FUTURE-READY PUBLIC INSTITUTIONS: RETHINKING DATA GOVERNANCE THROUGH MATURITY ASSESSMENT
DOI: https://doi.org/10.36004/nier.es.2025.1-05
JEL Classification: I38, D63, F55
UDC: 352/354:004.6
Veronica CRETU
Consultant with UNFPA and World Bank, Austria
https://orcid.org/0009-0003-5802-6545
Received 20 February 2025
Accepted for publication 15 May 2025
SUMMARY
This paper introduces a comprehensive maturity assessment framework for public sector data governance, aimed at supporting governments in building future-ready institutions. Grounded in institutional theory, sociotechnical systems thinking, and public value theory, the framework spans five pillars: governance and institutions, data and knowledge value creation, infrastructure and standards, trust and security, and digital preparedness and soft skills. Drawing on global models (DAMA DMBOK2, OECD, World Bank), it provides a structured, context-sensitive diagnostic tool to identify institutional strengths, gaps, and reform priorities. Certain elements of the framework were piloted in Moldova, Azerbaijan, and Kosovo using a mixed-methods approach, revealing that public sector data governance generally remains at a nascent to emerging stage, with notable progress in data protection and trust, but persistent weaknesses in foundational infrastructure and skills. The results highlight the importance of institutional ownership, regular assessments, and alignment with broader digital transformation and AI governance goals. The paper proposes an expanded model with 36 sub-components, incorporating emerging needs such as AI literacy, ontologies, and cloud computing. It positions data governance not as a technical exercise but as a strategic imperative for public value creation, accountability, and resilience in an increasingly data-driven world.
Keywords: data governance, maturity assessment, public sector, digital transformation, institutional capacity, evidence-based policymaking, artificial intelligence
Over the past two decades, data has emerged as a central resource in public governance, often referred to as “the new oil.” It was launched by Clive Humby, a British mathematician, in 2006. This term has since been echoed by numerous leaders and industry experts. However, it only sparked widespread discourse following a 2017 article by The Economist (2017) titled “The world’s most valuable resource is no longer oil, but data.”
Since then, this catchphrase has grown to be emblematic of the Fourth Industrial Revolution era. Yet, while the metaphor underscores the immense value of data, it oversimplifies the complex dynamics involved in governing it responsibly, equitably, and strategically. In the public sector, data is not merely an asset to be monetized, but a tool to drive better services, better decisions, inclusive policies, and democratic accountability. This shift requires robust data governance systems, especially as governments adopt artificial intelligence (AI) to modernize services and decision-making.
Despite the growing importance of data governance, the field lacks a unified definition or universally accepted framework, particularly for the public sector. Existing literature has primarily focused on data governance approaches developed in the private sector, often emphasizing technical efficiency and compliance, with limited attention to the specific challenges of institutional readiness and governance maturity in public administration (Janssen, et al. 2020; Alhassan, et al. 2016; Benfeldt, et al. 2020).
Studies that do address public sector data governance often emphasize legal compliance, open data, or interoperability (OECD, 2019; World Bank, 2021), without providing tools to systematically measure the maturity of data governance ecosystems or support phased reform processes. Moreover, the theoretical landscape is fragmented, with limited synthesis between institutional theory, public administration modernization, and sociotechnical systems approaches.
This paper addresses these gaps by proposing a maturity framework for public sector data governance, grounded in both theory and practice. Drawing on established models such as DAMA DMBOK2 (DAMA International, 2017), OECD’s data-driven public sector framework (Ooijen, et. al. 2019), the World Bank’s Open Data Readiness Assessment (World Bank, 2015), and the Global Data Barometer (Davies & Fumega, 2022), the framework evaluates maturity across five interdependent pillars: governance and institutions, data and knowledge value creation, infrastructure and standards, trust and security, and digital preparedness and soft skills.
The paper also incorporates field-testing insights from Moldova, Azerbaijan, and Kosovo to validate and refine the framework in diverse governance settings.
By introducing this maturity framework, the paper offers a structured, adaptable, and context-sensitive tool that enables governments to conduct a rapid yet comprehensive diagnosis of their current data governance ecosystem. It allows public institutions to pinpoint specific strengths and gaps across critical pillars such as leadership, trust, infrastructure, and institutional skills. More than just an assessment tool, the framework provides strategic guidance for prioritizing reforms, allocating limited resources effectively, and sequencing actions in a way that aligns with national digital transformation goals. In doing so, it supports public sector leaders in advancing evidence-based policymaking, enhancing service delivery, and ensuring ethical and responsible adoption of AI technologies.
The growing importance of data governance in the public sector is driven by several interrelated factors, including regulatory compliance, cybersecurity risks, rapid technological advancements, the imperative to improve public services, and the growing economic and social value of data. Frameworks such as the EU’s General Data Protection Regulation (European Union, 2016), the European Data Strategy (European Commission, 2020), the EU AI Act (European Union, 2024), and the Open Data Directive (European Union, 2019) have underscored the need for legal clarity, trust, and interoperability. At the same time, rising cybersecurity threats and the proliferation of AI and cloud computing call for better control over how data is collected, stored, and used. Robust data governance ensures not only legal compliance and ethical use of data but also enhances transparency, enables cross-border collaboration, supports innovation, and improves public trust. In this context, national data governance efforts are increasingly expected to align with global norms while addressing country-specific challenges and institutional capacities.
Furthermore, a data governance framework is crucial for sustainable development and achieving the Sustainable Development Goals (United Nations, 2015). It enables the effective measurement of progress, guides the development of informed policies, and ensures that sustainable practices are backed by solid evidence. By addressing data gaps and investing in robust data systems, it is possible to turbocharge progress towards achieving the Sustainable Development Goals, The State of Global SDG Data in 2023 Report (Goessmann et al. 2023) states, ensuring effective and equitable development worldwide. The report states that significant data gaps exist, particularly for SDG 5 (Gender Equality), SDG 13 (Climate Action), and SDG 16 (Peace, Justice, and Strong Institutions). The same report finds that investment in stronger national data systems can yield substantial economic returns (up to USD 32 for every dollar invested). However, despite high returns on investment, data and statistics are underfunded, especially in developing countries. Donors should increase their Official Development Assistance (ODA) allocated to data to at least 0.7% by 2030.
