Data Governance for Sustainable AI in Organizations: A Benchmarkability-First Capability Model, Evidence Map, and Marketplace Microdata Demonstration

preprint OA: closed
Full text JSON View at publisher
AI-generated deep summary by claude@2026-06, 2026-06-24 · read from full text

This paper proposes a benchmarkability-first data governance framework for sustainable (green) AI, defining a 12-capability DG-SA model with evidence-oriented artifacts and mapping 18 influential standards and frameworks to these capabilities using a conservative evidence-coding protocol. Across 54 survey items, only 13 (24.1%) could be defensibly benchmarked with authenticated public/open-data proxies, highlighting a key limitation that external benchmarking is often not feasible with currently available data. To address this, the authors demonstrate a marketplace microdata approach in which cloud-distributed energy microdata are joined with region-specific electricity carbon-intensity data to produce audit-ready sustainability KPIs, noting that carbon intensity varied by ~17× across common regions in a 2024 illustrative comparison. This paper does not explicitly discuss endometriosis or adenomyosis; it was included in the corpus via a keyword match in the upstream search index.

Read from the paper's body, not the abstract. Not a substitute for reading the paper. No clinical advice. How this works

Full text 169,532 characters · extracted from preprint-html · click to expand
Data Governance for Sustainable AI in Organizations: A Benchmarkability-First Capability Model, Evidence Map, and Marketplace Microdata Demonstration | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article Data Governance for Sustainable AI in Organizations: A Benchmarkability-First Capability Model, Evidence Map, and Marketplace Microdata Demonstration Tirupathi Rao Dockara This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-8734900/v1 This work is licensed under a CC BY 4.0 License Status: Posted Version 1 posted You are reading this latest preprint version Abstract Sustainable AI requires more than ethical principles: organizations need measurable, auditable governance that links data controls, model lifecycle evidence, and operational monitoring to sustainability outcomes. This paper advances a measurement-first approach by (i) defining a 12-capability Data Governance for Sustainable AI (DG-SA) model with implementable evidence artifacts, (ii) mapping 18 influential standards, academic artifacts, and corporate frameworks to DG-SA using a conservative evidence-based coding protocol, and (iii) quantifying an open benchmarkability ratio over 54 governance survey items. Empirically, only 13 of 54 items (24.1%) admit defensible public/open-data proxy benchmarking, revealing a practical gap between what governance frameworks prescribe and what can be benchmarked externally. To address this gap, we incorporate a marketplace microdata pathway and demonstrate—using publicly available energy microdata distributed via cloud marketplaces—how joining governed AI telemetry with region-specific electricity carbon-intensity data yields audit-ready sustainability KPIs. In an illustrative cloud-region comparison for 2024, carbon intensity varies by approximately 17× across common regions, underscoring the need for governance-grade measurement conventions. We further provide a lifecycle operating model, dashboard blueprint, and minimum evidence pack (dashboards, runbooks, and decision gates) to make DG-SA actionable in production settings. The resulting artifacts translate sustainable AI governance from principle lists into testable, reproducible constructs and operational controls. Artificial Intelligence and Machine Learning Computer Architecture and Engineering Software Engineering Information Retrieval and Management Data governance sustainable AI responsible AI AI governance benchmarkability evidence maps marketplace microdata carbon intensity monitoring and drift Green AI Figures Figure 1 Figure 2 Figure 3 Figure 4 Figure 5 Figure 6 Figure 7 Figure 8 Figure 9 I. INTRODUCTION Organizations are rapidly operationalizing AI for decision support, automation, and user-facing experiences. At the same time, regulators and stakeholders increasingly expect AI to be safe, accountable, and environmentally responsible. While ethical AI principles are widely published, they often do not translate into measurable practices that can be audited and improved over time. This gap is especially visible for sustainable (or Green) AI, where energy and carbon impacts are discussed extensively but measured inconsistently across organizations [ 1 ], [ 2 ]. Data governance provides a natural operational foundation for sustainable AI because AI systems are ultimately built on data pipelines, data controls, and evidence trails. Classical data governance literature emphasizes decision rights and control mechanisms [ 3 ], [ 4 ]. Contemporary AI governance standards extend these ideas with risk assessment, monitoring, and incident response expectations (e.g., NIST AI RMF [ 5 ], ISO/IEC guidance [ 6 ], [ 7 ]). Regulatory regimes such as GDPR [ 10 ] and the EU AI Act [ 11 ] further raise the bar for transparency, auditability, and lifecycle accountability. However, two practical problems remain under-addressed. First, governance guidance is uneven: some capabilities are thoroughly specified (e.g., privacy and auditability), while others that matter for sustainable AI (e.g., energy measurement and drift surveillance) are treated lightly. Second, even when governance practices are recommended, they are difficult to benchmark externally because public and open data rarely provide comparable measures. Without benchmarkability, governance often becomes a compliance checklist rather than an improvement loop. This work introduces a measurement-first governance approach for sustainable AI. It contributes not only a capability model, but also an evidence map and an explicit analysis of what can (and cannot) be benchmarked using public/open data. This combination is designed to move the topic from policy-level description to research-grade, testable constructs and empirical analysis. Research questions (RQs) guiding the study are : RQ1 : What minimum set of governance capabilities is required to operationalize sustainable AI in organizations? RQ2 : How well do influential standards, academic artifacts, and corporate/platform frameworks cover these capabilities? RQ3 : To what extent can governance capabilities be benchmarked using authenticated public/open data proxies and primary marketplace datasets? RQ4 : What lifecycle operating model and minimum evidence pack make these capabilities actionable in engineering delivery and operations? Contributions : C1 : DG-SA, a 12-dimension capability model with evidence-oriented definitions and implementable artifacts. C2 : An evidence map of 18 sources (6 standards/policy, 6 academic artifacts, 6 corporate/platform sources) coded against DG-SA. C3 : An open benchmarkability analysis of 54 survey items, showing that only 13/54 items (24.1%) admit external benchmarking via authenticated public proxies. C4 : A lifecycle operating model, dashboard blueprint, and minimum evidence pack that translate governance requirements into delivery and operations. Novelty statement : Benchmarkability-first governance : DG-SA is explicitly defined in terms of observable evidence, and we operationalize governance progress via an open benchmarkability ratio rather than principle compliance. Marketplace microdata augmentation : we empirically demonstrate how cloud-marketplace microdata (electricity carbon intensity) can be joined with governed AI telemetry to produce audit-ready sustainability KPIs that are otherwise weakly benchmarkable via public surveys. Operationalization : we provide a lifecycle operating model and minimum evidence pack that converts