advisory guidelines
Whether classification is implemented through tags, labels, metadata or access policies matters less than consistency and enforcement. What matters is that classification directly influences what systems are allowed to do at runtime.
This is especially important in AI environments, where data is:
Queried dynamically
Combined and enriched across sources
Propagated into downstream models, caches and derived datasets
If classification does not travel with the data, and if systems cannot enforce it automatically, governance stops at the first integration point.
AI can respect boundaries - but only when those boundaries exist in code, not just in policy documents no system ever reads.
At AI scale, “we think this happened” isn’t good enough
As AI systems influence more decisions, organisations need to know what is actually happening inside their data and AI environments, not just what was intended to happen.
At AI scale, visibility has to move beyond logs that are checked after the fact. A credible data strategy provides continuous, machine-level audit capability across access and execution.
In practice, that means being able to answer:
Who accessed which data, whether human, system or agent
What was requested, including parameters, scope and purpose
Whether the request succeeded, failed or partially completed
How the system behaved under load, including latency, errors and degradation
This level of visibility is not just about compliance. It’s about confidence.
When an executive, customer or regulator asks, “Why did the system do this?”, the answer cannot rely on inference or reconstruction. It has to be grounded in evidence.
At scale, guessing isn’t good enough.
AI will use expired data unless you stop it
Data has a lifecycle, just like content or media rights.
Availability windows, licence constraints and contractual limits don’t enforce themselves. If AI systems are given clear, machine-readable rules about what data is valid, and for how long, they will respect them. If they aren’t, they will continue to use data long after it should have expired.
This is not an AI problem.
It’s a data controls problem.
In practice, time-bound data governance requires:
Explicit validity windows attached to data, not buried in contracts or policy documents
Runtime checks at the point of access, so expiry is enforced automatically rather than reviewed manually
Consistent behaviour across pipelines and models, ensuring expired data isn’t reintroduced downstream through caching, enrichment or derived datasets
Our industries of sports, media and entertainment already operate this way for content rights and availability windows. Applying the same discipline to data is not a conceptual leap - it’s an operational one.
Until lifecycle rules are enforced by systems, AI will continue to use data that humans assume is no longer in play.
You can’t fix AI after the fact
One of the biggest misconceptions about AI governance is the belief that problems can be fixed afterwards.
They can’t.
Trying to correct AI is like trying to take an egg out of a baked cake. Once data has been accessed, learned from and propagated through multiple pipelines and models, control is largely gone. In modern AI workflows, systems routinely feed other systems, and sometimes themselves, making retroactive correction impractical at best.
This is why effective governance focuses on what happens before and during access, not after.
In practice, that means:
Preventing the wrong data from being used in the first place, through explicit classification, enforceable access rules and runtime authorisation - not reliance on policy or convention.
Being able to revoke or correct data at the source, with changes automatically respected by downstream systems, models and agents.
Ensuring lineage and propagation are understood, so organisations know where data has flowed and which systems are affected when something changes.
These controls don’t need to be complex, but they do need to be technical. Governance that exists only in documents cannot operate at AI scale.
If governance can’t be enforced by systems, it won’t scale, no matter how well written the policy is.
Strategy doesn’t have to mean paralysis
One of the reasons data strategy conversations stall is that “strategy” is often interpreted as a large, upfront organisational shift - new operating models, new governance structures, new everything.
In practice, that approach delays progress rather than enabling it.
Becoming AI-ready does not require a single, monolithic strategy programme. It requires pragmatic programmes of work that change how data behaves in the systems that matter most.
These typically start with:
Making a critical dataset consistently queryable through a robust API
Introducing enforceable access and lifecycle controls where none exist today
Standardising definitions and transformations in a high-impact domain
None of these require waiting for enterprise alignment. But together, they create momentum, and tangible progress towards AI-capable systems.
Organisations that move in this way make measurable strides. Those that wait for a perfect strategy often find themselves having the same conversations years later, with little to show for it.
For AI, readiness is built incrementally. Strategy follows progress, not the other way around.
What this means for leaders
A data strategy for AI isn’t about producing more policy documents.
It’s about whether data can be:
Queried reliably
Controlled at runtime
Audited end to end
Governed throughout its lifecycle
Organisations that treat data as infrastructure, not just as a by-product of applications are already unlocking more value from analytics, automation and generative AI. Those that don’t will keep wondering why AI never quite makes it into production.