Across governments, data governance operates at different levels: whole-of-government, sector-specific, and local level, highlighting its adaptability to diverse policy contexts and institutional capacities. When implemented effectively, it becomes a cornerstone of sustainable development and democratic governance.
Finally, data governance is a critical framework for ensuring the effective, ethical, and secure management of data. It enhances data’s value, promotes institutional accountability, and builds trust among stakeholders. While there is no single, universally accepted definition of data governance, most authoritative sources agree on several core principles: the need for lifecycle management of data (from creation to disposal), the importance of ensuring data quality, security, and privacy, and the role of inclusive stakeholder collaboration.
h1 lang="en-GB" class="western" align="justify" style="margin-left: 0.76cm; text-indent: -0.76cm"> THEORETICAL FRAMEWORKThe maturity assessment framework developed in this study is rooted in a multidisciplinary theoretical foundation, integrating insights from institutional theory, sociotechnical systems thinking, and public value theory. These perspectives provide the analytical lens for understanding how data governance functions within complex public administration systems and why context-specific maturity models are essential. This framework is also grounded in institutional theory (DiMaggio and Powell, 1983); sociotechnical systems thinking (Trist & Bamforth, 1951), and public value theory (Bryson, Crosby, and Bloomberg, 2014), which explains how public sector institutions often adopt similar governance practices due to coercive, mimetic, and normative pressures rather than purely performance-based considerations. By providing a structured tool for self-assessment, the proposed maturity framework aims to support intentional, context-specific reform, rather than superficial compliance with global trends.
Traditional data governance models often focus on technical capabilities such as data infrastructure, security protocols, and standards, while neglecting the social dimensions that determine their effective use: leadership, institutional trust, administrative culture, and skills. Socio-technical theory challenges this imbalance by emphasizing joint optimization, where the success of a system depends on aligning both technological and social subsystems (Trist & Bamforth, 1951). Built on the open systems perspective (Bertalanffy, 1950), socio-technical theory underscores that public institutions operate in dynamic environments, where legal frameworks, political will, administrative cultures, and external pressures shape their data practices. This theoretical lens reinforces the need for a context-sensitive, non-prescriptive maturity framework, one that acknowledges multiple, evolving paths to effective data governance.
In addition to the above, the paper also draws on Herbert Simon’s theory of bounded rationality and his three-stage model of decision-making: intelligence, design, and choice. The framework proposed in this paper supports each of these phases. It helps public institutions collect and assess data (intelligence), explore and strengthen their organizational and technical capacities (design), and prioritize reforms and AI-readiness actions (choice). Simon's insights into the cognitive and institutional limits of decision-making reinforce the need for structured diagnostic tools, such as maturity assessments, to guide public sector actors toward informed and adaptive governance choices.
In translating these theoretical insights into a practical model, this paper also draws upon leading frameworks in the field of data governance. The DAMA Data Management Body of Knowledge (DMBOK2) provides principles for managing data as a strategic asset, emphasizing governance roles, processes, and accountability mechanisms (DAMA International, 2017). The OECD’s data-driven public sector framework supports the integration of data governance into public value creation and policy delivery, offering dimensions such as leadership, capability, and infrastructure (OECD, 2019). Similarly, the World Bank’s Open Data Readiness Assessment (ODRA) provides a diagnostic structure focused on institutional enablers, stakeholder engagement, and data accessibility (World Bank, 2015).
Given the conceptual diversity of data governance, it was essential to explore various definitions to clarify the scope and principles that guide this assessment. A review of existing definitions reveals several common themes, and several sources offer definitions that highlight different aspects of data governance.
Well-designed data governance, according to the World Bank, can be defined as the framework that allows capturing the central values and purposes of an entity (country, international body, region, etc.) to leverage the synergies with multiple stakeholders while creating trust and promoting the use of data.
OECD (2019): Data governance refers to diverse arrangements, including technical, policy, regulatory or institutional provisions, that affect data and their cycle (creation, collection, storage, use, protection, access, sharing and deletion) across policy domains and organizational and national borders.
Davies (2022): Data governance concerns the rules, processes and behaviors related to the collection, management, analysis, use, sharing and disposal of data - personal and/or non-personal. Good data governance should both promote benefits and minimize harms at each stage of relevant data cycles.
Holdsworth and Kosinski (2024) define data governance as “the data management discipline that focuses on the quality, security and availability of an organization’s data”
Microsoft (n.d.): The definition of data governance includes the collection of processes, policies, roles, metrics, and standards that ensures an effective and efficient use of information. This also helps establish data management processes that keep your data secured, private, accurate, and usable throughout the data life cycle.
DAMA International (2017) defines it as “the exercise of authority and control (planning, monitoring, and enforcement) over the management of data assets”. Its primary goals include defining, approving, and communicating data strategies, policies, standards, architecture, procedures, and metrics. It also involves tracking and enforcing regulatory compliance and conformance to these policies and standards, sponsoring and overseeing data management projects and services, managing and resolving data-related issues, and understanding and promoting the value of data assets. Through these activities, data governance ensures the effective, secure, and compliant use of data within an organization, driving both operational efficiency and strategic value.
US Health Policy Perspective (2021): Data governance is defined as the process by which stewardship responsibilities are conceptualized and carried out, that is, the policies and approaches that enable stewardship. Data governance establishes the broad policies for access, management, and permissible uses of data; identifies the methods and procedures necessary to the stewardship process; and establishes the qualifications of those who would use the data and the conditions under which data access can be granted.
Benchmarking Perspective (Marcucci et al. 2023): A comparative analysis of global data governance frameworks is presented by Marcucci et al. (2023) in Informing the Global Data Future: Benchmarking Data Governance Frameworks. The study highlights how definitions and approaches to data governance diverge significantly depending on institutional roles, regulatory environments, and national contexts.
Despite the lack of a unified definition, common themes emerge across the various definitions:
Many definitions emphasize that data governance involves a framework or a set of processes that manage the lifecycle of data from creation to disposal.
Data governance includes rules, policies, and standards that ensure data is used effectively and securely.
Effective data governance involves the participation and collaboration of multiple stakeholders, including regulatory bodies, institutions, and individuals.
