Article
Jan 26, 2026

Trust at scale: Why data governance is becoming core infrastructure for AI

A Conversation with Cisco Chief Legal Officer Dev Stahlkopf on the 2026 Data and Privacy Benchmark Study.
Trust at scale: Why data governance is becoming core infrastructure for AI

Privacy, AI, data governance, and security are no longer separate conversations.

In the age of AI, they are converging around a single requirement: trust.

That convergence defines the findings of Cisco’s 2026 Data and Privacy Benchmark Study. Now in its ninth year, the global research reflects insights from more than 5,200 privacy, IT, and security professionals across 12 countries, offering one of the most comprehensive views yet into how organizations are adapting their privacy and data governance strategies as AI accelerates.

To explore what these findings mean for leaders today, we spoke with Dev Stahlkopf, Cisco’s executive vice president and chief legal officer, about the study’s most important insights and the evolving role of trust in enterprise AI.

 

Dev, what stands out most to you in this year’s Data and Privacy Benchmark Study?

AI is forcing organizations to think much more holistically about all the data they use and how it’s governed across the enterprise.

And organizations are backing that shift with real investment. Ninety percent have expanded their privacy programs because of AI, 43% increased spending in the past year, and 93% plan to invest more in privacy and data governance over the next two years. And those investments are delivering results: 99% of organizations report measurable benefits, from faster innovation and greater efficiency to stronger customer trust.

As a result, privacy is taking on a very different role inside organizations. It’s becoming less about a single team or a narrow compliance obligation, and more about how data is managed, shared, and protected as AI scales. Companies that are building this discipline into their data practices early are finding they can move faster with AI — with more confidence, consistency, and trust.

The study suggests AI ambition still outpaces readiness. Where is the gap?

Organizations are investing and moving quickly, but many are still working through what effective data and AI governance looks like in practice.

There’s a clear shift from reactive, compliance-driven approaches toward building real capability. Thirty-eight percent of companies spent more than $5 million on privacy in the past year, a sharp increase from last year, which reflects genuine commitment. At the same time, governance approaches are still emerging. Some organizations are creating formal governance bodies, others are adapting existing structures, and many are still clarifying roles, decision making, and accountability. That shows up in the data: while three in four organizations report having a dedicated AI governance body in place, only 12% describe these structures as mature.

This is a familiar moment for organizations navigating major technology change. It also mirrors what we see in Cisco’s AI Readiness Index. Leaders know governance matters. The harder work is translating that understanding into scalable, day-to-day practices that can keep pace with fastmoving, data-driven environments.

Transparency is also a major theme this year. Why has it become so critical?

Our study shows that 46% of organizations say clear communication about how data is collected and used is the most effective way to build customer confidence, ranking well ahead of compliance alone or even breach prevention.

As AI becomes embedded in everyday services, customers want understanding, not just assurances. Organizations that can clearly explain how data flows through AI systems are seeing greater willingness from customers to engage, share data, and adopt AI-driven solutions.

There’s also a regulatory dimension reinforcing this shift. Emerging regulations, including the EU Data Act and the EU AI Act, give individuals explicit rights to transparency and explainability around data use. Taken together, customer expectations and regulatory requirements are pointing in the same direction: organizations need a clear view of their data and how it’s used. Data readiness is no longer optional — it’s foundational to building trust and deploying AI responsibly at scale.

AI is dramatically increasing demand for data. How is that changing what organizations need to know about their own data?

The study makes clear that AI doesn’t just increase data volume, it exposes gaps in data visibility and control. Two thirds of organizations struggle to access high‑quality data efficiently, and many acknowledge risks tied to proprietary or customer data being used in AI systems.

To deploy AI responsibly, organizations need a much deeper understanding of their data: its origin, classification, quality, and permissions. That means investing in data tagging, stewardship, and clear ownership models. Without that foundation, organizations either take unnecessary risk or resort to blunt restrictions that ultimately slow innovation.

Data localization continues to be a pressure point globally. What did the study reveal this year?

Eighty‑five percent of organizations say data localization adds cost, complexity, and risk to cross‑border service delivery, particularly for global companies.

While 86% still associate local storage with greater security, 82% of multinational organizations now believe global‑scale providers are better positioned to manage and secure cross‑border data flows.

The focus is shifting from where data lives to how it’s protected. Frameworks that support secure, interoperable data flows—while respecting national sovereignty—are increasingly critical to sustaining innovation at scale. Oliver Tuszik, Cisco’s chief sales officer, has shared Cisco’s approach to digital resilience and how we are helping organizations balance agility and innovation with enhanced control over their digital infrastructure and data.

As AI systems become more autonomous, how does that change governance expectations?

Greater autonomy raises the stakes. With agentic AI, governance must extend beyond individual models to workflows, decision‑making, and escalation paths.

Many organizations are adapting existing frameworks by adding oversight, controls, and accountability mechanisms to manage more autonomous systems. As AI capabilities expand, privacy and data governance become more operational and more central to AI readiness.

What’s the single most important takeaway for leaders reading this year’s report?

Trust is no longer just about risk management: it’s a growth strategy.

The organizations succeeding with AI are those investing in strong data governance, transparency, and accountability. Privacy isn’t a barrier to innovation. It’s the infrastructure that makes trustworthy innovation possible.

Related Content

For a great holiday: mistletoe, menorahs, and observability
For a great holiday: mistletoe, menorahs, and observability
Splunk’s Mimi Shalash on seamless shopping experiences, secure supply chains, and digital resilience — through the festive season and beyond.
Observability
Dec 17, 2025
Cisco Reports First Quarter Earnings
Cisco Reports First Quarter Earnings
Cisco reported first quarter revenue of $14.9 billion, net income on a generally accepted accounting principles (GAAP) basis of $2.9 billion or $0.72 per share, and non-GAAP net income of $4.0 billion or $1.00 per share.
Earnings
Nov 12, 2025
Introducing Cisco’s integrated AI Security and Safety Framework: The new baseline for AI security
Introducing Cisco’s integrated AI Security and Safety Framework: The new baseline for AI security
Learn about Cisco's holistic effort to classify, integrate, and address all AI risks—from adversarial threats to governance and ecosystem challenges.
Artificial Intelligence
Dec 16, 2025
Back to Top