Gartner: 25% will add AI TRiSM by 2028

Artificial intelligence trust, risk and security management is becoming its own job inside large companies, not just an extra duty for legal or security teams. (gartner.com) (globalitresearch.com) Gartner’s forecast says that by 2028, 25% of large organizations will have consolidated, dedicated information governance teams drawn from data and analytics, digital workplace, and security and compliance. It says that share was less than 1% in 2023. (globalitresearch.com) Gartner uses AI TRiSM as shorthand for the controls around whether an artificial intelligence system is reliable, fair, secure, and handling data properly once it is in use. Its framework calls for policy enforcement, data protection, monitoring, validation, testing, and compliance. (gartner.com) The immediate pressure is regulatory as much as technical. Gartner said on February 17, 2026 that spending on AI governance platforms is expected to reach $492 million in 2026 and pass $1 billion by 2030. (gartner.com) The firm also said fragmented AI regulation will quadruple by 2030 and extend to 75% of the world’s economies. That is pushing companies to look for systems that can show compliance continuously instead of only during periodic audits. (gartner.com) That continuous approach matters because artificial intelligence systems change after launch. Gartner says traditional governance, risk management, and compliance tools are not built for real-time decision automation, bias checks, misuse prevention, and oversight of third-party or embedded AI systems. (gartner.com) Gartner’s survey work points to a payoff for companies that build those controls into operations. In a second-quarter 2025 survey of 360 organizations, it said organizations that deployed AI governance platforms were 3.4 times more likely to achieve high effectiveness in AI governance than those that did not. (gartner.com) A separate Gartner survey published June 30, 2025 found 45% of leaders at high-maturity organizations kept AI initiatives in production for at least three years, versus 20% at low-maturity organizations. Gartner said robust governance structures and engineering practices were among the factors behind that gap. (gartner.com) Gartner’s broader governance research shows many companies are still early. Its peer survey says 46% of respondent organizations had implemented an AI governance framework, either as a dedicated framework or as an extension of another governance framework, while 55% had not yet implemented one. (gartner.com) The result is that AI governance is moving from policy documents to operating structure. Gartner’s forecast is less about a new acronym than about who owns the controls when AI systems are already making decisions in production. (gartner.com 1) (gartner.com 2)