Good data governance aims to maximize the benefits of data use while minimizing potential harms.
Similarly, institutions leading efforts in the field of data governance, highlight various aspects: for example, the World Bank emphasizes leveraging synergies among stakeholders and promoting trust in data use. OECD focuses on diverse arrangements (technical, policy, regulatory) that affect the data lifecycle across borders. IBM stresses the importance of data quality, security, and the policies that govern data use (Holdsworth & Kosinski, n.d.), while Microsoft focuses on the collection of processes and standards that ensure data's effective and efficient use.
At the same time, many definitions highlight the importance of managing data throughout its entire lifecycle, from collection to disposal, ensuring that data is kept secure, accurate, and usable. Several definitions underline the importance of establishing trust among stakeholders and ensuring the security and privacy of data. Definitions often include the purpose and goals of data governance, such as enhancing data quality, promoting data sharing and reuse, ensuring compliance with regulations, and protecting individual privacy rights.
These practices indicate that there is no one-size-fits-all, and the varied definitions and elements of data governance suggest varied needs of organizations (private, public, not-for-profit), that there is no universal approach that fits all contexts. Different sectors and organizations may have unique requirements and priorities. Accordingly, Governments should seek to tailor their data governance frameworks to the specific needs and maturity levels of different sectors and departments. Public sector institutions need to prioritize data driven initiatives based on regular internal maturity assessments which can help identify strengths and weaknesses and enable targeted improvements.
Literature and practice emphasize that data governance is not monolithic but rather multi-level, context-sensitive, and highly adaptable. Instead of adhering to a one-size-fits-all model, data governance frameworks are increasingly designed to operate across distinct levels: whole-of-government, municipal/local, sector-specific, and institutional/organizational, each with its own priorities, stakeholders, and governance arrangements.
At the whole-of-government level, central governments may adopt unified standards, shared platforms, and overarching data governance strategies that promote interoperability and coherence across ministries. This aligns with system-level governance theories that view the state as a coordinated data steward. An example is Singapore’s government-wide use of analytics to optimize public service delivery.
The local/municipal level adapts data governance to the specificities of communities, often focusing on smart city initiatives, localized service delivery, and participatory data practices. This reflects the subsidiarity principle in governance theory, placing decision-making at the most immediate or local level consistent with its resolution (Hooghe & Marks, 2003). Vienna’s “Data Capital City” initiative is a case in point (Data Excellence Strategy of the City of Vienna, 2024).
Sector-specific models recognize that certain policy domains such as health, education, and finance require tailored data governance arrangements due to regulatory, ethical, or operational demands (Alhassan, et.al. 2016). For instance, the Ministry of Education of Malaysia has implemented a customized Data Governance Model to guide the management and use of education data in alignment with national priorities and sectoral requirements (Ministry of Education Malaysia, 2021).
Organizational-level data governance focuses on internal policies, stewardship roles, and data literacy within institutions. It operationalizes concepts from micro-governance and internal accountability theory (Benfeldt, et.al. 2020). Notable examples include Stats NZ’s operational Data Governance Framework and Airbnb’s internal data education program (Data governance NZ, 2021; Jabes, 2020).
These levels are not mutually exclusive but interconnected. This multilevel governance perspective enables more nuanced assessments of institutional maturity, stakeholder engagement, and policy coherence within data ecosystems.
This paper also draws on the interrelated concepts of measurement and maturity, which are essential to understanding the evolution and assessment of systems, including data governance frameworks. Measurement as a concept is at least as old as civilization, with various systems and units evolving based on natural objects. It is fundamental in every aspect of our daily life, from modern science, engineering, commerce, education, health, etc. Generally, measurement involves interacting with a system to represent its aspects in abstract terms such as numbers or vectors.
Philosophical discussions about measurement date back to antiquity, with foundational concepts such as magnitude and quantity central to early mathematics and logic. Euclid’s definitions imply that measurement entails being divisible by another quantity, though in some cases a number may also measure itself (Euclid, 1956). Aristotle distinguished quantity as a measurable attribute from quality, the nature of what is being measured (Aristotle 1941, 1053a). In modern thought, Helmholtz argued that measurement requires some properties to remain invariant during transformations (Helmholtz, 1977), and Russell described measurement as the assignment of numbers to non-numeric entities (Russell, 1903).
The term maturity generally refers to “the state of being complete, perfect, or ready” (Simpson & Weiner, 1989), or to a stage at which something has reached full development. Initially used in engineering contexts, such as the maturity method for concrete curing (Nawy, 2001), following structural failures like the Skyline Plaza collapse, the concept has since been widely adopted across domains including IT governance, corporate compliance, and, more recently, data governance (Becker, et.al, 2009).
Combined definitions of the terms ‘measurement’ and ‘maturity’ lead to maturity measurement or maturity models, which have been increasingly approached by researchers, experts, consultants across various fields during the past decades, from across private, public an academia, for their ability to assess the strengths and weaknesses of systems and processes, and to create improvements. Maturity models aim to develop processes with desirable goals, such as resources or practices, leading to a more mature organization or system.
Finally, this framework is both theoretically and empirically grounded. Throughout its development, practitioner insights and implementation experiences played a critical role in shaping the framework’s structure and ensuring its practical relevance. Workshops and structured engagements with public servants in Moldova, Azerbaijan, and Kosovo helped identify context-specific gaps, validate theoretical assumptions, and adapt the initial framework by expanding the elements under each of the five pillars. This iterative, participatory process embodies the core principles of socio-technical design and open systems thinking, reinforcing the framework’s capacity to support meaningful institutional transformation.
This analysis employed a mixed-methods, iterative research design combining qualitative and quantitative techniques. The objective was to develop and validate a maturity assessment framework for public sector data governance across five key dimensions: governance and institutions, data and knowledge value creation, infrastructure and standards, trust and security, and digital preparedness and soft skills.
The framework was initially conceptualized through a desk review of global data governance models (e.g., DAMA DMBOK2, OECD’s data-driven public sector framework, World Bank ODRA), and then refined through face-to-face and remote assessments in three countries: Moldova, Azerbaijan, and Kosovo between 2022 and 2024, as part of various initiatives aiming to understand the various aspects of data governance in the public sector. Respondents included: public sector officials at central levels, civil society representatives, international development partners, independent experts.