sustainable AI governance into implementable engineering controls (gates, dashboards, and runbooks). II. RELATED WORK AND CONCEPTUAL FOUNDATIONS This section synthesizes four streams of work that motivate DG-SA: data governance as organizational control, AI governance as risk and assurance, sustainable AI measurement, and evidence-based benchmarking. A. Data governance as control and accountability . IT and data governance research emphasize decision rights, accountabilities, and measurable controls as prerequisites for reliable enterprise systems [ 3 ], [ 4 ]. In AI settings, these ideas extend beyond data stewardship to include traceability of model decisions and accountability for downstream impacts. B. AI governance frameworks and assurance artifacts. Major standards’ bodies and policy institutions provide AI governance guidance, including NIST AI RMF [ 5 ], ISO/IEC risk management guidance [ 6 ], ISO/IEC AI management systems [ 7 ], and international policy principles [ 8 ], [ 9 ]. Industry frameworks, such as the Microsoft Responsible AI Standard [ 20 ] and IBM’s Everyday Ethics for AI resources [ 22 ], complement standards with organization-level process controls and templates. Academic work argues that principles alone are insufficient without enforceable mechanisms and evidence [ 18 ]. Complementary artifact-based approaches such as Datasheets for Datasets [ 14 ] and Model Cards [ 15 ]-provide practical documentation structures, while algorithmic auditing frameworks formalize internal assurance processes [ 16 ], [ 17 ]. C. Sustainable AI and measurement. Green AI calls for efficiency and transparent reporting of AI resource use [ 1 ]. Empirical studies highlight energy and policy trade-offs in model development and inference [ 2 ], propose systematic reporting practices for energy and carbon footprints [ 12 ], [ 13 ]. Yet, sustainability metrics are often measured inconsistently across organizations, limiting comparability and cross-sector learning. D. Benchmarking and evidence-based governance . Benchmarking is central to continuous improvement, but governance benchmarkability requires measurable constructs and comparable data. Many governance indicators are internal by nature (e.g., incident response maturity), which limits public evaluation. This motivates an explicit benchmarkability analysis: a governance model should disclose which aspects can be openly benchmarked and which require internal evidence packs. III. DG-SA CAPABILITY MODEL DG-SA is defined as a capability model that specifies governance dimensions using evidence-oriented criteria. A capability is considered operational only when it can be demonstrated through artifacts, logs, tests, policies, or measurable controls rather than aspirational principles. The 12 DG-SA capabilities are provided in Table I. TABLE I. DG-SA Capability Codebook Capability dimension Evidence-oriented definition (paraphrased) DataQuality Defined data quality dimensions, validation, and stewardship for AI‑relevant datasets. Lineage End‑to‑end lineage and versioned retention for datasets, features, prompts, and model artifacts; reproducibility of the pipeline. AccessControl Role‑based access, least privilege, segregation of duties for data/model operations. Privacy PII handling, consent, minimization, retention, and privacy‑preserving techniques. ModelDocumentation Model cards, intended use, limitations, versioning, and change history. EvaluationBenchmarking Benchmark suites, stress tests, red‑team tests, and acceptance thresholds. MonitoringDrift Runtime monitoring for performance, drift, bias, and anomaly detection with alert thresholds. HumanOversight Human‑in‑the‑loop control mechanisms, approvals, escalation paths, and override mechanisms. RiskAssessment Formal risk classification, hazard analysis, and mitigation control mechanisms across lifecycle. SustainabilityEnergy Energy/carbon measurement, efficiency targets, and sustainable compute policies. Auditability Immutable logs, traceability, and evidence packs to support audits and accountability. IncidentResponse Incident detection, triage, containment, post‑mortems, and continuous improvement loops. A. DG-SA as an extension of classical data governance. DG-SA retains foundational data governance controls (e.g., data quality, privacy, access control) while adding AI-specific governance needs such as model documentation, evaluation benchmarking, drift monitoring, human oversight, and sustainability/energy management. Table III summarizes the foundational vs. AI-specific extension view, while Table II provides an overview of the study artifacts and datasets used in this work. TABLE II. Study Artifacts and Datasets Artifact Description Scope/size Coded corpus Secondary sources (standards, academic, corporate) coded against 12 governance capabilities n = 18 Capability codebook Operational definitions for the 12 capabilities used for coding n = 12 Public/open benchmark mapping Proxy indicators mapped to selected governance survey items from publicly available surveys/reports n = 31 datapoints Survey instrument items 54 governance items used to assess what is measurable from public benchmarks n = 54 Benchmark mapping dataset (public/open) 31 proxy datapoints mapped to 13 survey items; includes URLs, dates, and notes 31 rows; 13 items; 7 sources Coded corpus matrix Binary coding matrix used for coverage analysis (18×12) 18 sources × 12 capabilities TABLE III. DG-SA Capabilities: Foundational vs AI-Specific Extensions Category Capability AI-specific rationale Foundational DG DataQuality Quality controls, validation, and error handling for data feeding AI. Foundational DG AccessControl Least privilege, RBAC, and data/model access enforcement. Foundational DG Privacy PII minimization, lawful basis, and privacy-by-design controls. Foundational DG Auditability Immutable logs, lineage, traceability, and audit trails. Cross-cutting RiskAssessment Risk classification for AI use (incl. safety, bias, compliance). AI-specific extension ModelDocumentation Model cards, intended use, limitations, training data provenance. AI-specific extension EvaluationBenchmarking Pre-deploy and regression benchmarking with acceptance thresholds. AI-specific extension MonitoringDrift Runtime surveillance of performance/quality drift and data shifts. AI-specific extension HumanOversight Human-in-the-loop triggers, approvals, and override controls. AI-specific extension IncidentResponse AI incident handling, escalation, containment, and postmortems. AI-specific extension Lineage Versioned datasets/models, retention policies, reproducibility. AI-specific extension SustainabilityEnergy Energy/carbon measurement, efficiency targets, and reporting. B. Positioning relative to NIST/ISO governance. DG-SA is designed to be complementary to risk management and management systems standards. NIST AI RMF emphasizes high-level functions (govern–map–measure–manage) [ 5 ], while ISO/IEC 42001 formalizes management system requirements [ 7 ]. DG-SA focuses on capability-level evidence that can be implemented and measured, thereby providing an operational layer that can be mapped to these frameworks. Table IV provides a high-level mapping to clarify this relationship. TABLE IV. Illustrative Mapping: DG-SA to NIST AI RMF and ISO/IEC 42001 Concepts DG-SA capability NIST AI RMF function(s) ISO/IEC 42001 concept Example evidence artifacts RiskAssessment MAP / MEASURE Risk identification and measurement AI impact/risk assessments, risk registers Privacy GOVERN / MANAGE Policy + controls PII controls, DPIA where applicable Auditability GOVERN / MANAGE Accountability and traceability Audit logs, trace IDs, evidence retention ModelDocumentation MAP System context and documentation Model cards, intended use + limitations EvaluationBenchmarking MEASURE Testing and validation Benchmark suites, acceptance thresholds MonitoringDrift MANAGE Ongoing