Artificial intelligence is growing at a rapid pace in Italian companies, but the rush to adopt technology has left a fundamental prerequisite behind: data governance. This article explores what industrial data governance truly means and why its absence is now the leading cause of failure for AI initiatives in production.
We begin with the Italian context, where the dichotomy between rapid adoption and lagging governance is stark, and then analyze the European regulatory framework (Data Governance Act, Data Act, and AI Act) that is transforming governance from a best practice into a progressively binding requirement. We examine the investment strategies of the most advanced companies, the critical issues that remain unresolved, and a four-step operational roadmap—inspired by Lean Thinking—to implement governance in an incremental and measurable way. In closing, we reflect on how well-governed data serves as the strategic enabler of servitization and competitive advantage in the industry of the future.
In 2025, the artificial intelligence market in Italy reached 1.8 billion euros, with growth of +50% in a single year. During the same period, 71% of large companies had already launched at least one active AI project. Yet only 9% of those same companies can claim to have structured AI governance processes—and only 24% say they are satisfied with the quality of their data.
This is not a paradox: it is an accurate snapshot of what happens when you move faster than your ability to control the situation. And in a manufacturing context—where data is generated by machines, sensors, ERP, MES, and SCADA systems with different standards and diverse origins—this gap between adoption and governance becomes a concrete operational risk, even before it becomes a compliance issue.
In the book “25 Years of Lean Thinking, Italian Style," Michele Bonfiglioli writes a sentence that serves as a manifesto: "All these tools are worthless without a reliable database and centralized governance. Without consistent data, any system becomes a mere facade." This article expands on that insight: what industrial data governance is, where the most advanced companies are investing, what the organizational bottlenecks are, and which European regulatory framework is reshaping the rules of the game for the manufacturing industry.
Industrial data governance is an organizational discipline, not a technology. It is not the same as purchasing a data catalog, installing a data lake, or deploying a master data management platform. It is a set of policies, roles, processes, and standards that define who owns the data, who ensures its quality, how it is classified, who can access it, and, above all, who is accountable when something goes wrong.
In production, this translates into concrete questions: Do the efficiency data coming out of the MES and those going into the ERP tell the same story? If a plant operator and an analyst at headquarters look at the same line indicator, do they see the same number? When a supplier sends quality data for a batch, is it integrated consistently with the assembly process data, or does it end up in a separate Excel spreadsheet?
If the answer is “it depends,” ’not always," or "I don’t know," industrial data governance is an unresolved issue. And as Bonfiglioli Consulting’s experience with digital transformation projects confirms, this issue is among the leading causes of failure for AI and analytics initiatives: not because the algorithms are flawed, but because the data they rely on is not properly governed.
One of the most common forms of digital waste in manufacturing companies is data redundancy: the same information replicated across multiple systems with different definitions, asynchronous updates, and no single authoritative source. Michele Bonfiglioli explicitly identifies this as one of the "digital muda"—the new forms of waste in the era of the connected industry: automating a useless activity means digitizing waste; replicating inconsistent data across multiple platforms means amplifying the error.
The breaking point is organizational rather than technical. It requires the definition of three roles that are still missing in most companies: the data owner (responsible for data at the domain or process level), the data steward (operationally responsible for day-to-day quality), and the data product owner (responsible for using that data as a business asset). According to research by the MIT Sloan Management Review, organizations that assign formal data ownership achieve significantly better results in analytics and AI projects than those that treat governance as a secondary IT activity, and they identify clarity of roles as the primary enabling factor—even before technological tools.
This alignment between organizational responsibility and data quality is precisely what Bonfiglioli Consulting’s Lean World Class® model applies to the digital domain as well: first, operational responsibilities are structured; then digitization takes place—never the other way around.
Italy exhibits a significant duality. In terms of technology adoption, ISTAT 2025 data show that 38.1% of companies with at least 10 employees have reached a high or very high level of digitization, with manufacturing among the sectors most active in investing in IoT, automation, and robotics. When it comes to governance, the picture is more fragile.
The Artificial Intelligence Observatory at the Politecnico di Milano notes that, despite an AI market that grew by 50% in 2025, only 9% of large Italian companies have structured AI governance processes. 54% are in the process of establishing such frameworks, though without defined timelines. 19% of workers report using only company-approved AI tools—which means that the vast majority use unmonitored tools, with company data circulating outside any governance framework. In the manufacturing sector, where data pertains to processes, design, and the supply chain, this lack of control poses a real risk.
Added to this is data from the Data Management Observatory at the Politecnico di Milano: only 24% of Italian companies report being satisfied with the quality of their data, with many falling below average in terms of governance and the ability to calculate the business value of their information assets. Investing in sensors, MES, and IoT platforms without establishing data quality governance is, to use the metaphor from the book *25 Years of Lean Thinking, Italian Style*, like building a sophisticated navigation system on a map riddled with errors.
In just a few years, Europe has established a regulatory framework that transforms data governance from a best practice into a progressively binding requirement. For manufacturing companies, three measures define the scope of action.