Table 1: Core Components and Subcomponents of the Data Governance Maturity Framework"
Key component |
Sub-components |
Governance and Institutions |
|
Value |
|
Trust |
|
Foundations |
|
Skills |
|
The assessment framework in two countries was structured around five key components, each comprising multiple interrelated subcomponents, as per breakdown provided below:
To assess the maturity of each subcomponent, a five-level scoring system was applied. This system captures varying degrees of institutional readiness, from non-existent to fully mature practices. Each level corresponds to a numerical score from 0 to 4, as described below:
0 signifies absent,
1 indicates a nascent stage,
2 indicates an emerging stage,
3 represents an expanding stage, and
4 denotes a mature stage.
Table 2.
Maturity levels for assessing data governance pillars and sub-components
Level 0 – Absent
|
There is no evidence of the component in any significant way. |
Level 1 - Nascent |
There is evidence of isolated use of the component in a few individual institutions, probably as a result of local initiatives, but there are no wider policies or standards for it. |
Level 2 - Emerging |
There is evidence of some policies and standards for the component and the use of these in some specific projects, but the policies are incomplete and implementation of them is not widespread. |
Level 3 - Expanding |
There is evidence of a largely complete and credible set of policies and standards for the component, and that these are being applied widely, especially for new projects, but achievement is requiring continuing management intervention and there are significant remaining areas of non-compliance. |
Level 4 - Mature |
The component is fully functioning and sustainable, with policies and standards being applied across all institutions without requiring continuing interventions, with regular monitoring of compliance and corrective action, and with all stakeholders involved in improving and optimizing the component on an on-going basis. |
The scores from each subcomponent were aggregated to generate average scores for the five main pillars. Additionally, specific benchmarks and guiding questions were developed for each maturity level per subcomponent. To illustrate how the framework was applied in practice, the following example outlines the maturity levels, benchmarks or characteristics, evaluation questions, and stakeholder engagement strategy for the Leadership subcomponent under the Governance and Institutions pillar.
This example demonstrates how nuanced assessment criteria were paired with targeted data collection tools to ensure a comprehensive understanding of institutional maturity. All 24 subcomponents across the five pillars were assessed using the 0–4 maturity scale.
Table 3.
Assessment matrix for evaluating leadership maturity for data governance
Levels of development |
Indicators or benchmarks |
Evaluation Questions |
Key Stakeholders to be approached and the data collection tool used |
Level 0 – Absent |
Leadership in this area is absent.
|
Is there evidence of leadership for Data Governance in the public sector?
|
Surveys. Stakeholders to complete the survey: Decision makers, heads of units/departments in line ministries, tasked with strategy/vision/mission setting for their sector, etc.
Based on the results of the survey, define Qs for in-depth interviews. |
Level 1 - Nascent |
There is awareness among public sector leaders (in a few leading sectors) vis-à-vis the need to have some leadership/authority on data governance. |
How often is data governance topic discussed in the public sector?
Are there any leading Ministries/Public Agencies raising awareness about the importance of data governance in the public sector? (this can happen as part of broader vision for digital transformation or linked to ongoing discussions on national development agenda; or digital transformation).
|
Surveys.
Stakeholders to complete the survey: Decision makers, heads of units/departments in line ministries, tasked with strategy/vision/mission setting for their sector, etc.
Based on the results of the survey, define Qs for in-depth interviews.
|
Level 2 - Emerging |
There are informal communities of public servants interested in the data governance framework, with no specific mandate or responsibilities. There are emerging 1-2 champions in particular sectors.
Sporadic events are organized for potential data champions in the public sector, usually with support from international development partners.
|
Are you aware of any information communities of public servants working on data governance, interested in data governance, promoting data governance as a topic/theme in the public sector?
Are you aware of public events during which data governance is being addressed?
Who are the most active organizers of events which address data governance or data in general?
|
Surveys. Stakeholders to complete the survey: Decision makers, heads of units/departments in line ministries, tasked with strategy/vision/mission setting for their sector, etc.
Based on the results of the survey, define Qs for in-depth interviews. |
Level 3 - Expanding |
There are inter-institutional coordination bodies in place, focusing on capacity building initiatives, collaboration and knowledge sharing on data. For ex. Knowledge Alliance on data governance; Community of Practice on Data Governance, or anything similar.
There is potential for more experienced public servants (leads in the field) to act as mentors for entry level servants working on data governance.
There are established roles for officers responsible for the provision of public data; or data managers; or data coordinators in line Ministries. Clear TORs are in place for the established roles.
Costs associated with these roles are included in the fiscal planning/budgeting.
|
Are you aware of any inter-institutional coordination efforts, aiming to promote ongoing capacity building activities, knowledge sharing on data, data governance in the public sector?
To what extent, public servants exercise the role of the ‘mentor’ for entry level servants, particularly around emerging topics such as data or data governance?
Are there currently formal roles/unit/person in place, in public institutions, responsible for the provision of public data; or data managers; or data coordinators?
Are there TORs are in place for such a position?
Are costs associated with these roles included in the annual planning/budgeting?
|
Surveys.
Stakeholders to complete the survey: Decision makers, heads of units/departments in line ministries, tasked with strategy/vision/mission setting for their sector, etc.
Based on the results of the survey, define Qs for in-depth interviews.
|
Level 4 - Mature |
There is a strong political leadership which provides high level support needed to advance the data policy agenda, and although changes might occur at this level, the top management ensures that the transition does not impact the efforts and helps implement, steer policy design and implementation, increases continuity and sustainability.
There are formalized leadership roles in the existent administrative structures, i.e. Government Chief Data Steward. He/she leads data policy in the country. Or, Unit Head (within the Office of the Prime Minister); or consensus-based leadership model is in place (in form of a data taskforce with leading public sector agencies part of it). Or Chief Data officers’ positions are in place, with relevant financial support, clear roles and portfolio.
There is a national body tasked to coordinate data governance in the public sector (across sectors).
High level leadership is visible and serves as the key authority in the field.