AI doesn’t fail because organisations lack ambition.
It fails because the data strategy was never built for it - and progress stalls while organisations debate strategy instead of delivering change.
What does a data strategy for AI actually look like?
A short summary
Most organisations believe they are “doing data”. They have platforms, dashboards, pipelines and compliance frameworks.
Yet many still struggle to produce consistent metrics, trusted analysis or AI systems that work beyond experimentation.
In practice, many enterprise data strategies were never designed for AI, leaving organisations unprepared for machine-led access, governance and scale.
A data strategy for AI is not a document or a set of principles. It is an operating model that determines whether data can be queried, controlled, audited and governed at scale. Without it, AI initiatives don't get off the ground, not because the models fail, but because the foundations aren't there.
Across the industry, one idea is repeated so often it feels beyond question: to adopt AI successfully, organisations need a strong data strategy.
That statement is true. But it hides a more uncomfortable reality.
Most organisations don’t actually lack data platforms or tooling. What they lack is a cohesive enterprise data platform and strategy that is ready for AI. Instead, they operate a collection of siloed data systems that have evolved organically over time, each built to solve a local problem.
Some of this data flows upwards into BI tools, creating the impression that things are under control. But scratch the surface and familiar issues appear: inconsistent definitions, duplicated datasets, and errors that are known but never corrected because fixing them at source sits too low on the priority list.
The proof is everywhere, and despite years of investment, many organisations still struggle to answer basic questions with confidence. Metrics change depending on who runs the report. Trust lives in people, not in systems.
That isn’t the sign of a weak data strategy. It’s the sign that there isn’t one, and AI is exposing that very quickly.
AI doesn’t use data the way people do
Traditional data environments were built with people in mind. They assume human interpretation, contextual understanding and the ability to question or override results.
AI doesn’t work like that.
AI systems access data directly. They do it repeatedly, automatically and at scale. They don’t reconcile ambiguity, infer intent or pause when something feels off. Whatever they are given, they amplify, quickly and confidently.
This is why so many AI initiatives never escape experimentation. Dashboards look impressive. Proofs of concept show promise. But as soon as organisations try to operationalise AI - enabling query, prediction, enrichment or conversational access, the cracks start to show.
A data strategy for AI isn’t about aspiration. It’s about whether the technology and data platforms and structures can actually support machine-led consumption.
If your data doesn't agree on it's meaning, AI never will
When people talk about “structured data”, they often mean where data is stored. For AI, structure is about something else entirely: consistent meaning.
A usable source of truth requires:
Clear, enforced data models, with schemas that are explicit, versioned and validated
Predictable, traceable transformations, so the same input always produces the same output
Consistent, enterprise-wide definitions that don’t change depending on system, team or reporting context
When organisations run multiple platforms with loosely aligned schemas, AI doesn’t resolve the differences, it absorbs them. The result is AI that looks sophisticated on paper but behaves unreliably in practice.
When trust in AI erodes, it’s rarely because the model is wrong.
It’s because the data never agreed with itself.
AI fails when data can’t be queried at scale
AI can’t work with data it can’t reliably access.
That sounds obvious, but it’s one of the most common failure points. Many organisations technically “have” the data they need, but only expose it in very limited ways, often just enough to support front-end applications or visualisations.
That’s fine for dashboards. It’s not enough for evolved AI use cases.
AI use cases such as conversational query, prediction, enrichment and agent-driven workflows depend on:
High-frequency, automated access
Consistent performance under load
APIs designed as products, not afterthoughts
In practice, many organisations are barely scratching the surface of the value in the data they already hold.
Modern AI architectures, including agent frameworks and MCP-style access layers make this limitation very clear. Even the most advanced model is constrained by the weakest data interface it depends on. If access is brittle, everything downstream becomes fragile.
Corporate policy doesn’t control AI - systems do
AI systems don’t follow policy. They follow rules.
A practical data strategy for AI defines, in technical terms:
How data access is authenticated
How authorisation is enforced
How internal and external parties are handled
This is especially important because many AI interactions are machine-to-machine. Traditional corporate controls such as employee identity systems or 2FA often don’t apply. Token-based access, scoped entitlements and runtime enforcement are not edge cases, they are foundational.
This is also where many organisations overestimate their maturity.
A significant number work hard to achieve ISO and similar compliance standards. In principle, this should provide confidence. In practice, there is often a wide gap between documented policy and how systems actually behave.