monitoring Drift dashboards, alerts, rollback criteria HumanOversight GOVERN / MANAGE Human accountability HIL triggers, approvals, overrides SustainabilityEnergy MEASURE Sustainability measurement Energy/carbon reporting, efficiency KPIs IV. RESEARCH DESIGN AND METHODS The study is a mixed conceptual–empirical design. Conceptually, DG-SA is developed by consolidating governance and sustainable AI requirements into evidence-based capability definitions. Empirically, we (i) code a curated corpus of influential sources against DG-SA and (ii) test the public benchmarkability of governance survey items via open proxy mapping. A. Corpus selection (coded evidence corpus). We constructed a corpus of 18 sources spanning standards/policy, academic research artifacts, and corporate frameworks. The selection objective was not exhaustive, but influence and coverage: documents were included if they are widely referenced, officially adopted, or provide reusable governance mechanisms for organizational AI. Searches and shortlisting were conducted across standards’ repositories (NIST, ISO, OECD, UNESCO, EU), academic indexes (Google Scholar, IEEE Xplore, ACM DL), and corporate governance publications. Inclusion criteria required: (i) organizational applicability (controls, processes, or assurance artifacts), (ii) explicit relevance to AI governance or data governance in AI contexts, (iii) public accessibility, and (iv) sufficient specificity to evaluate evidence requirements. To reduce selection bias, the coded corpus was balanced across source types (6 standards/policy, 6 academic artifacts, and 6 corporate/platform sources), selected for prominence and practical relevance to implementable governance. The corpus includes, for example, NIST AI RMF [ 5 ], ISO standards [ 6 ], [ 7 ], and international policy guidance [ 8 ], [ 9 ], [ 11 ]; academic evidence artifacts such as Datasheets and Model Cards [ 14 ], [ 15 ] together with auditing and verifiable-claims mechanisms [ 16 ], [ 17 ]; and corporate/platform operational guidance including the Microsoft Responsible AI Standard [ 20 ], Google’s AI responsibility lifecycle [ 32 ], AWS responsible AI guidance [ 33 ], and cloud data-exchange documentation (AWS Data Exchange [ 34 ], Snowflake Marketplace [ 35 ], and BigQuery sharing/Analytics Hub [ 36 ]). TABLE V. Coded Evidence Corpus (N = 18) and DG-SA Coverage Ratios ID Year Type Source title (short) Coverage count (0–12) Coverage ratio (%) A1 2010 Academic Designing data governance (Khatri & Brown) [ 4 ] 3/12 25.0 A2 2019 Academic Model Cards for Model Reporting (Mitchell et al.) [ 15 ] 3/12 25.0 A3 2021 Academic Datasheets for Datasets (Gebru et al.) [ 14 ] 3/12 25.0 A4 2020 Academic Closing the AI accountability gap: internal algorithmic auditing (Raji et al.) [ 16 ] 10/12 83.3 A5 2020 Academic Toward trustworthy AI development: mechanisms for supporting verifiable claims (Brundage et al.) [ 17 ] 10/12 83.3 A6 2020 Academic Green AI (Schwartz et al.) [ 1 ] 3/12 25.0 C1 2022 Corporate Microsoft Responsible AI Standard v2 (General Requirements) [ 20 ] 11/12 91.7 C2 2024 Corporate End-to-end responsibility: A lifecycle approach to AI (Google) [ 32 ] 8/12 66.7 C3 2024 Corporate AWS Responsible Use of AI Guide [ 33 ] 10/12 83.3 C4 2025 Corporate AWS Data Exchange User Guide (Overview/Subscribing) [ 34 ] 2/12 16.7 C5 2026 Corporate Snowflake Marketplace and Listings Documentation [ 35 ] 3/12 25.0 C6 2026 Corporate BigQuery sharing (formerly Analytics Hub) Documentation [ 36 ] 3/12 25.0 S1 2023 Standards NIST AI Risk Management Framework 1.0 [ 5 ] 11/12 91.7 S2 2023 Standards ISO/IEC 23894:2023 AI risk management guidance [ 6 ] 10/12 83.3 S3 2023 Standards ISO/IEC 42001:2023 AI management system [ 7 ] 9/12 75.0 S4 2019 Standards OECD Recommendation on Artificial Intelligence [ 8 ] 2/12 16.7 S5 2021 Standards UNESCO Recommendation on the Ethics of Artificial Intelligence [ 9 ] 5/12 41.7 S6 2024 Standards EU Artificial Intelligence Act [ 11 ] 11/12 91.7 B. Coding protocol and operational decision rule. Each source was coded across the 12 DG-SA capabilities using a conservative, evidence-based rule: a capability was marked present (1) only when the source specified implementable controls or required evidence (e.g., artifacts, tests, logs, documentation structures, monitoring expectations). Merely stating a principle without operationalization was coded as absent (0). This rule mitigates inflation of coverage that can occur when principle lists are treated as equivalent to implementation guidance. Coding was conducted at the document level (unit of analysis = source), with a maintained coding log to make decisions reviewable. Inter-rater reliability and reproducibility: the present evidence map was produced by a single coder. To make the analysis reviewable, we provide (i) an operationalized codebook (Table I), (ii) the complete 18×12 binary coding matrix and source metadata (Appendix D), and (iii) explicit decision rules that prioritize implementable evidence over principle statements. These artifacts enable replication and independent multi-coder reliability assessment as a straightforward extension for future work (Section X). C. Benchmarkability mapping protocol. We evaluated benchmarkability for 54 governance survey items (developed to measure DG-SA capabilities). For each item, we attempted to identify a public/open-data proxy that could serve as an external benchmark. Searches were performed between Dec. 2024 and Nov. 2025 using query patterns that combined each construct with terms such as "benchmark", "survey", "adoption rate", "coverage", "maturity", and "observability". A proxy was accepted when it (i) measured an organization-level practice/outcome close to the survey construct, (ii) provided an explicit numeric or clearly bounded estimate, (iii) identified the source organization and reporting year, and (iv) allowed documentation of scope and assumptions. Each mapping was assessed as direct or approximate (Appendix A2), reflecting conceptual distance between the proxy and the survey item. Publication bias is a known risk in open benchmarking: public surveys tend to over-represent large organizations and consultancies. We therefore treat the benchmarkability dataset as exploratory and emphasize transparent reporting of proxy limitations. The benchmark dataset uses sources such as ISACA [ 23 ], Precisely [ 24 ], EY [ 25 ], Dresner [ 26 ], TDAN [ 27 ], Fastly [ 28 ], the AI Incident Database [ 29 ], and McKinsey [ 30 ], [ 31 ]. Proxy provenance/authentication. Public proxy statistics are frequently re-posted across reports and blogs, which can obscure the original survey instrument, sample, and fielding period. To strengthen validity, we authenticate each public proxy against its primary source wherever possible (e.g., the original report PDF or survey owner’s publication) and record (i) sampling frame and respondent profile, (ii) sample size, geography, and fielding dates, (iii) question wording (when available), and (iv) licensing/reuse constraints. We summarize this provenance information and assign an authentication tier in Appendix C (Table C2 ). Primary-data pathway via data exchanges. Where public proxies are absent or too coarse, we propose augmenting benchmarkability using primary datasets accessible through cloud data exchanges and marketplaces-including AWS Data Exchange [ 34 ], Snowflake Marketplace [ 35 ], and BigQuery sharing/Analytics Hub [ 36 ]-as well as comparable marketplaces (e.g., Databricks Marketplace [ 37 ] and Azure Data Share [ 38 ]). These exchanges enable licensed access to structured organizational and ecosystem data (e.g., ESG disclosures, corporate filings, job postings, vulnerability feeds, and energy/carbon intensity datasets) that can operationalize DG-SA indicators with higher resolution and auditability (Appendix C, Table C1). Section VIII provides an empirical demonstration