A $2 trillion revenue shift hinges on AI data governance

Across large enterprises, a single question keeps surfacing when teams want to put customer data to work. Can this record be used for a given purpose, and does the consent behind it still hold? The data sits in warehouses and customer databases, and the ability to answer that question often lags behind. That delay carries a cost.

Many enterprises have seen AI initiatives stall over the past year, and the ones stalling most often carry the highest revenue potential: AI-driven marketing, data monetization, personalization, and cross-brand analytics. These are the projects that justify AI spending to the board, so a stall in one of them makes the case for the next investment harder.

Where the time goes

The drag shows up inside engineering teams. A large share of the hours inside AI initiatives goes to data infrastructure repair, consent compliance, and governance workarounds, leaving a smaller slice for building and improving the product itself. Weak consent and preference management also exposes companies to regulatory action, consumer lawsuits, and mass opt-outs.

A structural cause

The root cause sits in architecture. For a decade, enterprises captured consent at the point of collection, stored it in the CRM, and trusted the rest of the stack to respect it. That model worked when data moved slowly and AI sat outside the picture. The model breaks down once data moves at machine speed.

The gap lives between access and usage. Security answers whether a system can reach data. Privacy answers whether a system can use it. A user can download a file or feed a dataset into a model without breaking any access control and still break the promise the business made to the customer who owns the data. With agentic AI pulling and processing records on its own, capture at the point of collection and after-the-fact auditing leave that gap open. Legacy consent and preference tools sit upstream, away from the warehouse, feature store, model pipeline, and agent runtime where data gets consumed.

Encoded governance

Transcend defines a category it calls Encoded AI Governance. The approach embeds permission logic directly in the data path, so a pipeline, model API, or agent runtime allows or denies an operation at the moment a system attempts to use the data. The logic covers what data can be used, for what purpose, under what conditions, and on whose authority, and it runs at the point of use.

“Governance will never work until the permissions and business rules are encoded into the systems that process customer data,” said Ben Brook, Transcend’s CEO and co-founder.

The distinction separates two things that often share the same name. Policies, model cards, and audit logs describe what should happen and record a violation after the fact. Executable controls in the data path determine what does happen and deny an operation before the data leaves the store. Most enterprises hold the first kind and lack the second.

A phased path

Companies moving in this direction tend to start by mapping where consent signals originate and which tools act as systems of record. From there they unify those signals into one decisioning layer, move enforcement from review queues into runtime, and reuse the same permission logic as they add brands, regions, and AI use cases. The path produces value before it is complete, and early wins often come from surfacing hidden trackers and data flows that a prior tool missed.

Several large companies have already deployed the approach across retail media, telecom, and AI services, unifying consent across many business entities and automating privacy requests at scale. The stakes behind the work are large. Industry research projects that $2 trillion in revenue will shift toward personalization leaders over the next five years, and the companies that activate permissioned data first stand to capture it.

Download: The IT and security field guide to AI adoption