FULL REPORT — 27 PAGES
What's
Inside
8 SECTOR DEEP-DIVES
6 REGULATORY FRAMEWORKS
DORA
EU AI Act
NIS2
GDPR
EU Data Act
eIDAS 2.0
99 ORGANISATIONS SCORED
ING Group · ABN AMRO · Deutsche Bank · BNP Paribas · Barclays
Roche · Novo Nordisk · AstraZeneca · Novartis · Sanofi · Bayer
SAP · ASML · Siemens · Philips · Nokia · Booking.com · Spotify
Shell · TotalEnergies · Iberdrola · Enel · E.ON · Vattenfall
Maersk · Deutsche Telekom · Vodafone · Orange · Ahold Delhaize
WHEN ENFORCEMENT FAILS · REAL CONSEQUENCES
When Enforcement
Fails: Real Consequences
The enforcement gap is not abstract. When data definitions drift silently and no system halts the pipeline, the consequences are physical, financial, and regulatory.
SCENARIO 01 · AVIATION
Airport Gate Gridlock
SETUP AI optimises gate assignments based on Aircraft_Turnaround_Time. A data engineer silently excludes refuelling delays from the definition.
CONSEQUENCE AI double-books gates. Tarmac gridlock. Safety buffers violated. Dashboard shows green. ODGS: Hash mismatch → Hard Stop.
SCENARIO 02 · LOGISTICS
Hazardous Cargo Misroute
SETUP Routing agent diverts cargo by Hazard_Class_Index. Upstream ERP silently drops a chemical code from "Hazardous."
CONSEQUENCE Volatile chemicals routed through residential zone. EU transport laws violated. Compliance records no anomaly. ODGS: Missing code detected → Routing halted.
SCENARIO 03 · FINANCIAL SERVICES
€50M Credit Over-Leverage
SETUP Algo trading evaluates risk via Net_Available_Liquidity. New API silently includes unvested stock options in the calculation.
CONSEQUENCE Institution over-leveraged by €50M on inflated liquidity. Risk dashboard reports normal. ODGS: Formula change blocked. DORA log generated.
THE PATTERN
Policy existed. Dashboard was green. System chose silence over error.
EXECUTIVE SUMMARY
The Problem,
By the Numbers
38%
Avg. Maturity
0
Reached Level 5
23pts
Enforcement Gap
8
Pillars Scored
99
Organisations
6
EU Regulations
THE KEY INSIGHT
Data governance today works like a speed limit sign with no cameras and no police. Under DORA, NIS2, and the EU AI Act, "assumed compliance" is no longer legally sufficient.
WHAT WE MEASURED ACROSS 99 ORGANISATIONS
The 23-point gap between "policy exists" (61%) and "policy enforced" (38%) represents the systemic risk EU regulators are now targeting.
BOTTOM LINE
European enterprises govern by document. Zero can prove enforcement in their pipelines.
METHODOLOGY · HOW WE MEASURED IT
How We
Measured It
This benchmark evaluates 99 European enterprises across 8 sectors. We analysed over 400 public disclosures, vendor agreements, and governance frameworks using the Open Data Governance Standard maturity model.
SAMPLE DISTRIBUTION (N=99)
Evaluation Criteria
Scores are not based on self-reported compliance. We measured machine-verifiable policies, automated quality enforcement, and metadata integrity across operational systems.
5-Point Maturity Scale
Level 1 (Ad Hoc) → Level 5 (Optimised) across 8 pillars aligned to DAMA DMBOK: Governance Foundations, Quality Enforcement, Operational Readiness, Metadata Integrity, Adoption, Certification & Trust, and Bridge Connectivity.
806-Point Cross-Reference
Each of 199 governance artefacts cross-referenced to APQC, CDMC, BIAN, and DAMA DMBOK — typically 3–6 months of manual consulting effort, reproduced programmatically.
REPRODUCIBILITY
Run
odgs maturity audit against any public governance artefacts. Apache-2.0.DATA SOURCES
Public filings, ESG disclosures, vendor agreements, ISO/SOC certifications, regulatory enforcement actions.
OPEN SOURCE
Every score is machine-generated and reproducible. No self-reported data. Apache-2.0 licensed.