of this pathway using marketplace-distributed electricity carbon-intensity microdata (OWID/Ember) joined with governed AI telemetry to compute an auditable footprint KPI. TABLE VI. DG-SA Dashboard Blueprint (Illustrative) Dashboard layer Example indicators Decision trigger (example) Governance compliance Artifact completeness (%), model card coverage, dataset lineage present/absent Block release if required evidence pack is incomplete Runtime trust & safety Drift score, policy violations, incident rate, human override rate Escalate to review board if incident rate exceeds threshold Sustainability & efficiency Energy per training run, cost per 1K inferences, utilization, carbon intensity (if available) Require efficiency review if energy per inference increases > X% QoQ TABLE VII. Benchmarkable Survey Items and Proxy Coverage (N = 13) Question ID Survey item (short) # Sources # Datapoints Q10 Formal data governance exists in my organization (single select): Yes; In progress; … 3 3 Q11 Formal AI governance exists in my organization (single select): Yes; In progress; No. 2 3 Q13 We have an ethics review board / model risk committee that reviews AI use cases (Yes… 1 2 Q16 Estimated monitoring coverage across deployed AI systems (0–100%). 1 2 Q19 Cross-functional training frequency for governance/responsible AI topics (single sel… 1 3 Q25 Our organization has a defined ethical AI framework that is used in delivery. 1 1 Q39 Energy use is measured per training/inference job. 1 1 Q4 AI adoption stage (single select): Exploring; Pilot; Production; Scaling. 1 3 Q41 Green training practices are used (e.g., efficient architectures, scheduling, hardwa… 1 1 Q46 Estimated reduction in data quality issues after governance (%). 1 1 Q48 Estimated reduction in training energy after efficiency/governance interventions (%). 1 2 Q51 Alignment of AI work with sustainability targets (Likert 1–5). 1 3 Q52 Top challenge (single select): Fragmented standards; Skill gaps; Tooling gaps; Data … 3 6 D. Statistical treatment. Our analysis is primarily descriptive. Coverage counts and ratios are computed per capability and per source. To explore whether coverage improves over time, we compute Pearson correlation between publication year and source coverage ratio, reporting r, p-value, and a 95% confidence interval; this is explicitly treated as exploratory because N = 18 is small. For benchmarkable items, we report proxy ranges and medians (Fig. 6 ) and provide numeric summaries in text to avoid purely qualitative range descriptions. V. RESULTS A. Capability coverage across the coded corpus. Figure 3 summarizes how frequently each DG-SA capability is operationalized across the 18-source corpus. Auditability is the most consistently evidenced capability (15/18 sources), followed by Privacy (13/18) and Human Oversight (12/18). Data Quality and Risk Assessment are each evidenced in 11/18 sources, while Access Control, Model Documentation, and Evaluation/Benchmarking each appear in 10/18 sources. Monitoring/Drift and Incident Response are each operationalized in 9/18 sources. Two capability dimensions remain notably under-specified: Lineage (5/18) and Sustainability/Energy (2/18). This pattern suggests that most influential frameworks provide substantial guidance for compliance-critical controls, but far fewer provide implementable evidence for end-to-end traceability and environmental sustainability. B. Coverage by source type. Figure 4 reports the mean DG-SA coverage ratio by source type. Standards/policy sources have the highest mean coverage (66.7%), followed by corporate/platform sources (51.4%), and academic artifacts (44.4%). The higher standards coverage is driven by comprehensive, multi-domain requirements (e.g., NIST AI RMF and the EU AI Act), while principle-only sources contribute fewer evidence-oriented controls. Academic artifacts tend to be deep in a small subset of capabilities (e.g., documentation, auditing, or sustainability), rather than broad across the full DG-SA set. C. Temporal trend (exploratory). Figure 5 plots DG-SA coverage ratio against publication year. The Pearson correlation is r = 0.22 (n = 18, p = 0.372; 95% CI [-0.27, 0.63]). The direction is weakly positive but not statistically distinguishable from zero at conventional thresholds, reinforcing that gaps (especially sustainability/energy and lineage) persist even in recent governance sources. D. Open benchmarkability ratio. Table VII reports that 13 of 54 governance survey items (24.1%) can be mapped to public/open-data proxies with sufficient specificity for external benchmarking. To avoid treating secondary re-publications as primary evidence, we authenticate proxy sources where possible and record sampling and methodological metadata (Appendix C). The low benchmarkability ratio indicates that most governance constructs are currently measured internally (or qualitatively), rather than through externally observable indicators; this motivates the data-exchange primary-data pathway described in Section IV.C and Appendix C. E. Range behavior for benchmarkable items. For items with percent-like numeric proxies (Fig. 6 ), dispersion is substantial for several constructs (e.g., Q10 ranges from 31% to 71% across sources). Even when medians are stable, ranges often reflect differences in survey framing, geography, and respondent roles. This reinforces the need to report provenance and to prefer primary microdata (or traceable marketplace datasets) when converting survey results into benchmark indicators. TABLE VIII. Percent-like Proxy Summary for Selected Benchmarkable Survey Items Question ID # proxies Min Median Max Q10 3 31.0 32.0 71.0 Q11 2 28.0 29.5 31.0 Q13 2 61.0 67.5 74.0 Q16 2 9.5 10.2 11.0 Q19 3 22.0 32.0 35.0 Q39 1 67.0 67.0 67.0 Q46 1 68.0 68.0 68.0 Q48 2 30.0 40.0 50.0 Q51 3 28.0 36.0 45.0 F. Sustainability proxy scarcity. SustainabilityEnergy is the least represented DG-SA capability in the coded corpus (11.1%). Consistently, the benchmarkability dataset contains only limited public proxies for energy/footprint governance. For example, a Fastly report indicates that more than two-thirds of surveyed organizations track training and inference energy separately (Q39), but such statements rarely include standardized measurement baselines or comparable denominators. This reinforces the conclusion that sustainable AI governance needs stronger measurement conventions, and that open benchmarking in this area remains early-stage [ 1 ], [ 12 ]. VI. SYNTHESIS AND DISCUSSION The evidence map and benchmarkability analysis jointly suggest a practical interpretation: governance is increasingly well-specified for compliance-critical capabilities (privacy, auditability, risk assessment), but weaker for operational and sustainability-centric capabilities. The benchmarkability ratio adds an additional constraint-public/open benchmarking is possible for only about one-quarter of governance survey items, and even these require proxies that may be conceptually approximate. Implication 1 (measurement-first governance) organizations should treat public benchmarks as a complement, not a substitute, for internal evidence packs. External proxies can offer directional signals (e.g., typical governance adoption or monitoring coverage), while acceptance decisions for high-risk AI must rely on auditable internal evidence (tests, logs, red-team reports, model cards). Implication 2 (AI-specific differentiation) several DG-SA capabilities are explicitly AI-specific (ModelDocumentation, EvaluationBenchmarking, MonitoringDrift, HumanOversight, SustainabilityEnergy). These are precisely the areas where generic data governance is insufficient because models evolve, drift, and interact with humans and environments. The coded corpus shows these capabilities are less consistently operationalized than privacy and auditability, suggesting a priority area for future