Digital leadership – public institutions demonstrate ability to develop a vision for digital. |
Is there evidence of strong political leadership to advance data policy agenda in the public sector?
If yes, how is continuity ensured when/if there is a change at the level of top management?
Do you have any of the following positions/structures in the Government? Tick any that applies:
What evidence is there in place to demonstrate high level leadership and authority for data governance agenda?
Are public institutions able to develop a vision for digital? Do such capacities exist within all public entities?
|
Surveys.
Stakeholders to complete the survey: Decision makers, heads of units/departments in line ministries, tasked with strategy/vision/mission setting for their sector, etc.
Based on the results of the survey, define Qs for in-depth interviews.
|
This approach enabled the inclusion of scenario-based multiple-choice questions in the surveys, allowing respondents to select the option that best reflected the current situation in their context. Each scenario corresponded to a maturity level on a 0–4 scale (from Absent to Mature).
For example, under the Governance & Institutions pillar, the Vision subcomponent included five narrative options ranging from Level 0 (no discussions or initiatives exist) to Level 4 (data is treated as a public good with a shared long-term vision and inclusive governance).
Level of development |
Indicators or benchmarks |
0 |
No discussions or initiatives around developing a vision on data governance exist. |
1 |
Sporadic discussions about data governance occur without specific measures taken for vision development, primarily initiated by external stakeholders. |
2 |
A fragmented approach to data governance exists among some institutions. Some develop data registers, but not necessarily for improving inter-institutional data sharing or a broader vision. |
3 |
Different public sector organizations lead parts of data governance, leading to confusion and data integration barriers. The incomplete vision emphasizes technology over people and is discussed in closed circles. |
4 |
Data is treated as a public good with a shared long-term vision. A holistic data governance vision is in place, emphasizing people first in technology, managing data throughout its life cycle, and ensuring inclusivity. |
In Azerbaijan, data was collected through a multi-method approach combining desk research, online surveys, interviews, and validation workshops. A kick-off workshop launched the process by informing key stakeholders about the methodology and engagement plan. This was followed by a comprehensive desk review of national policies, strategies, and regulatory documents. Seven targeted online surveys (via Google Forms) were distributed to public officials across roles, yielding responses from senior, mid-level, technical, and HR personnel, with each survey aligned to a specific component of the framework. Above 80 respondents completed the surveys. To deepen understanding, 12 key informant interviews were conducted with selected respondents. Finally, two validation workshops were held to collectively review and refine preliminary findings and scores, ensuring alignment with institutional realities and stakeholder insights.
In Kosovo, data collection was conducted through a two-day, face-to-face capacity-building workshop involving 25 participants, primarily from civil society organizations and international organizations present in the country, with limited public sector representation. During the workshop, each sub-component of the maturity framework was assessed individually, in pairs, and through group deliberation to reach consensus on maturity levels. This participatory process was followed by two online follow-up sessions, where participants used the results to identify priority areas for future action and institutional development.
In Moldova, the assessment process was primarily qualitative and exploratory in nature. Several components of the framework were addressed through expert interviews (15 interviews conducted) and a structured survey completed by 26 respondents. A follow-up validation survey was also distributed, though it received only two responses. Notably, a structured maturity scoring system was not applied in this case, which limited the ability to generate comparative or quantitative benchmarks. Instead, the process focused on capturing expert perspectives and generating forward-looking insights. As a result, the analysis focused more on forward-looking recommendations than on measuring the current level of institutional maturity. While stakeholder participation was significant, the lack of quantified benchmarks limited the ability to identify precise gaps or determine proximity to a mature state. The findings serve as an initial diagnostic and highlight the potential value of a future, more data-driven assessment.
Survey results were analyzed using descriptive statistics to calculate average scores for each sub-component, component, and pillar. Open-ended responses were coded thematically to identify institutional strengths, weaknesses, and recurring barriers. Interview transcripts were manually coded to extract qualitative insights that contextualized quantitative scores. Two scoring iterations were conducted in Azerbaijan to account for response bias and validate initial findings. In Kosovo, consensus scoring was used in group sessions. In Moldova, due to a more qualitative orientation, there were no scores attributed to the main pillars.
The analysis acknowledges certain limitations. In Azerbaijan for example, some responses reflected social desirability bias, with participants either overstating institutional practices or, in some cases, underestimating the actual level of development. This variability underscored the importance of validation workshops and triangulation through interviews to refine and contextualize the maturity scores. In Kosovo, limited public sector participation meant results primarily reflected civil society perspectives. In Moldova, the absence of a structured maturity scoring system limited the ability to quantify current capacities or compare them to an ideal state.
One important aspect is related to the reliance on self-reported data in all three countries, which limited the ability to verify how data governance is operationalized in practice. While not applied in the current assessment, direct observation is identified as a promising methodological addition for future research. This approach might offer the potential to capture actual behaviors, informal routines, and decision-making dynamics: insights that are often missed in interviews and surveys. Observation is particularly valuable in hierarchical public sector environments, where formal responses may not fully reflect operational realities. Incorporating observational methods in future assessments would strengthen data triangulation, enrich contextual understanding, and provide a more nuanced and grounded view of institutional data governance maturity.
The following principles guided the design and implementation of data collection activities across all country contexts:
Equality and non-discrimination: All participants were treated equitably, regardless of role, background, or affiliation.
Informed consent and confidentiality: Each respondent participated voluntarily, with assurances of anonymity and privacy, in line with ethical standards and interview protocols.
Gender equality: Efforts were made to ensure balanced participation of women and men at every stage of the assessment, including workshops, surveys, and interviews.
To protect institutional confidentiality and respect the sensitivities of ongoing reform processes, detailed findings are presented in aggregated form without attributing results to specific countries or institutions.
In one country where the full maturity scoring system was applied, average scores were calculated across five core domains of the data governance assessment and was found to be at the emerging stage, with an average maturity score of 2.14 out of 4 across the five evaluated components: Governance and Institutions, Value, Trust, Foundations, and Skills. All components scored within the nascent to emerging range, with none reaching the expanding or mature level. The Trust component registered the highest average score, while Foundations had the lowest. Common gaps identified across the data governance landscape included:
The absence of a whole-of-government data governance strategy.
Fragmented institutional approaches to data management.
