The Engineer’s Burden: Why Trustworthy AI Starts with the Data Layer

When a bridge collapses, no one blames the lawyers who drafted the building codes. We hold engineers accountable, because they’re the ones responsible for translating rules into working systems. So why, in AI, do we reverse that logic?

Today, when AI systems or data practices fail—when trust is broken, when rights are violated—we look to legal teams for better policies or compliance language. The fundamental failure isn’t technical incompetence. It’s that we’ve made engineers responsible for interpreting legal ambiguity at scale, without giving them the infrastructure to solve it.

(This is an expanded version of a post I shared previously on LinkedIn. Follow me there for my latest thinking on the intersection of data privacy, governance and AI) 

We’ve handed engineers a task that’s structurally impossible

Today, engineers are on the front lines, being asked to take vague, jurisdiction-specific privacy laws and somehow translate them into software systems that protect user rights, control data flows, and stay out of legal trouble. All while keeping the business moving at AI speed.

Here’s what we’re actually asking of them:

• 1. Decode overlapping, contradictory global privacy regulations while building systems that must work across multiple jurisdictions simultaneously
• 2. Map data flows across sprawling, distributed architectures where a single user interaction might touch dozens of microservices, third-party APIs, and data stores
• 3. Predict downstream consequences of data use in dynamic AI workflows where model behavior and data processing patterns evolve continuously
• 4. Enforce consent and usage rights in real-time across systems that were never designed with granular permission controls
• 5. Maintain all of this without breaking performance or functionality in production environments where milliseconds matter

This is fundamentally a distributed systems problem masquerading as a compliance challenge.

AI needs factual enforcement, not interpretation

You can’t govern petabyte-scale AI systems with policy memos and dashboards. The rules must be programmatically enforceable. Yet most organizations are asking engineers to build legally-compliant systems using spreadsheets, policy PDFs, and tribal knowledge. That’s not governance, it’s wishful thinking.

The reality for most organizations is untenable. We’ve normalized a situation where engineers are expected to implement precise technical controls based on ambiguous legal language, then hold them responsible when those interpretations prove insufficient.

This is an engineering problem that lacks infrastructure

Engineers aren’t failing at AI governance. Our approach to AI governance is failing engineers.

The solution isn’t to turn lawyers into engineers, or engineers into lawyers. That false choice has paralyzed progress for years. What’s missing is the infrastructure layer: a system that translates legal requirements into executable, deterministic logic that engineers can actually implement.

We’ve asked engineers to map data flows, decode regulations, and protect user rights without the technical scaffolding to do so. They need tools that understand both the complexity of modern data systems and the precision required by privacy law.

Ethyca has built the fundamentals of trustworthy data

These aren’t compliance features. They’re the core building blocks of any system that treats user data as sacred. What we’ve learned is that trustworthy AI doesn’t start with the model, it starts with the data layer.

Enterprises can’t scale AI unless they understand and control how data is used across people, systems, and time. The same infrastructure that enables precise data governance becomes the foundation for AI systems that can be trusted at scale.

With Fides, we’re not building another checkbox compliance tool, we’re building the execution layer for data trust. It’s a foundational system that makes policy enforceable by design across data mapping, consent management, access controls, and usage restrictions.

Trustworthy AI starts with the Data Layer

In a world where data drives everything, trust in your AI begins with trust in your data. And trust in your data starts with systems that engineers can actually use to enforce the rules that matter.

The principles remain the same ones we’ve always believed in: privacy automation, data rights, transparency, and control. But the use case has evolved. Now, they’re the building blocks of trust in an AI-powered enterprise.

Ethyca’s platform turns policy into computation. That’s what AI-scale governance demands and what we deliver. We make legal obligations executable not by rewriting the law, but by giving engineers the tools to act on it.

AI needs rules. Engineers need code. Ethyca builds the bridge between them.

If your governance system doesn’t make policy executable, you’re not building AI safely. You’re building risk – and placing the blame in the wrong place when it fails.

---

Want to see how this applies in real AI systems? Book a walkthrough with our engineers to explore how leading enterprises are building the execution layer for data trust.