In 2019 I gave a talk about Power BI governance, back before ChatGPT, before Copilot, before Fabric, and before AI was in every conversation we have. In 2026 I gave more or less the same talk again, this time to a room at the Leeds Power BI User Group and various other groups too.
The fact that I could give nearly the same talk seven years later should tell you something.
Here is the thing I keep running into. Most of what we now call AI strategy is the data strategy we never finished, with a new name on it. I get pulled into the AI conversations all the time, and I very quickly end up back in the same place: definitions, ownership, semantic models, security, access control and trust, the building blocks of data governance. The same things we were talking about in Power BI governance or the data strategy years ago.
So, the principles have not changed, however, what has changed is the cost of skipping them.
Summary
Power BI governance is not a 2026 invention, and it is not really about AI. It is about building trust at scale: agreed definitions, well-built semantic models, clear ownership, sensible security and access control, and a controlled way of working that protects data quality and of course empowering end users. Those foundations mattered in 2019 and they matter more now, because AI, the push to be data-centric (even more), and Microsoft Fabric have all raised the stakes. AI in particular does not fix a weak foundation, it multiplies it. This blog is the overview of the governance framework I presented at Leeds, and it links to the more detailed blogs on each part.
Key takeaways
- The common Power BI challenges I saw in 2019 are the same ones I walk into in 2026. AI has not removed them, it has made the consequences bigger.
- Good governance is not red tape. It is how an organisation creates trust at scale and empowers its users.
- AI is a multiplier and by that I mean a strong foundation gets more useful, while a weak foundation gets more dangerous. Wrong answers now reach more people, faster, in a more convincing format.
- What I refer to as self-service deployment approaches: corporate BI, managed self-service and business-led self-service are not a hierarchy where one replaces the other. They operate as a spectrum, but in practice a team can build up to them like a ladder.
- The work is the same: the semantic model, the definitions, the security, the ownership, the upskilling, support and the process. The difference now is how quickly weak foundations get exposed.
The same challenges keep walking through the door
When I talk to data leaders and heads of BI, at organisations of every size, the conversation comes back to the same stuff: what revenue means versus sales, who owns what, why there are three versions of the same number, and why the BI team is drowning.
So here is the list I still find in a Power BI environment, with or without AI, in a big business or a small one. See how many you recognise.
- Lots of duplicate semantic models, and no real management of them.
- Thousands of reports nobody governs.
- No clear return on the Power BI investment.
- Conflict over the right numbers, because there are no agreed definitions.
- Security that was never properly considered or enabled.
- Lockdown used as the governance approach, which pushes people back to spreadsheets.
- A BI team that cannot cope with demand.
- No clear ownership of reports, models or workspaces.
- Inconsistent definitions across the business.
- No separation of development, test and production, so changes go straight to live.
- Users left without the right support.
- IT and the business pulling in different directions.
When I gave this talk in 2019, I showed almost the same list of challenges. Seven years later I walk into organisations and find the same things. That is not a criticism of those teams, it is the point. These problems are structural, and AI does not fix any of them, it just makes the consequences bigger. I wrote more about that growth outpacing governance in Power BI Grows Fast. But Has Your Governance Kept Up?
Why the foundations matter more now
If the challenges are the same, why bother saying they matter more? Three reasons.

