putilov_denis - stock.adobe.com
Building AI governance strategies for modern UC platforms
An effective AI governance strategy for UC requires human review, bias mitigation, data transparency and security controls. CISO involvement is key to success and ROI.
The rapid growth of AI in unified communications and collaboration tools is challenging how organizations have traditionally addressed governance. As agentic AI, AI assistants and other capabilities become increasingly embedded into UC, organizations must adopt new governance strategies for data sovereignty controls, real time monitoring and other guardrails.
Generative AI (GenAI) security has become a key component of governance for communications and collaboration. Nearly 80% of organizations that currently have a governance plan or will have one in place by the end of 2026 named GenAI as the second-most included component, according to Metrigy's Workplace Collaboration and Contact Center: 2026 study of 305 organizations. Other key AI-related components include data loss prevention and securing AI bots and agents.
As AI permeates every aspect of UC, organizations must ensure that their governance and compliance policies evolve to minimize risk. Key challenges for IT leaders include the following:
- Appropriate content controls for meeting artifacts, such as recordings, transcripts and summaries.
- Governance controls for AI-created content, such as documents and videos.
- Retention of internal and customer-facing conversations with AI virtual assistants.
- Capture of AI agent activity.
- Data localization and sovereignty control.
- Model training controls.
- Support for customer data removal.
Key AI governance strategies for UC
Meeting governance challenges requires a proactive approach that ensures organizations are positioned to realize the benefits of AI without creating unnecessary risk. In fact, Metrigy's research shows organizations with an AI governance strategy in place are 58% more likely to realize above-average ROI from their UC investments.
Companies without a proactive security model may choose to block AI, creating further risk as employees are pushed to shadow AI to obtain perceived benefits.
An effective AI governance strategy typically includes the following:
- Human review of AI content and agent actions, particularly those using sensitive data. Human review doesn't scale, but remains a necessary requirement when data loss or leakage puts the company -- and customer data -- at risk.
- Ensuring transparency of how data is used within AI models. This could include how models use internal data and how AI tools use connectors, such as MCP servers and agent-to-agent connectors.
- Identifying and mitigating bias in AI models. Biased data comes in many forms, such as sampling bias, exclusion bias and confirmation bias. Content generation and agentic decisions may further reinforce model bias.
- Appropriate application of data classifications and sharing controls to ensure that AI-generated content maintains data access restrictions. For example, only allowing those present in a meeting to access a meeting transcript and summary.
- Data retention for AI-generated content. This could include automatic destruction settings and eDiscovery support.
- Applying appropriate data residency controls to meet applicable local laws. This may include masking or removing personally identifiable information (PII) and establishing policies to enable the use of data, like call recordings.
- Security controls to protect against threats, including prompt-injection attacks, unauthorized apps and attempts to poison data.
- Audits of third-party providers to evaluate their governance policies and customer data usage.
- Proactive testing for agentic AI and autonomous AI agents to ensure data management and accuracy.
Establishing an effective governance policy requires close coordination among IT, business, security and compliance leaders. The most successful companies have CISO/CSO/IT security teams deeply involved in AI governance. The least successful ones simply rely on application owners to manage governance, according to Metrigy's study.
Finally, organizations should evaluate the use of AI as a tool to ensure governance. A growing number of UC software providers and management vendors are using AI to automate policy violation detection and to apply appropriate mitigation. AI isn't just a tool to improve unified UC and collaboration. It can also enhance governance management.
Irwin Lazar is president and principal analyst at Metrigy, where he leads coverage on the digital workplace. His research focus includes unified communications, VoIP, video conferencing and team collaboration.