Controls exist on paper, but are not consistently embedded into technology workflows. Enforcement relies on people following process rather than systems enforcing rules. That approach is fragile even in human-led environments. At AI scale, it breaks down entirely.
Compliance frameworks remain valuable, but only when their intent is translated into executable, technical controls. Without that translation, governance becomes an audit exercise rather than an operational safeguard.
If data isn’t explicitly classified, it isn’t governed
Governance frameworks often look robust on paper, but fall apart in practice because the data itself isn’t clearly identifiable.
For AI, classification cannot live in policy documents or spreadsheets. It has to be attached to the data in a way systems can act on.
In practice, that means data must be:
Explicitly classified, so sensitivity, usage constraints and risk are unambiguous
Machine-readable, allowing systems to make decisions without human interpretation
Governed through enforceable rules, not advisory guidelines
Whether classification is implemented through tags, labels, metadata or access policies matters less than consistency and enforcement. What matters is that classification directly influences what systems are allowed to do at runtime.
This is especially important in AI environments, where data is:
Queried dynamically
Combined and enriched across sources
Propagated into downstream models, caches and derived datasets
If classification does not travel with the data, and if systems cannot enforce it automatically, governance stops at the first integration point.
AI can respect boundaries - but only when those boundaries exist in code, not just in policy documents no system ever reads.
At AI scale, “we think this happened” isn’t good enough
As AI systems influence more decisions, organisations need to know what is actually happening inside their data and AI environments, not just what was intended to happen.
At AI scale, visibility has to move beyond logs that are checked after the fact. A credible data strategy provides continuous, machine-level audit capability across access and execution.
In practice, that means being able to answer:
Who accessed which data, whether human, system or agent
What was requested, including parameters, scope and purpose
Whether the request succeeded, failed or partially completed
How the system behaved under load, including latency, errors and degradation
This level of visibility is not just about compliance. It’s about confidence.
When an executive, customer or regulator asks, “Why did the system do this?”, the answer cannot rely on inference or reconstruction. It has to be grounded in evidence.
At scale, guessing isn’t good enough.
AI will use expired data unless you stop it
Data has a lifecycle, just like content or media rights.
Availability windows, licence constraints and contractual limits don’t enforce themselves. If AI systems are given clear, machine-readable rules about what data is valid, and for how long, they will respect them. If they aren’t, they will continue to use data long after it should have expired.
This is not an AI problem.
It’s a data controls problem.
In practice, time-bound data governance requires:
Explicit validity windows attached to data, not buried in contracts or policy documents
Runtime checks at the point of access, so expiry is enforced automatically rather than reviewed manually
Consistent behaviour across pipelines and models, ensuring expired data isn’t reintroduced downstream through caching, enrichment or derived datasets
Our industries of sports, media and entertainment already operate this way for content rights and availability windows. Applying the same discipline to data is not a conceptual leap - it’s an operational one.
Until lifecycle rules are enforced by systems, AI will continue to use data that humans assume is no longer in play.
You can’t fix AI after the fact
One of the biggest misconceptions about AI governance is the belief that problems can be fixed afterwards.
They can’t.
Trying to correct AI is like trying to take an egg out of a baked cake. Once data has been accessed, learned from and propagated through multiple pipelines and models, control is largely gone. In modern AI workflows, systems routinely feed other systems, and sometimes themselves, making retroactive correction impractical at best.
This is why effective governance focuses on what happens before and during access, not after.
In practice, that means:
Preventing the wrong data from being used in the first place, through explicit classification, enforceable access rules and runtime authorisation - not reliance on policy or convention.
Being able to revoke or correct data at the source, with changes automatically respected by downstream systems, models and agents.
Ensuring lineage and propagation are understood, so organisations know where data has flowed and which systems are affected when something changes.
These controls don’t need to be complex, but they do need to be technical. Governance that exists only in documents cannot operate at AI scale.
If governance can’t be enforced by systems, it won’t scale, no matter how well written the policy is.
Strategy doesn’t have to mean paralysis
One of the reasons data strategy conversations stall is that “strategy” is often interpreted as a large, upfront organisational shift - new operating models, new governance structures, new everything.
In practice, that approach delays progress rather than enabling it.
Becoming AI-ready does not require a single, monolithic strategy programme. It requires pragmatic programmes of work that change how data behaves in the systems that matter most.