AI and natural language: Almost every analytics tool now has a natural language interface of some kind, whether that is Copilot, Genie or something else in your stack. People can ask a question in plain English and get an answer back. That can be powerful, but it only works if the foundation underneath knows what the question means and can return the right answer.
The push to be data-centric: Every organisation I speak to wants to be data-driven, insight-led, whatever phrase they use, you know the one. But here is the honest bit... most aspire to it and very few have got there. The gap is usually not the tools, the licences or even the talent. It is whether the foundations are in place to support what leadership is asking for.
Microsoft Fabric: What we used to call Power BI is now one workload inside Microsoft Fabric, sitting alongside lakehouses, warehouses, real-time intelligence and AI agents, with OneLake underneath all of it. The governance challenge is no longer just the Power BI tenant, it is the wider Fabric environment, with more artefacts, more workloads, and more ownership and permission questions, which means more places for the foundations to be weak. If Fabric is new to you, I covered the basics in What Is Microsoft Fabric?
Put those three together, AI raising the demand on the foundations, data centricity raising the expectation, and Fabric expanding the surface area, and you can see why the same foundations matter more than they did in 2019.
AI is a multiplier, not a fix
This is the part I most want people to take away. AI does not fix your governance foundation, it scales it.
If the foundation is good, with correctly built models, clear definitions, security applied properly with row-level security (RLS) where it is needed, and clear ownership, then AI takes that and helps more people reach trusted answers faster. The foundation becomes more valuable.
If the foundation is weak, with conflicting definitions, poorly configured models, unclear ownership and limited training, AI does not magically correct it. It takes those weaknesses and puts them in front of more people, faster.
I have seen this play out for real. In one organisation, users were given AI access very quickly, too quickly if I am honest. The underlying model was not configured well enough, the business definitions were not clear enough and users had not really been trained on how to ask the right questions, interpret the answers, simply to use it!
So, they started getting answers across the organisation, but not always the right ones, and people began to lose trust and question the solutions. The issue was not just the technology, it was the governance around it: the model, the definitions, the configuration, the training and the rollout all mattered.
There are three reasons a weak foundation costs more once AI sits on top:
- Reach: Answers that used to sit inside a report are now reachable by anyone who can ask a question.
- Speed: Those answers come back quickly, so if the definition or the measure is wrong, the wrong answer travels faster.
- False authority: AI sounds confident, even when it is wrong, and people are more likely to trust something before they question it.
To be clear, AI is not the problem and I am not knocking it - at Metis BI we use AI, a lot to add value for ourselves and our customers. The problem is weak foundations being exposed to more people, faster, in a more convincing format. I go deeper into this in Power BI Semantic Model and Why It Matters More in the Age of AI, because the semantic model is where a lot of this is won or lost.
Governance is not just rules for the sake of it
Before we get into the framework, it is worth being clear about what governance is for, because the word has a bad reputation.
Governance is not just paperwork, lockdown or a compliance checkbox. When it is done well, it is simply how an organisation creates trust at scale. It is what lets a finance leader open a report or dashboard and believe the number, what lets a self-service author build something without breaking everyone else's figures and what lets you put AI in front of the business without quietly handing out wrong answers.
If governance only ever feels like restriction, people work around it. They export, they copy, they rebuild in Excel, they find another route. Now here is something many need to hear... Most of the time they are not trying to cause chaos, they are trying to answer a business question and do their job. That's it! So, the job is not to block movement, it is to build a safer route. I wrote about that balance in Power BI Governance: Balancing Control and Self-Service for Adoption
Three deployment approaches, and why they build like a ladder
Microsoft describes three approaches to how Power BI content is owned and managed: enterprise BI (Corporate BI), managed self-service and business-led self-service. They describe who owns the semantic models and who owns the reports, not three separate ways of running the platform.