Lack of a centralized or high-level data governance body.
Limited practices around data discoverability and cataloging.
Weak institutional capacity in data literacy and analytics.
Figure 1.Average maturity scores across five pillars of data governance assessment
Figure 2: Overall data governance maturity assessment score
The assessment conducted in the second country revealed that the overall data governance framework remains at an early stage of development, with notable disparities across its five core components:
Governance and Institutions: While some coordination structures exist, governance is fragmented. There is no unified legal framework or clear institutional ownership of the data agenda, particularly at the local level.
Value: Infrastructure exists to support data sharing and reuse, but it remains underutilized. Open data practices are limited, and public trust in platforms is low. The strategic value of data is not yet fully recognized or leveraged.
Trust: Legal alignment with data protection standards is progressing, but enforcement is weak. Emerging technologies raise additional regulatory gaps, and cross-border data flow policies remain underdeveloped.
Foundations: Foundational infrastructure is in place, yet issues persist with data quality, duplication, and inconsistent standards. Integration and interoperability across systems are hindered by both technical and governance barriers.
Skills: Capacity building is insufficient and uneven. Digital and data literacy remain low across the public sector, with outdated HR practices limiting the recruitment and development of skilled personnel.
Finally, in the third context, the assessment concluded that:
Governance and Institutions: absence of a comprehensive data governance roadmap and the need for clearly defined roles, responsibilities, and institutional leadership. There was strong interest in establishing a legal and regulatory framework and institutional mechanisms such as a Chief Data Officer.
Value: The understanding of how data can drive value, from service delivery improvements to policymaking, was essential. However, actual implementation of such practices was perceived as limited. Respondents emphasized the need to embed data governance in broader digital transformation efforts.
Trust: Concerns about data privacy, protection, and ethical use were commonly raised. Data privacy and security were among the top-rated competencies respondents wished to see prioritized in future capacity-building efforts.
Foundations: Feedback revealed persistent gaps in metadata use, data quality assurance, and the availability of base registers. Respondents lacked practical familiarity with interoperability mechanisms and data cataloging practices.
Skills: The strongest thematic priority identified by respondents was building digital and data literacy across government. There was particular interest in competency-based curricula and more structured training programs. Respondents expressed a need for expanded professional development, and some considered career paths in data governance or analysis as a result of the assessment and direct impact of participation in the assessment.
Additional insights:
Respondents valued the maturity assessment exercise, which encouraged reflection and comparison of perspectives across sectors.
Participation in the assessment helped clarify how open data fits within a broader data governance ecosystem.
Recommendations emerged to include more public officials in such exercises and to institutionalize training through partnerships with civil service academies or universities on the topic of data governance, or assessment frameworks for data governance in the public sector.
Across all three cases, stakeholder feedback supported the relevance of the assessment and in two contexts, respondents highlighted the maturity framework usefulness as a diagnostic and planning tool.
From the methodological standpoint, the implementation of the assessment revealed practical challenges related to participant engagement, difficulties in broadening stakeholder representation, and language-related barriers, particularly during the survey phase. Open-ended responses often lacked depth, either due to limited time, knowledge, or interest. Additionally, social desirability bias distorted initial results in some settings, requiring further rounds of data collection and triangulation to approximate a more realistic picture of maturity.
The findings also point to opportunities for more nuanced and longitudinal research on data governance maturity. Participatory methods may be better suited to capture day-to-day governance realities than survey instruments alone. Moreover, cross-country comparative studies could identify political, institutional, or cultural variables that accelerate or inhibit data governance reforms.
A cross-cutting observation from all three country contexts is that the maturity assessments were initiated and carried out with external donor support. While this facilitated high-quality design, expert input, and methodological consistency, it also highlights a structural weakness: the absence of domestically anchored and institutionalized mechanisms for assessing and improving data governance.
Relying on external funding for core governance diagnostics, especially in an area as foundational as data governance, is not sustainable in the long term. It risks assessments being perceived as one-off exercises rather than integral parts of country’s digital transformation agenda. Without national ownership and budgetary commitment, there is a real danger that findings will not be operationalized, lessons will be lost, and momentum will stall after donor engagement ends.
Embedding such assessments into routine government performance processes, supported by national statistical offices, digital transformation agencies, or civil service training institutes, could help institutionalize these efforts. Long-term sustainability also calls for developing internal capacity to lead assessments, interpret results, and act upon them: including in policy, technology, and organizational change.
The assessment revealed that across the different contexts examined, public sector data governance maturity generally resides in the nascent to emerging range (Table 4). While no component reached a mature stage, the consistency of scores across all five pillars: Governance and Institutions, Value, Trust, Foundations, and Skills, suggests that foundational elements are in place and that there is potential for coordinated progress. Rather than wide disparities that might indicate isolated or siloed development, the balanced scoring pattern points to broad-based, albeit early-stage, activity in data governance across institutions.
Among the five pillars, the Trust component, which includes data protection, privacy, and security, tended to score relatively higher. This reflects the increasing visibility of privacy and data protection related regulations and public discourse around data protection, likely driven by international norms and donor influence or the need to harmonize national legislation with the EU one.
In contrast, the Foundations component, which includes critical elements such as data standards, cataloging, base registries, consistently lagged. This suggests that while awareness of data security and rights may be increasing, the technical and infrastructural backbone necessary to enable effective data governance is underdeveloped. The disparity between Trust and Foundations highlights a policy environment where legal or normative frameworks may be evolving faster than institutional and infrastructural capabilities.
This gap is especially relevant in environments where data policies exist in principle but are not implemented systematically, often due to fragmented governance structures or a lack of designated accountability. Furthermore, the limited progress in the Skills component, particularly in terms of data literacy and institutional readiness, indicates a pressing need for capacity building, without which progress in the other areas may stall. Taken together, these findings emphasize the importance of integrated, cross-pillar interventions, to ensure that policy, practice, infrastructure, and skills advance in a balanced manner.