standards work. Implication 3 (sustainable AI as operational practice) sustainable AI governance must be integrated into lifecycle operations, not treated as an after-the-fact reporting exercise. Evidence needs to include measurement methods, thresholds, and response playbooks (e.g., what action is taken when energy per inference rises above a budget). VII. MINI-CASE INSTANTIATION: LLM-BASED BUSINESS ASSISTANT To address application-oriented expectations, we instantiate DG-SA for a realistic enterprise automation case: a retrieval-augmented LLM assistant that answers customer queries and drafts compliant responses. The system consumes enterprise knowledge bases and ticket histories, performs retrieval and prompt orchestration (Data AIService), executes an LLM endpoint (Model AIService), applies policy/guardrail logic (Algo AIService), and exposes the capability via an API and web interface. In this mini-case, DG-SA capabilities translate into concrete artifacts. For example, ModelDocumentation is realized via a model card documenting intended use, known failure modes, and training data constraints [ 15 ]. EvaluationBenchmarking requires a benchmark suite (including red-team prompts) and acceptance thresholds before release [ 16 ], [ 17 ]. MonitoringDrift is implemented as runtime dashboards tracking response quality, safety violations, and retrieval health. SustainabilityEnergy becomes actionable when the assistant reports energy per request and enforces compute budgets, aligned to Green AI reporting practices [ 1 ], [ 12 ]. TABLE IX. Mini-Case: Example DG-SA Evidence Artifacts and Lifecycle Use DG-SA capability Primary artifact What it evidences Where used ModelDocumentation Model card + change log Model choice, version, limitations Release gate (DoD) EvaluationBenchmarking Benchmark + red-team report Accuracy, safety, latency thresholds Release gate (DoD) MonitoringDrift Quality & drift dashboards Retrieval hit-rate, hallucination indicators Operate + rollback IncidentResponse AI incident runbook Safety incident triage, escalation Operate SustainabilityEnergy Energy/footprint report Energy per request, budget adherence Operate + scale decision VIII. MARKETPLACE MICRODATA DEMONSTRATION Public/open proxies are often too coarse to benchmark sustainability-oriented AI governance. This section provides a concrete empirical demonstration of how cloud data marketplaces can supply primary microdata that, when joined with governed AI telemetry and lineage, yields audit-ready sustainability indicators. A. Dataset and provenance. We use the Our World in Data (OWID) energy dataset, which includes a country-year series for the lifecycle carbon intensity of electricity (carbon_intensity_elec, in gCO₂e/kWh). OWID curates these series from primary energy-system sources (e.g., Ember) and distributes the dataset both directly and through data-marketplace channels (e.g., Snowflake data sharing). For the illustration below, we use 2024 values to reflect recent grids while avoiding partial-year artifacts. [39], [40]. B. Demonstration 1: Carbon-intensity dispersion across illustrative cloud regions. To highlight why SustainableAI/Energy governance must capture region metadata, we map a set of commonly used cloud regions to their host countries and compare 2024 electricity carbon intensity. Fig. 8 shows a wide dispersion: across these regions, carbon intensity ranges from approximately 41 gCO₂e/kWh (France) to approximately 707 gCO₂e/kWh (India), a ≈17× spread. This implies that identical AI workloads can have order-of-magnitude different operational emissions solely due to regional electricity mix, making location-aware telemetry and standardized reference data a governance requirement—not an optional sustainability add-on. [39]. C. Demonstration 2: Marketplace microdata join for an auditable AI footprint KPI. DG-SA treats sustainability as measurable control. A minimal auditable KPI is per-model or per-release emissions, computed as: Emissions (kgCO₂e) = Σ_r,t E_r,t (kWh) × CI_r,t (gCO₂e/kWh) / 1000, where E_r,t is governed AI energy telemetry (or GPU-hours converted to kWh) and CI_r,t is carbon-intensity microdata for the execution region and time. Fig. 9 summarizes the join pattern: an external carbon-intensity feed becomes decision-grade once connected to internal telemetry, model documentation, and lineage under governance control. D. Implications for benchmarkability. The demonstration operationalizes the SustainabilityEnergy capability as an externally auditable indicator, even when public benchmarking surveys provide only high-level adoption percentages. In practice, organizations can standardize reporting (e.g., per-model emissions per 1,000 inferences; per-training-run emissions with uncertainty bounds) and publish comparable statistics using a combination of internal evidence and marketplace-sourced reference microdata. This provides a pragmatic route to closing the measurement gap identified in Section V. IX. LIFECYCLE OPERATING MODEL AND MINIMUM EVIDENCE PACK DG-SA is intended for forward-engineering delivery. We therefore propose a lifecycle operating model that separates four planes-data, model, runtime, and feedback-so that evidence can be produced and accepted at gates. This helps reconcile two realities: (i) governance must be enforced during build, integration, and operations; and (ii) sustainable AI requires continuous measurement and improvement loops. We define a minimum evidence pack to make acceptance decisions auditable. The evidence pack aligns to typical release gates (build, verification, UAT, go-live) and includes: model evaluation evidence, security and privacy controls, monitoring readiness, incident response runbooks, and sustainability reporting. Table X summarizes this minimum pack. TABLE X. Minimum Evidence Pack for DG-SA Acceptance Lifecycle phase Minimum evidence artifacts (examples) Gate decision (example) Data onboarding Datasheet, lineage record, access/privacy classification, quality checks Reject dataset if lineage or privacy constraints are missing Model development Model card draft, evaluation plan, benchmark suite, risk register entry Block training if evaluation plan is undefined Pre-release validation Benchmark results, robustness tests, red-team notes, monitoring plan, rollback plan Release only if thresholds met and rollback defined Production operation Drift dashboard, incident logs, periodic audit report, sustainability metrics Escalate if incidents/drift exceed thresholds Research propositions (forward-looking): P1-Benchmarkable metrics will expand as observability and AI management systems mature, but sustainability metrics will lag unless standardized measurement conventions are adopted. P2-Evidence packs will become the dominant governance mechanism for high-risk AI because they bind requirements to auditable artifacts. P3-Organizations will increasingly integrate AI incident response with security incident response, supported by centralized audit logging and traceability. P4-AI sustainability will shift from voluntary reporting to budgeted operational constraints (e.g., energy per inference budgets) as compute costs and regulatory attention increase. X. LIMITATIONS AND FUTURE WORK Internal validity the evidence map relies on a curated corpus (N = 18) and binary coding. Binary coding improves transparency but can under-represent partial coverage; this is a deliberate conservative choice. External validity the corpus is not exhaustive, and corporate/platform sources may reflect sector-specific operating models. Reliability : the present version reports single-coder results, but provides the full coding matrix and decision rules (Appendix D) so that other researchers can replicate the coding and compute inter-rater reliability in follow-on studies. Benchmarkability limitations: public proxies are sparse, noisy, and biased toward organizations that publish