.svg)
Without Data Standardization And Lineage Controls, AI Projects Could Sink In Regulated Industries
José Freitas, Lead Enterprise Architect at IATA, broke down why data context, lineage, and digitalization determine whether AI delivers or stalls.
Organizations frequently encounter a brick wall with generative AI deployments when they layered advanced models onto uncurated legacy data architectures.
José Freitas, Senior Enterprise Architect at the International Air Transport Association, explained that companies often fail because they skipped foundational digitalization and master data management.
IT teams sometimes rush to adopt AI capabilities without a clear enterprise strategy, which leads to chaotic sprawl and security risks from unauthorized agents.
When organizations layer advanced generative AI models over uncurated legacy data architectures, deployments usually hit a brick wall. Teams build promising proofs of concept in isolated sandboxes, but moving those experiments into production exposes the messy reality of enterprise code, and the efforts end up in pilot purgatory. In many cases, the primary barrier isn't technical capability but rather skipped groundwork, including weak master data management and incomplete digitalization. Organizations treat closed-environment experiments as production-ready programs. Once the pilot budget runs out and teams realize they lack the curated data needed for an enterprise model, the work remains a one-off experiment.
José Freitas has spent over 15 years navigating the friction between technological hype and architectural reality. Currently serving as a Lead Enterprise Architect at the International Air Transport Association (IATA), he specializes in designing scalable, secure solutions for highly regulated environments. Having previously held senior architecture roles at Deloitte and IBM, Freitas is building IATA's architecture community from the ground up, giving him a frontline view of where enterprise deployments succeed and exactly where they break down. "Your effort is about digitalization. Structuring your data, putting data on top, the definition of data objects, all the things that go before that. Because even if you need to run an AI model, you need to contextualize," said Freitas.
For many organizations, the unglamorous discipline of Master Data Management remains a major stumbling block. In regulated sectors such as aviation and healthcare, many leaders view regulator-proof environments as a baseline requirement. In these settings, even an approximate answer from a hallucinating model can raise compliance concerns that demand clear guardrails and human judgment. Yet some companies push ahead anyway, forcing AI into environments that lack basic data lineage and treating foundational architecture as a skippable step. Homegrown, bespoke systems often lack the inherent structure and metadata found in mature platforms, turning AI integration into a bottleneck that takes time and precision to untangle. Without foundational data quality, even the most sophisticated AI models tend to produce unreliable results.
PDFs and pipe dreams: Freitas drew a stark contrast between highly structured factory floors and legacy environments still running on analog workflows. "If your digitalization is low, AI is not the place to be. There are so many workflows across industries that are based on a hand-signed PDF delivered in-store. There is no structured database that is actually gathering that information." He argued that layering AI on top of unresolved technical debt only masks deeper dysfunction. "With technical debt, it's just trying to sugarcoat a rusty vehicle. You need to understand that if you don't have the basics, you will always fail."
Those underlying architectural issues frequently multiply due to a cultural disconnect. Some executives have limited visibility into the state of underlying data and may assume enterprise systems operate like consumer tools such as ChatGPT, where curated data is already baked into the experience. On the IT side, teams can feel pressure to adopt new capabilities quickly, sometimes before a clear enterprise strategy is in place. To bridge that gap, enterprise architecture is well positioned to act as a translator between business goals and technical reality. By focusing on application rationalization to actively decrease their footprint and reduce costs, leaders can verify that technology serves a concrete business purpose. Overcoming that friction often requires organizational rewiring tied to EBIT. Deploying AI simply to mask broken systems or to compensate for weak UI/UX rarely addresses the root cause and often leads to disappointing results.
Problem first: Freitas cautioned that IT teams' instinct to reach for new tools often overrides the discipline of listening to users' actual needs. "First of all, avoid solutioning. As enterprise architects, you need to listen to what people actually want." The problem compounds when teams build capabilities around assumptions rather than validated demand. "Don't try to invent solutions for problems that are not being asked, and this is paramount for architecture. People want to solve problems with AI that don't exist."
When teams quickly stitch AI onto legacy systems to solve problems that users may not have raised, operational workflows can spiral out of control. To prevent chaotic sprawl, some organizations are clarifying who actually owns the orchestration graph and establishing a governed orchestration layer to move from insight to action. Applying that discipline allows companies to reset strategy around orchestration and ROI before a broad rollout. Without centralized controls, deploying unauthorized agents can trigger a security crisis and bypass the vital work of embedding governance into the AI-native SDLC.
Jurassic tech: "There are a lot of companies that still have risks because they have core applications that run on Access databases on a single laptop. We are in 2026. This seems surreal, but this is still true." For him, examples like that underline why organizations need to identify key systems, bring foundational data into managed platforms, and establish basic continuity controls before layering AI on top.
Shadow IT: Freitas said the proliferation of unsanctioned AI tools has become a daily governance challenge. "Someone is using Kimi, and then people are concerned. They don't know whether it's the Moonshot AI or running an API call to China. This is an everyday occurrence." That is exactly the kind of scenario, he said, that centralized AI governance and SDLC guardrails are built to prevent.
Beyond operational headaches, the adoption of ungoverned AI often leads to steep, unexpected financial penalties. The envelope costs of failed proofs of concept can foreshadow a wider cost-management challenge driven by decentralized, credit-card-based token spending. To navigate those financial risks, a growing number of organizations are adopting frameworks for forecasting AI costs and implementing current-state FinOps tooling to regain control over distributed budgets and usage. Freitas recalled a conversation with an IT leader who realized an engineer's unmonitored token usage was costing the company as much as the engineer's $500,000 salary. The leader's conclusion was blunt: "'I would prefer to fire him and keep the tool.'"
For Freitas, the path forward is about earning the right to pursue AI ambitions thoughtfully and responsibly. That means investing in data strategy before AI strategy and empowering enterprise architecture to enforce the governance that business and IT teams won't impose on themselves. Without that mandate, Freitas argued that organizations will keep cycling through expensive pilots that never reach production, bleeding budget on unmonitored tokens, and exposing themselves to the same ungoverned sprawl that defined the early cloud era. "Enterprise architecture, if it is mandated and we have some kind of empowerment, is the way to bridge the gap and try to create some level of balance. If this is not done, then you are done."
