AI-Assisted Governance: Accelerating Data Quality with Human Oversight
Have you ever been tasked with ensuring the data quality of a new, critical data source? This begins the painstaking, manual ritual of writing boilerplate validation rules, such as null checks, regex patterns, and set validations, for hundreds of columns. It’s a process defined by mind-numbing repetition and a high risk of error.
For practitioners drowning in this manual toil, the promise of Generative AI to automate this process feels like the lifeline we’ve been waiting for.
But deploying AI-generated artifacts directly into production, especially those that define your data quality policies, is a high-risk maneuver.
Large Language Models (LLMs) like Gemini are exceptional at identifying statistical patterns and generating syntactically correct code. However, they are fundamentally unaware of the business context. They don’t know that the user_id field must be immutable, or that a 99% null ratio in the new_feature_flag column is expected because the feature launches next week.
The most robust approach to modern data governance isn’t replacing humans with AI. It’s adopting an AI-Assisted Governance strategy: leveraging AI for speed and scale, while enforcing a mandatory Human-in-the-Loop (HITL) validation within a “Policy-as-Code” framework. This approach treats the AI as an incredibly fast, but context-blind, virtual assistant whose work must always be reviewed before deployment.
The foundation: Policy-as-Code
Before introducing AI, the first step in modernizing governance is shifting away from UI-driven configurations. Manually clicking through interfaces to set up data quality rules doesn’t scale, isn’t version-controllable, and is prone to human error.
The alternative is “Policy-as-Code.” We define our data quality expectations (e.g., Non-Null constraints, accepted value sets, expected ranges) in declarative configuration files, typically YAML.
# Example Dataplex DQ Rule Structure
rules:
- rule:
# Rule 1: Ensure the platform is one of the expected types
setExpectation:
values:
- WEB
- IOS
- ANDROID
column: platform
dimension: VALIDITYThis approach allows governance policies to be treated like any other software artifact. They can be stored in Git, reviewed via pull requests, and deployed automatically through CI/CD pipelines using tools like the gcloud CLI or client libraries.
The AI accelerator: From statistics to suggestions
The challenge with policy-as-code is the sheer volume of boilerplate required. This is where Generative AI excels. The AI-assisted workflow transforms the tedious manual process into a streamlined, developer-centric one:
- Data profiling: An automated data profiling job, using a tool like Dataplex Universal Catalog, is run against the target table. This generates a rich, machine-readable JSON file containing statistical metadata.
- AI analysis and planning: This statistical profile is fed into an LLM. Crucially, the AI is prompted to first propose a structured plan for the quality rules, justifying its reasoning.
- Collaborative refinement (HITL Checkpoint): The human expert reviews, corrects, and approves the plan.
- Validated rule generation: The LLM is instructed to generate the compliant YAML file based on the human-approved instructions.
The importance of interactive assistance
A core tenet of AI-Assisted Governance is avoiding “one-shot” generation. Requesting a complex configuration file in a single prompt is unreliable due to the non-deterministic nature of LLMs.
A more reliable method is an interactive, multi-step process. By asking the AI assistant to propose a plan first, the interaction transforms from a blind command into a collaborative dialogue. This methodology significantly reduces the risk of errors and ensures the AI’s output is aligned with expert knowledge before any code is written.
The AI automates the tedious translation from statistical fact to declarative code, potentially generating an 80% complete data quality configuration in seconds.
The critical control point: Why HITL isn’t optional
The YAML generated by the AI looks complete. It’s well-formatted and statistically sound. It is incredibly tempting to just deploy it.
Don’t.
This is the most crucial junction in the entire workflow. The HITL review is not a “nice-to-have”; it is the essential safety mechanism that transforms AI-driven governance from a risky experiment into an enterprise-grade practice.
Think of the AI-generated YAML as a pull request submitted by an exceptionally fast, but inexperienced, virtual assistant. It requires a thorough review by a senior expert, like you, before it can be merged into the “main branch” of your governance policy. Here’s why this review is indispensable:
1. Contextual validation: The AI lacks business awareness
The AI’s analysis is strictly limited to the statistical patterns observed within a snapshot of the data. It cannot infer external business knowledge or intent.
- The LLM sees: A column discount_code has a 95% null ratio.
- The LLM suggests: Ignoring this column, as it’s mostly empty.
- The Human knows: This column is critical for Black Friday sales. When populated, it must follow a specific regex pattern (e.g., BFCM-[A-Z0–9]{5}).
The human expert must apply this critical business context to the AI’s statistical suggestions, overriding or augmenting them as necessary.
2. Guarding against “Confidently wrong”
LLMs can hallucinate or generate subtly incorrect code. It might generate a YAML file with a correctly named rule but an invalid parameter, or it might misspell a complex rule type (a syntactic error). More dangerously, it can produce semantically flawed rules, YAML that is technically valid according to the schema but enforces incorrect or outdated business assumptions.
These subtle errors might pass initial linting but can cause significant operational issues, from false alerts to undetected data corruption at runtime. The human reviewer acts as the ultimate schema and logic validator.
3. The risk of overfitting to the sample
If the AI analyzes a small or skewed data sample, it can generate rules that are statistically valid for that sample but disastrous in production.
- The LLM sees: The transaction_amount in the sample data ranges from $10 to $500.
- The LLM suggests: A rangeExpectation rule of 10–500.
- The Human knows: The business regularly processes transactions up to $10,000.
Deploying the AI’s suggestion would flood the operations team with thousands of false-positive alerts, leading to alert fatigue and causing real issues to be missed. The human reviewer must assess the downstream impact and risk of every suggested rule.
The power of AI-assisted governance
This emphasis on human oversight does not diminish the value of the AI. It reframes the nature of the work.
Without AI, a data engineer spends hours writing complex SQL profiling queries (COUNT DISTINCT, AVG, MIN, MAX for every column), analyzing the results, and hand-writing YAML boilerplate.
With AI, the engineer can immediately focus on the highest-value tasks: applying critical business context, validating the logic, and making strategic decisions about what truly matters.
In this partnership, the AI handles the “What” (What are the statistical patterns?), freeing up the human to focus on the “Why” (Why is this pattern important to our business?) and the “So What” (So what should our policy be?). In an effective AI-Assisted Governance strategy, Generative AI doesn’t replace the governance loop; it makes each cycle through the loop faster, smarter, and significantly more impactful.
But this partnership can be evolved even further. What if the input for the essential human review could be made even more robust? This leads to a more advanced workflow: AI Creates → AI Validates → Human Validates. Imagine a second, specialized AI agent, acting as a “first-pass reviewer.” Its prompt could be continuously engineered with institutional knowledge.
For instance, returning to our discount_code example, this validator AI could be explicitly instructed: “Always flag columns with a null ratio over 90% for human review, and suggest a placeholder rule, rather than ignoring the column.” It could also perform rigorous checks against a known library of common syntax errors or outdated business logic. This doesn’t eliminate the need for Human-in-the-Loop; it supercharges it. By automating the first layer of validation, it frees the human expert to focus exclusively on the highest level of strategic and contextual oversight, ensuring the final policy is not just statistically sound, but business-proof.
Try it yourself
Ready to implement this “code-first” governance workflow? We’ve put together a hands-on codelab that walks you through the technical implementation on Google Cloud.
You’ll learn how to programmatically profile BigQuery data, use the Gemini CLI to generate data quality rule suggestions based on the profile, validate those rules using the HITL process, and deploy an automated Dataplex quality scan.
