Launching Our Data Provenance Paper and Looking Ahead to Agentic Commerce
By Camille Stewart Gloster, Chief AI Strategist, D&TA
Today, the Data & Trusted AI Alliance releases From Lineage to Trust: Data Provenance as a Risk-Based Tool for AI Agent Deployment—a paper shaped by member collaboration and grounded in practical experience.
As organizations accelerate the deployment of AI agents across products, services, and operations, familiar governance challenges are resurfacing in new forms. Agents are more autonomous, more adaptive, and more tightly integrated into decision-making workflows. That shift increases both opportunity and exposure.
Our latest paper does not attempt to define agentic AI governance in its entirety. Instead, it focuses on one practical and high-leverage mechanism: data provenance. Specifically, how organizations can apply it strategically within a risk-based framework to improve transparency, accountability, and operational confidence as AI agents scale.
For most enterprises, the question is no longer whether provenance matters. It is where and how to apply it.
By documenting data origin, lineage, transformation, and usage conditions, provenance creates verifiable records that help organizations understand how inputs shape outputs. When deployed proportionally to risk, it enables leaders to prioritize oversight where transparency adds the most value and mitigates the most harm.
As Jeff Brueggeman, Policy Committee Co-Chair and Chief Government Affairs Officer at AT&T, notes:
Similarly, Ben Diamond, Policy Committee Co-Chair at Transcarent, highlights the operational dimension:
The paper draws on case studies from member organizations to demonstrate how provenance can be embedded directly into workflows, layered alongside complementary safeguards, and scaled proportionally across low-, medium-, and high-risk use cases.
It also reinforces a critical point: provenance is not a silver bullet. It does not replace monitoring, red-teaming, privacy controls, or impact assessments. But when integrated thoughtfully, it strengthens all of them by grounding oversight in verifiable data records.
AI agents today largely operate within existing legal and regulatory frameworks. But as autonomy increases and systems move into higher-impact domains such as healthcare, financial services, and customer-facing decision-making, expectations around traceability and accountability are rising globally.
Enterprises need practical tools that allow them to move fast without losing control. Data provenance offers one such bridge between innovation and oversight.
As organizations move deeper into agent-driven systems, this work provides a foundation organizations can build on as new operational challenges emerge.
As AI agents increasingly transact, negotiate, and act on behalf of users and enterprises, deployers are moving onto the front lines of new operational and governance challenges. Agentic commerce and agentic marketing environments are already beginning to shift interactions away from purely human-mediated experiences toward ecosystems where agents research products, personalize recommendations, compare services, manage subscriptions, and interact directly with other systems across organizational boundaries.
That evolution raises important questions for deployers:
How do organizations maintain visibility into decisions made across interconnected agent ecosystems?
How do companies establish trust when agents interact across platforms, vendors, and data environments?
How do organizations trace how data shaped a recommendation, transaction, or downstream action?
What mechanisms support accountability when autonomous systems act on behalf of users or enterprises?
These are not abstract governance questions. They are increasingly operational ones.
Data provenance will play an important role because it helps organizations understand how data moves through complex environments and influences downstream outcomes. But provenance alone is not sufficient. As agent ecosystems evolve, organizations will also need stronger approaches to identity, authorization, interoperability, observability, transaction integrity, and runtime governance.
Organizations deploying these systems will often confront these governance questions before markets, standards, and regulatory expectations fully mature. That reality makes practical, risk-based governance approaches increasingly important as agent ecosystems continue to scale.
This release is not the end of the conversation. It is a foundation.
As AI agents increasingly transact, negotiate, and act on behalf of users and enterprises, we are entering an era of agentic commerce. In this emerging model, software agents may research products, compare pricing, execute purchases, manage subscriptions, and interact directly with other agents across digital marketplaces.
Agentic commerce raises new questions:
How do we ensure accountability when agents transact autonomously?
How do organizations manage data lineage across multi-party ecosystems?
What mechanisms support trust between agents acting on behalf of consumers and enterprises?
Data provenance will play a critical role in this next phase, but it will need to be paired with additional mechanisms around identity, authorization, transaction integrity, and dispute resolution.
Our future work will explore how risk-based governance models evolve to address these challenges, and how enterprises can prepare now.
We invite organizations, policymakers, and industry leaders to read the paper, reflect on the case studies, and consider how provenance can be integrated into their own AI governance strategies.
For those interested in learning more, the OASIS Data Provenance Standards (DPS) deliver a unified, interoperable framework for tracking the origin, integrity, movement, and quality of data, bringing provenance directly into modern AI governance. Designed to meet rising expectations for transparency and accountability, DPS supports trusted AI across cybersecurity, supply chains, and other regulated or high‑risk environments where data quality is critical. Built through an open, collaborative standards process, DPS is scalable, practical, and compatible across diverse data platforms and governance ecosystems. The specification, and new ways to provide feedback and drive adoption, will launch later this month. Stay tuned.
We also welcome continued collaboration as we turn toward the next frontier of agentic systems and commerce.
Responsible innovation requires more than aspiration. It requires infrastructure. Data provenance is one piece of that infrastructure. Applied strategically, it enables trust to scale alongside capability.