The Data Governance Act (DGA), effective as of September 2023, establishes the conditions for secure and trustworthy data sharing among companies, sectors, and EU countries. It introduces the role of certified data intermediaries and creates the framework within which sector-specific Data Spaces are built—controlled sharing spaces that allow industrial supply chains to collaborate on data without losing control over their information.
The Data Act, effective as of September 2025, introduces a fundamental principle for connected factories: anyone who generates data through IoT devices and connected machinery has the right to access that data and share it with third parties under fair conditions. This redefines the relationship between machine manufacturers and users: a manufacturing company that uses connected equipment can claim access to operational data, even when the machine manufacturer would prefer to retain it for commercial reasons. This is a turning point that, if properly leveraged, opens up new possibilities for optimization and servitization.
The AI Act, the world’s first law on artificial intelligence, sets forth specific data governance requirements for high-risk AI systems in Article 10: datasets must be documented, verified, representative, and free of critical biases, with management practices that ensure integrity and relevance. Full enforceability for high-risk systems took effect in August 2026. For companies using AI in critical manufacturing contexts—predictive maintenance, automated quality control, production planning—compliance can no longer be postponed.
Investment priorities in industrial data governance for the 2025–2026 period focus on three main areas.
Governance embedded in operational workflows. The traditional model—governance as a separate layer, often managed by IT as a post-hoc audit activity—is giving way to an approach in which rules for data quality, classification, and access are incorporated directly into workflows. The principle is that governance that is not continuous is not governance: quality controls must take place at the moment the data is generated or transformed, not downstream. The global data governance market, valued at $4.60 billion in 2026, is growing at a CAGR of 16% through 2031, with Europe recording the highest rate—estimated at 20% annually—and Germany as the dominant market on the continent. These figures do not merely reflect software growth; they signal a growing awareness that industrial data is a strategic asset requiring the same level of oversight as that applied to physical facilities.
Data Space for Manufacturing. The European Commission’s Digital Europe program has funded the creation of industrial data spaces dedicated to manufacturing, with grants of up to 3 million euros per project, designed to enable companies to share data along the supply chain—among OEMs, suppliers, service providers, and customers—while maintaining control over the sovereignty of their own information. The Gaia-X framework provides the technical architecture to build these spaces in a federated and interoperable manner, based on principles of self-description, sovereignty, and verifiable trust. For Italian manufacturing SMEs, participation in these data-sharing ecosystems is not just a technological opportunity: it is a competitive advantage within the European supply chain.
AI Data Governance. As the number of AI projects in production increases, the specific governance of the data used to train and validate models becomes a priority in its own right. This includes managing the provenance of training data, documenting biases, ensuring the traceability of dataset versions, and certifying the quality of inputs. In a manufacturing company that uses predictive models for quality or maintenance, ungoverned training data can lead to incorrect automated decisions—and to liability that is difficult to assign after the fact.
System silos. ERP, MES, PLM, CRM, and SCADA systems speak different languages, with misaligned definitions of the same entities: order, product, machine downtime, defect, and batch. The result is digital silos—that is, systems that manage data related to the same process but lack a shared model—forcing manual reconciliations, which waste time and amplify errors.
Lack of clear ownership. When no one is formally responsible for a piece of data, that data gradually deteriorates. Empty fields, outdated values, and non-standardized codes accumulate without anyone having the mandate or incentive to correct them. Data governance requires a formal assignment of responsibility, with clear roles and measurable KPIs.
Reactive rather than preventive governance. Most companies discover data quality issues when they launch an AI or advanced analytics project—that is, when it is too late to clean up the data in a timely manner without compromising the project. Integrating quality controls into daily operational processes is still rare but crucial for the sustainability of any advanced digital initiative.
Shadow AI as a new governance risk. An increasingly critical issue is Shadow AI: the use of artificial intelligence tools not approved by the company—often via personal accounts or external services—which introduces untraceable data flows and renders traditional governance ineffective. This is not merely a cybersecurity issue: when technical documents, process data, commercial information, or industrial know-how are entered into tools outside the company’s perimeter, the company loses control over where that data ends up, who processes it, and what confidentiality safeguards are in place. In this sense, Shadow AI is a form of silent erosion of the single source of truth and compels industrial data governance to oversee not only systems and platforms but also everyday usage behaviors.
Current Italian Regulatory Developments. Recent implementing decrees on AI confirm that the governance of artificial intelligence is now not only a technological issue but also one of organization and accountability. The message coming from the Italian regulatory framework is clear: AI must be governed through an integrated system encompassing compliance, cybersecurity, data protection, supplier oversight, training, documentation, and traceability. For manufacturing companies, this means that data governance is no longer merely a supplementary component of digital projects, but a prerequisite for legitimacy and operational continuity.
Difficulty in demonstrating value. Data governance is an investment with returns that are not immediately visible, which makes it vulnerable to budget cuts. Building a narrative of value—how much does incorrect data cost in a production decision, how much is reliable data worth in a servitization contract—is a managerial skill that remains underdeveloped.