Component: Governance and institutions |
||
Vision; Leadership; Accountability; Alignment with other national strategies and programs; Alignment with emerging global governance on AI; Data policy; Communication and Collaboration; Stakeholder engagement, KPIs and MEL; Management practices. |
||
Component: Data and knowledge value creation |
Component: Trust and security |
Component: Infrastructure and standards |
Data sharing; Open Data; Data Analytics; Knowledge representation and reasoning (KRR); Knowledge Organization Systems (KOS); Ontologies, as the most complex knowledge organization systems. |
Data security; Data controls; Privacy and data protection. |
Base Registers; Data standards; Data quality; Data infrastructure; Data lifecycle management; Data catalogue and discoverability; Cloud computing & data lakes. |
Component: Digital preparedness and essential soft skills |
||
Source: developed by the author.
Component: Governance and Institutions |
||
Vision, Leadership, Accountability, Alignment with other national strategies and programs; Alignment with emerging global governance on AI; Data Policy; Communication and Collaboration; Stakeholder engagement; KPIs and MEL; Management practices. |
||
Component: Data and Knowledge value creation |
Component: Trust and security |
Component: Infrastructure and standards |
Data Sharing; Open Data; Data Analytics; Knowledge representation and reasoning (KRR); Knowledge Organization Systems (KOSs); Ontologies. |
Data security; Data controls; Privacy and Data protection. |
Base registers; Data standards; Data quality; Data infrastructure; Data Lifecycle management; Data catalogue and discoverability; Cloud computing and data lakes. |
Component: Digital preparedness and essential soft skills |
||
Institutional digital readiness; Data literacy; AI literacy; Career planning and development; Organizational development; Facilitation and moderation; Critical thinking; Design thinking; Communities of practice (CoP); Certification for digital skills and adaptive learning platforms. |
||
While the assessments conducted in the presented cases focused on core data governance components (highlighted in yellow), the findings also revealed critical gaps that are becoming increasingly significant in the context of digital transformation and AI adoption. To address these, several additional sub-components (highlighted in blue) are proposed for inclusion in future assessments.
Specifically, elements such as AI governance alignment, cloud computing, knowledge representation and reasoning (KRR), Knowledge Organization Systems (KOS) and ontologies, and cloud computing are not yet systematically integrated into data governance frameworks, despite their growing relevance.
For example, the absence of AI governance considerations may hinder readiness for algorithmic accountability and ethical AI use, while the lack of standardized approaches to data ontologies or knowledge systems limits semantic interoperability. Similarly, emerging practices such as certification for digital skills and communities of practice (CoP) are essential to foster long-term institutional capacity and cultural change, particularly in low-trust or resource-constrained environments. Integrating these forward-looking elements into future versions of the framework will help public sector institutions build resilience, improve cross-border interoperability, and ensure alignment with global digital governance norms.
Key principles of the revised proposed maturity framework: the adoption of an innovative approach that captures and nurtures best practices in terms of the "bigger picture" or "data ecosystem." By considering all the elements, the maturity assessment framework can provide insights into the most and least mature dimensions, leading to a comprehensive understanding of the current state of data governance.
CONCLUSIONS
This paper reflects on the assessments carried across three distinct public sector contexts using a structured, multi-component framework. The findings demonstrate that, while foundational efforts are underway in all three cases, public sector data governance remains largely at the nascent to emerging stages of maturity. A key takeaway is the relative balance across the five pillars: Governance & Institutions, Value, Trust, Foundations, and Skills, with no component consistently reaching mature levels.
However, "Trust" emerged as the strongest pillar, highlighting the influence of regulatory efforts and cybersecurity measures, while "Foundations" and "Governance & Institutions" remained the weakest, underscoring persistent fragmentation, lack of coordination, and weak data infrastructure.
Crucially, the assessments surfaced methodological and systemic limitations. The reliance on donor-driven initiatives, the challenges in engaging public sector actors meaningfully, and the predominance of self-reported data raise concerns about sustainability and reliability. These challenges point to the need for greater institutional ownership, localized capacity-building, and investment in independent, regular assessments.
The paper also advocates for a more forward-looking and adaptive data governance framework: one that reflects the rapid pace of technological change driven by AI, big data, and digital transformation. While the piloted assessments covered foundational elements, a total of 24 sub-components across 5 pillars, the analysis reveals emerging needs for integrating additional sub-components such as AI literacy, alignment with global AI governance, knowledge representation systems (KRR, KOS, ontologies), and adaptive digital skills in future assessments. Thus, the improved framework contains 36 sub-components across 5 main pillars. Integrating these dimensions into future frameworks is essential to ensure that data governance remains robust, ethically grounded, and resilient in the face of emerging digital and algorithmic risks.
The results of this work contribute to the field by:
Situating public sector data governance within a structured maturity model.
Proposing an expanded framework responsive to technological and governance shifts.
Demonstrating the value of participatory and mixed methods approaches in uncovering deeper institutional behaviors and gaps.
In sum, data governance is not just a technical exercise but a strategic imperative.
For governments aiming to become truly data-driven and citizen-responsive, building coherent, inclusive, and future-ready governance structures is fundamental. This analysis serves as a practical and conceptual foundation for public institutions and development partners seeking to move from fragmented initiatives to systemic, high-impact data governance reforms.
Alhassan, I., Sammon, D., & Daly, M. (2016). Data governance activities: An analysis of the literature. Journal of Decision Systems, 25(sup1), 64-75. https://doi.org/10.1080/12460125.2016.1187397
Aristotle. (1941). The basic works of Aristotle. Random House. https://ia903202.us.archive.org/22/items/in.ernet.dli.2015.139375/2015.139375.The-Basic-Works-Of-Aristotle.pdf
Becker, J., Knackstedt, R., & Pöppelbuß, J.-M. (2009). Developing maturity models for IT management. Business & Information Systems Engineering, 1(3), 213-222. https://doi.org/10.1007/s12599-009-0044-5
Benfeldt, O., Persson, J. S., & Madsen, S. (2020). Data governance as a collective action problem. Information Systems Frontiers, 22, 299-313. https://doi.org/10.1007/s10796-019-09923-z
Bertalanffy, L. (1950). An outline of general system theory. British Journal for the Philosophy of Science, 1(2), 134-165. https://doi.org/10.1093/bjps/I.2.134
Bryson, J. M., Crosby, B. C., & Bloomberg, L. (2014). Public value governance: Moving beyond traditional public administration and the new public management. Public Administration Review, 74(4), 445-456. https://doi.org/10.1111/puar.12238
DAMA International (2017). The DAMA guide to the data management body of knowledge (DAMA-DMBOK) (2nd ed.). Technics Publications. https://dama.org/learning-resources/dama-data-management-body-of-knowledge-dmbok/
Data Excellence Strategy of the City of Vienna: Sub-strategy of City of Vienna’s Digital Agenda 2030 (2024). Municipal Department 01 – Vienna Digital. https://digitales.wien.gv.at/wp-content/uploads/sites/47/2024/12/2024_Strategie_DataExcellence_2.1_EN.pdf
Data governance@ (2021). Operational data governance framework. Stats NZ. https://data.govt.nz/toolkit/data-governance/odgf
Davies, T. (2022). Data Governance and the Datasphere: Literature Review. Geneva: Datasphere Initiative. https://www.thedatasphere.org/wp-content/uploads/2022/11/Data-governance-and-the-Datasphere-Literature-Review-2022.-Tim-Davies.pdf.
