Lilly Tech Systems
Advanced
Federated Computational Governance
In data mesh, governance is federated — global policies are defined collaboratively by domain representatives and enforced automatically through the platform. This balances domain autonomy with enterprise-wide interoperability and compliance.
Federated vs. Centralized Governance
| Aspect | Centralized | Federated (Data Mesh) |
|---|---|---|
| Policy definition | Central governance board | Collaborative group of domain representatives |
| Policy enforcement | Manual reviews, approvals | Automated through the platform |
| Decision authority | Central team decides | Domains decide within guardrails |
| Speed | Slow, bottlenecked | Fast, self-service within policies |
| Flexibility | One size fits all | Domain-specific policies within global standards |
Global Policies
These policies must be consistent across all domains:
- Data classification standards: Consistent sensitivity labels (public, internal, confidential, restricted)
- Interoperability standards: Shared data formats, identifier conventions, and access protocols
- Quality baselines: Minimum quality thresholds all data products must meet
- Security requirements: Encryption, access logging, and retention policies
- Regulatory compliance: GDPR, CCPA, industry-specific requirements applied uniformly
Computational Governance
The key innovation of data mesh governance is making policies executable code rather than documents:
- Policy-as-code: Express governance rules as automated checks that run in CI/CD pipelines
- Automated compliance: Data products cannot be published unless they pass governance checks
- Continuous monitoring: Platform continuously validates that deployed data products remain compliant
- Audit automation: Generate compliance reports automatically from platform metadata
Implementation approach: Start with a small governance group (3-5 domain representatives plus platform team). Define the minimum viable set of global policies. Automate enforcement in the platform. Expand policies iteratively based on actual problems, not hypothetical risks.
AI-Specific Governance in Data Mesh
- Training data approval: Automated checks that data products used for ML training comply with consent and purpose-limitation policies
- Bias detection: Platform-provided tools for domain teams to assess bias in their data products
- Model-data provenance: Automatic tracking of which data product versions were used to train models
- Cross-domain feature policies: Rules governing how features from different domains can be combined