In 2025, we find ourselves submerged in a sea of data, where nearly 403 million terabytes are generated daily, and over 181 zettabytes will be created this year alone. While the term “the cloud” evokes an image of invisible storage, the reality is more grounded: the U.S. alone hosts more than 2,700 data centres. Data, once a mere by-product of doing business, has become its own economy—raw, unstructured, yet potentially invaluable. The key challenge? Managing it effectively amidst intensifying privacy regulations, AI ethics, and cybersecurity threats.
Financial institutions, traditionally cautious and compliance-driven, are now faced with a dual imperative: extract value from data while governing it responsibly. This evolution isn’t optional. It’s a strategic necessity—one where survival, trust, and growth are all at stake.
AI’s Growing Appetite and the Shift in Data Infrastructure
Artificial Intelligence, especially generative models like ChatGPT, has opened the floodgates on how data is consumed and managed. These models are only as good as the data they ingest. And as the saying goes: you are what you eat—AI included.
In 2025, we are witnessing the rise of AI-native data infrastructures, where machine learning models are not added after the fact, but are baked into the data pipeline itself. These systems continuously monitor data quality, detect anomalies in real time, and generate predictive insights. Platforms like Databricks, Snowflake, and Google Cloud are leading this transition, enabling technical teams to deploy ML models at scale with greater speed and accuracy.
Simultaneously, a data-as-a-product mindset is transforming how we think about data. It’s no longer enough to produce ad hoc reports. Data must now be treated like any other product—discoverable, reliable, and valuable across departments. This evolution, often linked to Data Mesh architectures, empowers teams to own their data domains and promotes cross-functional collaboration. It is as much a cultural shift as it is a technological one.
The Regulatory Wake-Up Call
The world’s regulatory posture toward data has hardened. Inspired by the EU’s GDPR, new frameworks like the California Privacy Rights Act (CPRA) now enforce “data minimisation,” demanding that companies collect only what is strictly necessary. Many other U.S. states and global jurisdictions are following suit, making compliance a complex but strategic differentiator.
In Europe, DORA (Digital Operational Resilience Act) is setting a new standard for resilience, demanding robust governance for digital and AI systems to guard against systemic risks. This isn’t just about IT hygiene anymore. DORA demands that financial institutions not only protect their data but also prove they can recover from crises—digital or otherwise.
At the same time, Open Banking regulations continue to foster innovation by enforcing secure, standardised data sharing. Far from stifling progress, they are providing rails upon which fintechs and banks can co-develop new value propositions. Trust, security, and innovation are no longer trade-offs—they must be engineered together.
Data Governance is Getting Real-Time—and Real Personal
As real-time data becomes the norm, financial institutions must embrace event-driven architectures. Whether it’s for fraud detection, personalised product offers, or regulatory reporting, offering insights with minimal delay between data received and data acted upon will become expected rather than edgy.
Yet it’s not just the speed or scale that matters. It’s the culture. Many organisations are realising the importance of data literacy, not just among data teams but across business units. In 2025, the most effective data strategies are as human as they are technical. Hybrid roles that marry domain knowledge with data fluency are becoming essential.
Meanwhile, AI ethics and governance are rising up the boardroom agenda. Regulators are starting to demand real-time visibility into how AI-driven decisions are made—especially in high-stakes processes like credit scoring or fraud detection. Financial institutions must now treat AI model governance with the same seriousness as financial risk management. The AI Act, GDPR, and DORA are converging on this expectation.
Monetising Data, Responsibly
Data governance should not be seen as a compliance box-tick—it’s a revenue enabler. Businesses can phase their AI deployments, starting with lower-risk areas like marketing content, and gradually extending to more sensitive domains like regulatory reporting. The key is alignment: ethical AI models, real-time monitoring, and clear business impact.
More importantly, treating data as an enterprise asset allows businesses to break down silos, unify customer views, and offer hyper-personalised services. This leads to better retention, higher conversion, and—most critically—more trust.
The trends from 2024—AI acceleration, stricter regulations, democratised data, and cloud-native ecosystems—have culminated in 2025 as a clear mandate: data governance must be dynamic, scalable, and value-driven.
Businesses are no longer just managing data; they are competing on data. And the winners will be those who see beyond storage and pipelines—those who treat data as a currency of trust, a driver of growth, and a strategic differentiator.
In a world where so much data flows at light speed, the future belongs to institutions that can harness that torrent not just to serve shareholders but to improve the lives of customers. With ethics, transparency, and agility at the core, we have a real opportunity to transform data from a deluge into a dividend.
Sarp Demiray, CEO of EMBank