Davies, T. and Fumega, S. (2022). Global Data Barometer: Global Report (First Edition). ILDA. https://doi.org/10.5281/zenodo.6488349.
DiMaggio, P. J., & Powell, W. W. (1983). The iron cage revisited: Institutional isomorphism and collective rationality in organizational fields. American Sociological Review, 48(2), 147-160. https://doi.org/10.2307/2095101
Euclid (1956). The thirteen books of Euclid’s elements. Translated by T. L. Heath. Dover Publications. https://classicalliberalarts.com/resources/EUCLID_ENGLISH_1.pdf
European Commission (2020). A European strategy for data. https://commission.europa.eu/strategy-and-policy/priorities-2019-2024/europe-fit-digital-age/european-data-strategy_en
European Union (2016). Regulation (EU) 679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). Official Journal of the European Union, L 119, 1. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679
European Union (2024). Regulation (EU) 1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence and amending certain Union legislative acts (Artificial Intelligence Act). Official Journal of the European Union, L 1689, 12 July. https://eur-lex.europa.eu/eli/reg/2024/1689/oj
European Union. (2019). Directive (EU) 1024 of the European Parliament and of the Council of 20 June 2019 on open data and the re-use of public sector information. Official Journal of the European Union, L 172, 56. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32019L1024
Goessmann, C., Idele, P., Jauer, K., Loinig, M., Melamed, C., & Zak, T. (2023). Pulse of progress: The state of global SDG data in 2023. ETH Zurich & United Nations. https://doi.org/10.3929/ethz-b-000630718
Helmholtz, H. (1977). Epistemological writings: The Paul Hertz/Moritz Schlick centenary edition of 1977. Edited by R. S. Cohen & Y. Elkana. Publishing D. Reidel. https://link.springer.com/book/10.1007/978-94-010-1115-0
Holdsworth, J., & Kosinski, M. (2024, September 20). What is data governance? IBM https://www.ibm.com/think/topics/data-governance
Hooghe, L., & Marks, G. (2003). Unraveling the central state, but how? Types of multi-level governance. American Political Science Review, 97(2), 233-243. https://doi.org/10.1017/S0003055403000649
Jabes, B. (2020). How Airbnb Democratized Their Data to Empower Their Employees. Census Blog. https://www.getcensus.com/blog/how-airbnb-achieves-data-democratization-to-empower-5k-employees.
Janssen, M., Brous, P., Estevez, E., Barbosa, L. S., & Janowski, T. (2020). Data governance: Organizing data for trustworthy artificial intelligence. Government Information Quarterly, 37(3), 101493. https://doi.org/10.1016/j.giq.2020.101493
Marcucci, S., González Alarcón, N., Verhulst, S. G., & Wüllhorst, E. (2023). Informing the global data future: Benchmarking data governance frameworks. Data & Policy, 5, e30. https://doi.org/10.1017/dap.2023.24
Microsoft @ 2024. What Is Data Governance? Microsoft Fabric Resources – Data 101. https://www.microsoft.com/en-us/microsoft-fabric/resources/data-101/what-is-data-governance.
Ministry of Education Malaysia (2021). Education Data Governance Model. Ministry of Education. https://www.moe.gov.my/en/education/education-data-governance-model
Nawy, E. G. (2001). Fundamentals of high-performance concrete (2nd ed.). John Wiley & Sons. 464 p. ISBN: 978-0-471-38555-4.
Ooijen, van C., Ubaldi, B., & Welby, B. (2019). A data-driven public sector: Enabling the strategic use of data for productive, inclusive and trustworthy governance. Working Papers on Public Governance 33. OECD Publishing. https://doi.org/10.1787/09ab162c-en
OECD (2019). The path to becoming a data-driven public sector. OECD Digital Government Studies. OECD Publishing, Paris. https://doi.org/10.1787/059814a7-en
Russell, B. (1903). The principles of mathematics (Vol. I). Cambridge University Press. https://people.umass.edu/klement/pom/
Simpson, J. A., & Weiner, E. S. C. (1989). The Oxford English Dictionary (2nd ed. /). Clarendon Press: Oxford University Press.
The Economist @ (2017, May 6). The world’s most valuable resource is no longer oil, but data. https://www.economist.com/leaders/2017/05/06/the-worlds-most-valuable-resource-is-no-longer-oil-but-data
Trist, E. L., & Bamforth, K. W. (1951). Some social and psychological consequences of the longwall method of coal-getting. Human Relations, 4(1), 3-38. https://doi.org/10.1177/001872675100400101
U.S. Department of Health and Human Services (2021). Data governance in health policy: Stewardship and access frameworks. https://aspe.hhs.gov
United Nations @ (2015). Transforming our world: The 2030 Agenda for Sustainable Development (A/RES/70/1). United Nations. https://sdgs.un.org/2030agenda
World Bank (2015). Open Data Readiness Assessment. Methodology. World Bank. https://opendatatoolkit.worldbank.org/en/data/opendatatoolkit/odra
World Bank (2021). Open Data for Resilience Initiative: Field Guide. World Bank Group. https://documents.worldbank.org/en/publication/documents-reports/documentdetail/148921468158370376/open-data-for-resilience-initiative-field-guide