Compliance and governance as separate silos. In many organizations, data management is entrusted to the legal/compliance department for GDPR reasons, separate from the operational governance of industrial data. With the AI Act directly linking data quality to the legal liability of the AI system that uses it, these two dimensions can no longer coexist in silos: they must converge into a single, integrated framework.
Lean Thinking—which Bonfiglioli Consulting has been applying for over 25 years in manufacturing operations—also offers a fundamental operating principle for data governance: first, eliminate waste; then, standardize; and finally, continuously improve. Applied to data, this means not starting with an 18-month enterprise-wide program, but rather with an incremental approach focused on measurable value right from the first cycle.
The process consists of four sequential steps. The first is mapping critical domains: identifying which data are essential for the most important decisions—product quality, line efficiency, supplier reliability, and planning accuracy. The second step is defining minimum quality standards for those domains: completeness, accuracy, timeliness, and consistency—calibrated to the level sufficient for the decisions that data must support, not to an ideal of statistical perfection.
The third step is the formal assignment of ownership: for each critical domain, who is the data owner? Who is the data steward? The answer must be specific to an individual, with measurable quality KPIs and visibility in reporting. The fourth step is building a minimal data catalog: an inventory of data assets with metadata, source, update frequency, owner, and certified quality level. Discipline matters more than the tool: a well-governed shared registry produces more value than a sophisticated but neglected platform.
Operational metrics for monitoring maturity over time include: the data quality score by domain (percentage of records compliant with defined rules), the average time to resolve a data anomaly from detection to correction at the source level, and the percentage of critical decisions supported by certified data. These indicators transform governance from an abstract activity into a measurable process, with visibility in operational reporting.
Industrial data governance is not merely a factor in internal efficiency. It is also the strategic enabler of the business model that the book "25 Years of Lean Thinking, Italian Style" identifies as the competitive frontier of Industry 5.0: servitization. Companies that no longer sell just products, but "performance as a service"—guaranteed plant availability, certified output quality, energy efficiency as part of an SLA—need governed data not only within the factory, but throughout the entire value chain, including the end customer.
This broadens the scope of governance: from internal data to data flowing between the company and customers through connected machinery, predictive platforms, and service level agreements. The value of data increases when it is shared securely and in a governed manner—and this is the promise of European industrial Data Spaces, where trust in the quality and provenance of shared data is the prerequisite for building ecosystems of competitive collaboration.
Walter Caiumi, an entrepreneur at Voilàp Group, sums up this direction precisely: "We’ve learned to look beyond our direct customer to understand the end user’s behaviors and needs." Understanding the end customer means having reliable data on what happens after the sale. Data that, without governance, never arrives—or arrives too late and in too poor a state to be useful.
Companies that establish organizational data governance before it becomes a regulatory requirement gain an advantage in multiple areas: faster and more reliable decision-making processes, more robust AI that complies with the AI Act, stronger digital partnerships throughout the supply chain thanks to the Data Act, and the ability to offer business models based on certified information quality.
At Bonfiglioli Consulting, we help manufacturing companies build this organizational foundation—processes, data, people—as a concrete prerequisite for any digital or AI initiative. Because, as Lean Thinking teaches us: first, eliminate waste; then, create value. In the digital world, the first form of waste to eliminate is data that no one manages.
Would you like to assess the maturity level of data governance in your company? Contact the Bonfiglioli Consulting team for a personalized assessment.
It is an organizational discipline—not a technology—that defines who owns the data, who ensures its quality, how it is classified, and who can access it. It’s not just about purchasing software or setting up a data lake: it’s a set of policies, roles, and processes that ensure data is reliable and governed throughout the entire operational chain.
Because even the most sophisticated algorithm will produce incorrect results if the data it processes is not properly governed. The primary cause of failure for AI projects in production is not the technological tools themselves, but the quality and consistency of the input data. Without governance, AI remains merely a promise.
Three roles are essential and still missing in most companies: the data owner, responsible for data at the domain or process level; the data steward, responsible for day-to-day quality assurance; and the data product owner, responsible for using data as a business asset.
Europe has established a regulatory framework that transforms governance from a best practice into a mandatory requirement. The Data Governance Act regulates the secure sharing of data across companies and sectors. The Data Act guarantees manufacturing companies the right to access data generated by their connected machinery. The AI Act imposes specific data governance requirements for high-risk AI systems, with full enforceability beginning in August 2026.
It refers to the use of artificial intelligence tools not approved by the company—often via personal accounts or external services—which introduces untraceable data flows outside any scope of control. When process data, technical documents, or industrial know-how are entered into tools outside the company’s control, the company loses control over where that data ends up and what confidentiality safeguards are in place.
With a four-step incremental approach: map the data domains critical to the most important decisions, define minimum quality rules for those domains, formally assign ownership with measurable KPIs, and build a minimal data catalog with metadata, source, and certified quality level. Discipline is more important than the tool itself: a well-governed shared registry is better than a sophisticated platform that’s been abandoned.
ai translated