surveys and reports; we mitigate this with a provenance/authentication rubric (Appendix C) and propose a primary-data pathway via data exchanges (Section IV.C). Benchmarkability limitations open proxies are sparse, noisy, and biased toward large organizations that publish surveys and reports. Proxy mappings may be approximate when constructs do not align perfectly. Future work should develop standardized open benchmarks for AI governance and sustainability, including common denominators for energy reporting (e.g., energy per inference normalized by workload). Future research directions include expanding the corpus across additional sectors and regions; developing ordinal or weighted coverage scoring to complement binary coding; instantiating DG-SA in multiple AI applications (e.g., credit scoring, medical triage) to test usability; and studying how DG-SA evidence packs influence operational outcomes such as incident rates, audit findings, and compute efficiency over time. XI. CONCLUSION This paper presented DG-SA, a measurement-first governance model for sustainable AI. By combining a 12-dimension capability model with an evidence map and an explicit open benchmarkability analysis, the study moves beyond descriptive governance narratives toward testable, auditable constructs. Empirically, we find that compliance-critical capabilities (privacy, auditability, risk assessment) are most consistently operationalized across influential sources, while sustainability/energy governance is least operationalized. We also show that only 24.1% of governance survey items are benchmarkable via public/open data proxies. Finally, we propose a lifecycle operating model and minimum evidence pack to support engineering delivery and operations. Collectively, these contributions support sustainable AI as an implementable organizational practice and provide a baseline for future empirical research in AI governance measurement. Declarations Funding: The authors received no specific funding for this work. Competing interests: The authors declare no competing interests. Data availability: All external datasets referenced in the empirical demonstration are publicly accessible from their primary publishers; derived analysis outputs (country-year carbon intensity subset, figures, and the mapping used in Fig. 8) are provided as supplementary material. The coded evidence matrix and proxy mapping tables are included in the appendices. Code availability: The scripts used to generate the empirical figures and descriptive statistics are provided as supplementary material to support reproducibility. Ethics approval and consent to participate: Not applicable; this study does not involve human participants or personal data. Consent for publication: Not applicable. References R. Schwartz, J. Dodge, N. A. Smith, and O. Etzioni, "Green AI," Commun. ACM, vol. 63, no. 12, pp. 54–63, 2020. doi: 10.1145/3381831. Available: https://dl.acm.org/doi/10.1145/3381831 E. Strubell, A. Ganesh, and A. McCallum, “Energy and policy considerations for deep learning in NLP,” in Proc. ACL, 2019. [Online]. Available: https://aclanthology.org/P19-1355/. Accessed: Jan. 29, 2026. P. Weill and J. W. Ross, IT Governance: How Top Performers Manage IT Decision Rights for Superior Results. Boston, MA, USA: Harvard Business School Press, 2004. Available: https://hbr.org/product/it-governance/8468 V. Khatri and C. V. Brown, "Designing data governance," Commun. ACM, vol. 53, no. 1, pp. 148–152, 2010. doi: 10.1145/1629175.1629210. Available: https://dl.acm.org/doi/10.1145/1629175.1629210 National Institute of Standards and Technology (NIST), "Artificial Intelligence Risk Management Framework (AI RMF 1.0)," NIST AI 100-1, 2023. Available: https://www.nist.gov/itl/ai-risk-management-framework ISO/IEC 23894:2023, "Information technology - Artificial intelligence - Guidance on risk management," International Organization for Standardization, 2023. Available: https://www.iso.org/standard/77304.html ISO/IEC 42001:2023, "Information technology - Artificial intelligence - Management system," International Organization for Standardization, 2023. Available: https://www.iso.org/standard/81230.html OECD, "Recommendation of the Council on Artificial Intelligence," 2019. Available: https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0449 UNESCO, "Recommendation on the Ethics of Artificial Intelligence," 2021. Available: https://unesdoc.unesco.org/ark:/48223/pf0000380455 Regulation (EU) 2016/679 (General Data Protection Regulation), 2016. Available: https://eur-lex.europa.eu/eli/reg/2016/679/oj Regulation (EU) 2024/1689 (Artificial Intelligence Act), 2024. Available: https://eur-lex.europa.eu/eli/reg/2024/1689/oj P. Henderson et al., “Towards the systematic reporting of the energy and carbon footprints of machine learning,” J. Mach. Learn. Res., vol. 21, 2020. [Online]. Available: https://jmlr.org/papers/v21/20-312.html. Accessed: Jan. 29, 2026. D. Patterson et al., "Carbon emissions and large neural network training," arXiv:2104.10350, 2021. Available: https://arxiv.org/abs/2104.10350 T. Gebru et al., "Datasheets for Datasets," Commun. ACM, vol. 64, no. 12, pp. 86–92, 2021. doi: 10.1145/3458723. Available: https://dl.acm.org/doi/10.1145/3458723 M. Mitchell et al., "Model Cards for Model Reporting," in Proc. FAT* (now FAccT), 2019, pp. 220–229. doi: 10.1145/3287560.3287596. Available: https://dl.acm.org/doi/10.1145/3287560.3287596 I. D. Raji et al., “Closing the AI accountability gap: Defining an end-to-end framework for internal algorithmic auditing,” 2020. [Online]. Available: https://arxiv.org/abs/2001.00973. Accessed: Jan. 29, 2026. B. Brundage et al., "Toward trustworthy AI development: mechanisms for supporting verifiable claims," arXiv:2004.07213, 2020. Available: https://arxiv.org/abs/2004.07213 B. Mittelstadt, "Principles alone cannot guarantee ethical AI," Nat. Mach. Intell., vol. 1, pp. 501–507, 2019. doi: 10.1038/s42256-019-0114-4. Available: https://www.nature.com/articles/s42256-019-0114-4 L. Floridi and J. Cowls, "A Unified Framework of Five Principles for AI in Society," Harvard Data Science Review, 2019. doi: 10.1162/99608f92.8cd550d1. Available: https://hdsr.mitpress.mit.edu/pub/l0jsh9d1 Microsoft, “Responsible AI Standard v2: General Requirements,” 2022. [Online]. Available: https://aka.ms/RAIStandard. Accessed: Jan. 29, 2026. Google, "AI Principles," 2018. Available: https://ai.google/principles/ IBM, "Everyday Ethics for Artificial Intelligence," 2019. Available: https://www.ibm.com/watson/assets/duo/pdf/everydayethics.pdf ISACA, “AI use is outpacing policy and governance, ISACA finds,” 2025. [Online]. Available: https://www.isaca.org/resources/news-and-trends/newsroom/2025/ai-use-is-outpacing-policy-and-governance-isaca-finds. Accessed: Jan. 29, 2026. Precisely, “Data governance adoption has risen dramatically,” 2025. [Online]. Available: https://www.precisely.com/blog/data-governance/data-governance-adoption-has-risen-dramatically. Accessed: Jan. 29, 2026. EY, “Responsible AI Pulse Survey,” 2025. [Online]. Available: https://www.ey.com/en_gl/insights/ai/ey-responsible-ai-pulse-survey. Accessed: Jan. 29, 2026. Dresner Advisory Services, “Data governance and master data management market study,” 2024. [Online]. Available: https://www.dresneradvisory.com/market-studies/data-governance-master-data-management. Accessed: Jan. 29, 2026. The Data Administration Newsletter (TDAN), “State of Data Governance 2024,” 2024. [Online]. Available: https://tdan.com/state-of-data-governance-2024/. Accessed: Jan. 29, 2026. Fastly, “AI Energy Pulse Check: How 500 experts feel about AI energy consumption,” 2025. [Online]. Available: https://www.fastly.com/blog/ai-energy-pulse-check-how-500-experts-feel-about-ai-energy-consumption. Accessed: Jan. 29, 2026. AI Incident Database (AIID), "AI Incident Database," accessed 2025. Available: https://incidentdatabase.ai/ McKinsey & Company, “Trust in AI will help determine its future at work,” 2025. [Online]. Available: https://www.mckinsey.com/capabilities/quantumblack/our-insights/trust-in-ai-will-help-determine-its-future-at-work. Accessed: Jan. 29, 2026. McKinsey & Company, “The state of AI: How organizations are rewiring to capture value,” 2024. [Online]. Available: https://www.mckinsey.com/capabilities/quantumblack/our-insights/the-state-of-ai. Accessed: Jan. 29, 2026. Google, “End-to-end responsibility: A lifecycle approach to AI (AI Responsibility 2024 update),” 2024. [Online]. Available: https://ai.google/static/documents/ai-responsibility-2024-update.pdf. Accessed: Jan. 29, 2026. Amazon Web Services, “AWS Responsible Use of AI Guide,” 2024. [Online]. Available: https://d1.awsstatic.com/whitepapers/aws-responsible-use-of-ai-guide.pdf. Accessed: Jan. 29, 2026. Amazon Web Services, “AWS Data Exchange User Guide,” 2025. [Online]. Available: https://docs.aws.amazon.com/pdfs/data-exchange/latest/userguide/data-exchange-ug.pdf. Accessed: Jan. 29, 2026. Snowflake, “About listings,” Snowflake Documentation, 2026. [Online]. Available: https://docs.snowflake.com/en/collaboration/collaboration-listings-about. Accessed: Jan. 29, 2026. Google Cloud, “Introduction to BigQuery sharing and Analytics Hub,” Google Cloud Documentation, 2026. [Online]. Available: https://cloud.google.com/bigquery/docs/analytics-hub-introduction. Accessed: Jan. 29, 2026. Databricks, “Databricks Marketplace documentation,” 2026. [Online]. Available: https://docs.databricks.com/en/marketplace/. Accessed: Jan. 29, 2026. Microsoft, “What is Azure Data Share?,” 2026. [Online]. Available: https://learn.microsoft.com/en-us/azure/data-share/overview. Accessed: Jan. 29, 2026. Our World in Data (OWID), “Energy Data,” 2026. [Online]. Available: https://github.com/owid/energy-data. Accessed: Jan. 29, 2026. Snowflake, “Using Our World in Data CO₂ and Greenhouse Gas Emissions Data on Snowflake,” Snowflake Quickstart, 2026. [Online]. Available: https://quickstarts.snowflake.com/guide/using_our_world_in_data_co2_and_greenhouse_gas_emissions_data_on_snowflake/. Accessed: Jan. 29, 2026. Amazon Web Services (AWS) Marketplace, “EDGAR 10‑K & 10‑Q Filings (stock and CIK) – 20 years (historical) (Analytext),” 2026. [Online]. Available: https://aws.amazon.com/marketplace/pp/prodview-nrrfa4m4vda4k. Accessed: Jan. 29, 2026. Snowflake, “SEC data from CIK and ticker symbol,” Snowflake Documentation, 2026. [Online]. Available: https://docs.snowflake.com/en/user-guide/sample-data-sec. Accessed: Jan. 29, 2026. Google Cloud, “SEC Filings dataset,” BigQuery Public Datasets, 2026. [Online]. Available: https://cloud.google.com/bigquery/public-data/sec-filings. Accessed: Jan. 29, 2026. Additional Declarations The authors declare no competing interests. Supplementary Files Graphicalabstract.jpg APPENDIX.docx Cite Share Download PDF Status: Posted Version 1 posted You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-8734900","acceptedTermsAndConditions":true,"allowDirectSubmit":true,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":582665658,"identity":"988606a0-2c12-4b59-947a-ef54462967b1","order_by":0,"name":"Tirupathi Rao Dockara","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAqklEQVRIiWNgGAWjYDCCAyCigoHBgHgtx0DEGZK1MLaRooXvfu/DDx/nHZY3Z28+wPCjYhthLZLH2I0lZ247bLiz51gCY8+Z24S1GBxjY5Dm3XaYccONHANmxjbitDD/5p1z2J4kLWzSvA2HE4nXInksjc1yxrH05A1njiUcJMovfIePMd/4UGNtu+F488EHPyqI0AIFzWDyANHqgaCOFMWjYBSMglEw0gAA+Jk/CvZ7UEYAAAAASUVORK5CYII=","orcid":"https://orcid.org/0000-0003-1369-1982","institution":"Chandigarh University,","correspondingAuthor":true,"prefix":"","firstName":"Tirupathi","middleName":"Rao","lastName":"Dockara","suffix":""}],"badges":[],"createdAt":"2026-01-29 20:07:48","currentVersionCode":1,"declarations":{"humanSubjects":false,"vertebrateSubjects":false,"conflictsOfInterestStatement":false,"humanSubjectEthicalGuidelines":false,"humanSubjectConsent":false,"humanSubjectClinicalTrial":false,"humanSubjectCaseReport":false,"vertebrateSubjectEthicalGuidelines":false},"doi":"10.21203/rs.3.rs-8734900/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-8734900/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":101752180,"identity":"02546866-2bff-4c4a-9b0d-53579b4851b0","added_by":"auto","created_at":"2026-02-03 10:25:55","extension":"jpg","order_by":1,"title":"Figure 1","display":"","copyAsset":false,"role":"figure","size":123502,"visible":true,"origin":"","legend":"\u003cp\u003eConceptual framing: DG-SA connects data governance, AI assurance, and sustainable AI measurement.\u003c/p\u003e","description":"","filename":"image1.jpg","url":"https://assets-eu.researchsquare.com/files/rs-8734900/v1/dc7b3add5a59743fa607e416.jpg"},{"id":101478994,"identity":"4935389e-82e7-4268-b76a-0e09107d327e","added_by":"auto","created_at":"2026-01-30 07:42:07","extension":"jpg","order_by":2,"title":"Figure 2","display":"","copyAsset":false,"role":"figure","size":152122,"visible":true,"origin":"","legend":"\u003cp\u003eResearch design workflow (conceptual development → coding → benchmarkability mapping → synthesis).\u003c/p\u003e","description":"","filename":"image2.jpg","url":"https://assets-eu.researchsquare.com/files/rs-8734900/v1/8a17e07361b159d1846f3a27.jpg"},{"id":101478995,"identity":"85c8eefe-c707-49d1-9258-820c093ed704","added_by":"auto","created_at":"2026-01-30 07:42:07","extension":"jpg","order_by":3,"title":"Figure 3","display":"","copyAsset":false,"role":"figure","size":156625,"visible":true,"origin":"","legend":"\u003cp\u003eDG-SA capability coverage across 18 coded sources.\u003c/p\u003e","description":"","filename":"image3.jpg","url":"https://assets-eu.researchsquare.com/files/rs-8734900/v1/180f3e3e037eff738266baef.jpg"},{"id":101478997,"identity":"d2b585a9-b230-4507-a4c5-db36b82262d2","added_by":"auto","created_at":"2026-01-30 07:42:07","extension":"jpg","order_by":4,"title":"Figure 4","display":"","copyAsset":false,"role":"figure","size":468147,"visible":true,"origin":"","legend":"\u003cp\u003eMean DG-SA coverage ratio by source type.\u003c/p\u003e","description":"","filename":"image4.jpg","url":"https://assets-eu.researchsquare.com/files/rs-8734900/v1/102fdd3646c71d7bddee55c7.jpg"},{"id":101478996,"identity":"3d93d0a0-4361-4523-b04b-61c22d9c9551","added_by":"auto","created_at":"2026-01-30 07:42:07","extension":"jpg","order_by":5,"title":"Figure 5","display":"","copyAsset":false,"role":"figure","size":122337,"visible":true,"origin":"","legend":"\u003cp\u003ePublication year vs. DG-SA coverage ratio (exploratory correlation).\u003c/p\u003e","description":"","filename":"image5.jpg","url":"https://assets-eu.researchsquare.com/files/rs-8734900/v1/730d8e7e2046d1c1def52559.jpg"},{"id":101751659,"identity":"8a728b96-a967-477b-90af-7c5f58ae8ee2","added_by":"auto","created_at":"2026-02-03 10:22:04","extension":"jpg","order_by":6,"title":"Figure 6","display":"","copyAsset":false,"role":"figure","size":109950,"visible":true,"origin":"","legend":"\u003cp\u003eRanges of percent-like open proxies for selected benchmarkable survey items.\u003c/p\u003e","description":"","filename":"image6.jpg","url":"https://assets-eu.researchsquare.com/files/rs-8734900/v1/f9b03c02a54017469ca9ed03.jpg"},{"id":101751469,"identity":"830a8162-b6ec-4829-8e81-e28988b43cdd","added_by":"auto","created_at":"2026-02-03 10:20:32","extension":"jpg","order_by":7,"title":"Figure 7","display":"","copyAsset":false,"role":"figure","size":162315,"visible":true,"origin":"","legend":"\u003cp\u003eMini-case instantiation: enterprise GenAI assistant governed via a DG-SA evidence gate and monitored using internal telemetry plus authenticated external indicators.