These typically start with:
Making a critical dataset consistently queryable through a robust API
Introducing enforceable access and lifecycle controls where none exist today
Standardising definitions and transformations in a high-impact domain
None of these require waiting for enterprise alignment. But together, they create momentum, and tangible progress towards AI-capable systems.
Organisations that move in this way make measurable strides. Those that wait for a perfect strategy often find themselves having the same conversations years later, with little to show for it.
For AI, readiness is built incrementally. Strategy follows progress, not the other way around.
What this means for leaders
A data strategy for AI isn’t about producing more policy documents.
It’s about whether data can be:
Queried reliably
Controlled at runtime
Audited end to end
Governed throughout its lifecycle
Organisations that treat data as infrastructure, not just as a by-product of applications are already unlocking more value from analytics, automation and generative AI. Those that don’t will keep wondering why AI never quite makes it into production.
AI doesn’t fail because organisations lack ambition.
It fails because the data strategy was never built for it - and progress stalls while organisations debate strategy instead of delivering change.
For more than a decade, Spicy Mango has been helping organisations navigate data strategy journeys - from fragmented, siloed environments to platforms that can genuinely support analytics, automation and AI at scale. We work with teams who are “doing data today”, but know they’re only scratching the surface of what their data could enable. If this article reflects challenges you recognise, or ambitions you’re struggling to unlock, we’d welcome a conversation. Whether you’re questioning your current data foundations or exploring what it would take to be genuinely AI-ready, get in touch with us at hello@spicymango.co.uk, give us a call, or use our contact form and we’ll take it from there.
For more than a decade, Spicy Mango has been helping organisations navigate data strategy journeys - from fragmented, siloed environments to platforms that can genuinely support analytics, automation and AI at scale. We work with teams who are “doing data today”, but know they’re only scratching the surface of what their data could enable. If this article reflects challenges you recognise, or ambitions you’re struggling to unlock, we’d welcome a conversation. Whether you’re questioning your current data foundations or exploring what it would take to be genuinely AI-ready, get in touch with us at hello@spicymango.co.uk, give us a call, or use our contact form and we’ll take it from there.
For more than a decade, Spicy Mango has been helping organisations navigate data strategy journeys - from fragmented, siloed environments to platforms that can genuinely support analytics, automation and AI at scale. We work with teams who are “doing data today”, but know they’re only scratching the surface of what their data could enable. If this article reflects challenges you recognise, or ambitions you’re struggling to unlock, we’d welcome a conversation. Whether you’re questioning your current data foundations or exploring what it would take to be genuinely AI-ready, get in touch with us at hello@spicymango.co.uk, give us a call, or use our contact form and we’ll take it from there.
For more than a decade, Spicy Mango has been helping organisations navigate data strategy journeys - from fragmented, siloed environments to platforms that can genuinely support analytics, automation and AI at scale. We work with teams who are “doing data today”, but know they’re only scratching the surface of what their data could enable. If this article reflects challenges you recognise, or ambitions you’re struggling to unlock, we’d welcome a conversation. Whether you’re questioning your current data foundations or exploring what it would take to be genuinely AI-ready, get in touch with us at hello@spicymango.co.uk, give us a call, or use our contact form and we’ll take it from there.
More insights you may enjoy
More insights you may enjoy
More insights you may enjoy
More insights you may enjoy
Stay on the journey - with some further related insights we think you may like.
Stay on the journey - with some further related insights we think you may like.
Stay on the journey - with some further related insights we think you may like.
Get in touch
Contact us - we don't bite
To get in touch, email hello@spicymango.co.uk, call us on +44 (0)844 848 0441, or complete the contact form below to start a conversation.
Get in touch
Contact us - we don't bite
To get in touch, email hello@spicymango.co.uk, call us on +44 (0)844 848 0441, or complete the contact form below to start a conversation.
Get in touch
Contact us - we don't bite
To get in touch, email hello@spicymango.co.uk, call us on +44 (0)844 848 0441, or complete the contact form below to start a conversation.
Get in touch
Contact us - we don't bite
To get in touch, email hello@spicymango.co.uk, call us on +44 (0)844 848 0441, or complete the contact form below to start a conversation.
Get in touch
Contact us - we don't bite
To get in touch, email hello@spicymango.co.uk, call us on +44 (0)844 848 0441, or complete the contact form below to start a conversation.