Before I describe each one, a quick word on where this comes from. The definitions are Microsoft's, and they are a solid starting point. What I add around them comes from delivering this work for real. The way I put it to clients is that Microsoft's documentation, especially on governance and rollout, is the starting point, not the finished plan. It tells you what good looks like, but how you apply it depends on the organisation in front of you. So the descriptions below stay true to Microsoft's model, and the judgement on top, when to use which and how far to take it is expanded.
- Corporate BI: semantic models and reports owned and managed by a central data team, so think BI team, any other data team, or IT - really depends on each organisation. Offers most governance, least flexibility. The business are pure report consumers here.
- Managed self-service: semantic models still owned and managed by the central data team. However, more flexibility now offered to the business. Report development enabled on top underlying semantic models, inside the right guardrails, so think one trusted data layer with self-service reporting built on it. Balances governance and flexibility. The business are report authors here, building on certified models they do not own.
- Business-led self-service: semantic models and reports both owned and managed by the business. This can be described as the least "strict" governance, highest level of flexibility. With that said though, the central data team still sets guardrails and maintains existing governance. This approach needs to be considered carefully.
Again, to be super clear... Microsoft does not present these as a ladder. In the Fabric adoption roadmap they are described as three valid strategies that an organisation operates across, often several at once, with no hierarchy and no one-size-fits-all. That is fair, and some areas of a business should stay on Corporate BI, which can be exactly the right call.
But from the work I do, and helping organisations with Power BI Governance more many years, I see a clear pattern. It is usually right to begin at Corporate BI and lay the foundation there, then move to managed self-service when the organisation is ready for it and without huge delay. So while these approaches operate as a spectrum, in practice they build as a ladder (in my opinion). You do not jump to the right because it sounds mature, you move when the need is real and the foundations underneath are strong enough to carry it. I will go into this properly in a dedicated blog on the deployment approaches.
The foundations themselves
The rest of the Leeds talk was the practical part: what needs to be in place. I split it into the foundation you set in the Corporate BI stage, and the flexibility you add in managed self-service.
The foundation (Corporate BI): this is the discipline at the core.
- Executive support, because without backing from the top there is no authority or accountability to hold the line.
- Trust, security and classification, with the right permissions and sensitivity labels that travel with sensitive information, where the platform's reputation is made or lost.
- A framework of workspaces, apps and audiences, so the estate has a structure instead of designing itself.
- Well-built, certified semantic models, aligned to a star schema, with human-readable names and proper descriptions. See Data Modelling in Power BI.
- A data dictionary, so the business agrees once what the numbers mean, which is where consistency and data quality really begin.
- Version control and lifecycle management, with deployment pipelines moving content from development to production, so change is controlled rather than risky.
- A Centre of Excellence that turns governance policies into practical ways of working, and gives data owners and data stewards a home.

The flexibility (managed self-service): this is what you add once the foundation holds.
- Report author champions, the people who help self-service work safely.
- An internal portal for guidance, support and community.
- Training by persona, because access is not the same as adoption. More on that in Why Your Report Developers Need More Than Just Technical Training.
- Controlled rollout: pilot, prove value, then scale.
- Auditing and monitoring, using usage metrics to spot what is unused or risky, so governance does not quietly drift.
- Copilot readiness, treated as a governance checkpoint rather than a switch you flip. I covered this in detail in Is Your Power BI Copilot Setup Business Ready?

These factors are not random, and they are not a checklist to rush. They slot into the deployment approach you are operating in, and most of them depend on the ones before them.
What this means for you
If you take one thing away, make it this: the state of your foundation matters more than the shine of whatever sits on top of it. A polished dashboard or a confident Copilot answer tells you nothing about whether the data underneath is right. Start with the foundation.
Are your key measures defined once, clearly and owned by someone? Is the semantic model built with some discipline or is it carrying years of shortcuts? Do people know which content is trusted and which is not? Is change controlled or does someone download a file, edit it and republish over the top? Plus, when you give people access, are you actually enabling them, with training, a place to ask questions and someone to turn to, or just handing over a licence and hoping? Those are governance questions, and they decide whether everything you layer on next, self-service or AI, stands on something solid or inherits the problem.
None of this became important because AI arrived. It was already important. AI has just made the consequences of getting it wrong much more obvious, and much more immediate.
How Metis BI helps
This is the work we do. We help organisations slow the conversation down just enough to get the foundations right before more reporting or AI gets stacked on top. That means running the right workshops, agreeing the business definitions and best practices, structuring the semantic models properly and carrying that thinking through from design into build, rollout and ongoing support.
If you want a clear read on where your estate stands today, our Power BI and Microsoft Fabric governance assessment is a good place to start.
The factors have not changed. The cost of skipping them has. Governance in 2019 was about trust. In 2026 it is about trust at the speed of AI.
.png)


.png)
.png)