\u003c/p\u003e","description":"","filename":"image7.jpg","url":"https://assets-eu.researchsquare.com/files/rs-8734900/v1/a527d609fe30b40e391a0067.jpg"},{"id":101478999,"identity":"8ceae75f-5219-41b9-b22c-dfcae52a529a","added_by":"auto","created_at":"2026-01-30 07:42:07","extension":"jpg","order_by":8,"title":"Figure 8","display":"","copyAsset":false,"role":"figure","size":193554,"visible":true,"origin":"","legend":"\u003cp\u003eCarbon intensity of electricity across illustrative cloud regions (2024), using national-average OWID energy microdata (gCO₂e/kWh). [39].\u003c/p\u003e","description":"","filename":"image8.jpg","url":"https://assets-eu.researchsquare.com/files/rs-8734900/v1/9c441cb8b20ea7827719b2cc.jpg"},{"id":101751456,"identity":"907801fe-8698-4f18-916b-47b232a1e2fd","added_by":"auto","created_at":"2026-02-03 10:20:25","extension":"png","order_by":9,"title":"Figure 9","display":"","copyAsset":false,"role":"figure","size":189942,"visible":true,"origin":"","legend":"\u003cp\u003eMarketplace microdata join pattern: combining governed AI telemetry and lineage with external carbon-intensity microdata yields an audit-ready sustainability KPI.\u003c/p\u003e","description":"","filename":"9.png","url":"https://assets-eu.researchsquare.com/files/rs-8734900/v1/9f7235b96c9a90d25a8874cc.png"},{"id":102294882,"identity":"4137d7d9-13a2-436f-89b2-b57434af74ed","added_by":"auto","created_at":"2026-02-10 10:03:02","extension":"pdf","order_by":0,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":3221875,"visible":true,"origin":"","legend":"","description":"","filename":"manuscript.pdf","url":"https://assets-eu.researchsquare.com/files/rs-8734900/v1/7c7875c6-f431-49db-8bde-3abbbaa14156.pdf"},{"id":101479003,"identity":"e53e0f6a-e650-469a-a3b0-bf7b3b8b66fb","added_by":"auto","created_at":"2026-01-30 07:42:07","extension":"jpg","order_by":1,"title":"","display":"","copyAsset":false,"role":"supplement","size":1851771,"visible":true,"origin":"","legend":"","description":"","filename":"Graphicalabstract.jpg","url":"https://assets-eu.researchsquare.com/files/rs-8734900/v1/c938f3b15042f324b0d5ac4b.jpg"},{"id":101751901,"identity":"07d73615-6907-4aa5-bdbd-38a4dc96f691","added_by":"auto","created_at":"2026-02-03 10:24:21","extension":"docx","order_by":2,"title":"","display":"","copyAsset":false,"role":"supplement","size":46284,"visible":true,"origin":"","legend":"","description":"","filename":"APPENDIX.docx","url":"https://assets-eu.researchsquare.com/files/rs-8734900/v1/9b00dd7fc965be8835e7a6a7.docx"}],"financialInterests":"The authors declare no competing interests.","formattedTitle":"\u003cp\u003eData Governance for Sustainable AI in Organizations: A Benchmarkability-First Capability Model, Evidence Map, and Marketplace Microdata Demonstration\u003c/p\u003e","fulltext":[{"header":"I. INTRODUCTION","content":"\u003cp\u003eOrganizations are rapidly operationalizing AI for decision support, automation, and user-facing experiences. At the same time, regulators and stakeholders increasingly expect AI to be safe, accountable, and environmentally responsible. While ethical AI principles are widely published, they often do not translate into measurable practices that can be audited and improved over time. This gap is especially visible for sustainable (or Green) AI, where energy and carbon impacts are discussed extensively but measured inconsistently across organizations [\u003cspan citationid=\"CR1\" class=\"CitationRef\"\u003e1\u003c/span\u003e], [\u003cspan citationid=\"CR2\" class=\"CitationRef\"\u003e2\u003c/span\u003e].\u003c/p\u003e \u003cp\u003eData governance provides a natural operational foundation for sustainable AI because AI systems are ultimately built on data pipelines, data controls, and evidence trails. Classical data governance literature emphasizes decision rights and control mechanisms [\u003cspan citationid=\"CR3\" class=\"CitationRef\"\u003e3\u003c/span\u003e], [\u003cspan citationid=\"CR4\" class=\"CitationRef\"\u003e4\u003c/span\u003e]. Contemporary AI governance standards extend these ideas with risk assessment, monitoring, and incident response expectations (e.g., NIST AI RMF [\u003cspan citationid=\"CR5\" class=\"CitationRef\"\u003e5\u003c/span\u003e], ISO/IEC guidance [\u003cspan citationid=\"CR6\" class=\"CitationRef\"\u003e6\u003c/span\u003e], [\u003cspan citationid=\"CR7\" class=\"CitationRef\"\u003e7\u003c/span\u003e]). Regulatory regimes such as GDPR [\u003cspan citationid=\"CR10\" class=\"CitationRef\"\u003e10\u003c/span\u003e] and the EU AI Act [\u003cspan citationid=\"CR11\" class=\"CitationRef\"\u003e11\u003c/span\u003e] further raise the bar for transparency, auditability, and lifecycle accountability.\u003c/p\u003e \u003cp\u003eHowever, two practical problems remain under-addressed. First, governance guidance is uneven: some capabilities are thoroughly specified (e.g., privacy and auditability), while others that matter for sustainable AI (e.g., energy measurement and drift surveillance) are treated lightly. Second, even when governance practices are recommended, they are difficult to benchmark externally because public and open data rarely provide comparable measures. Without benchmarkability, governance often becomes a compliance checklist rather than an improvement loop.\u003c/p\u003e \u003cp\u003eThis work introduces a measurement-first governance approach for sustainable AI. It contributes not only a capability model, but also an evidence map and an explicit analysis of what can (and cannot) be benchmarked using public/open data. This combination is designed to move the topic from policy-level description to research-grade, testable constructs and empirical analysis.\u003c/p\u003e \u003cp\u003e \u003cb\u003eResearch questions (RQs) guiding the study are\u003c/b\u003e:\u003c/p\u003e \u003cp\u003e \u003cdiv class=\"gridtable\"\u003e\u003ctable float=\"No\" id=\"Taba\" border=\"1\"\u003e \u003ccolgroup cols=\"1\"\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c1\" colnum=\"1\"\u003e\u003c/div\u003e \u003ctbody\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e\u003cb\u003eRQ1\u003c/b\u003e: What minimum set of governance capabilities is required to operationalize sustainable AI in organizations?\u003c/p\u003e \u003cp\u003e\u003cb\u003eRQ2\u003c/b\u003e: How well do influential standards, academic artifacts, and corporate/platform frameworks cover these capabilities?\u003c/p\u003e \u003cp\u003e\u003cb\u003eRQ3\u003c/b\u003e: To what extent can governance capabilities be benchmarked using authenticated public/open data proxies and primary marketplace datasets?\u003c/p\u003e \u003cp\u003e\u003cb\u003eRQ4\u003c/b\u003e: What lifecycle operating model and minimum evidence pack make these capabilities actionable in engineering delivery and operations?\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003c/tbody\u003e \u003c/colgroup\u003e \u003c/table\u003e\u003c/div\u003e \u003c/p\u003e \u003cp\u003e \u003cb\u003eContributions\u003c/b\u003e:\u003c/p\u003e \u003cp\u003e \u003cdiv class=\"gridtable\"\u003e\u003ctable float=\"No\" id=\"Tabb\" border=\"1\"\u003e \u003ccolgroup cols=\"1\"\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c1\" colnum=\"1\"\u003e\u003c/div\u003e \u003ctbody\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e\u003cb\u003eC1\u003c/b\u003e: DG-SA, a 12-dimension capability model with evidence-oriented definitions and implementable artifacts.\u003c/p\u003e \u003cp\u003e\u003cb\u003eC2\u003c/b\u003e: An evidence map of 18 sources (6 standards/policy, 6 academic artifacts, 6 corporate/platform sources) coded against DG-SA.\u003c/p\u003e \u003cp\u003e\u003cb\u003eC3\u003c/b\u003e: An open benchmarkability analysis of 54 survey items, showing that only 13/54 items (24.1%) admit external benchmarking via authenticated public proxies.\u003c/p\u003e \u003cp\u003e\u003cb\u003eC4\u003c/b\u003e: A lifecycle operating model, dashboard blueprint, and minimum evidence pack that translate governance requirements into delivery and operations.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003c/tbody\u003e \u003c/colgroup\u003e \u003c/table\u003e\u003c/div\u003e \u003c/p\u003e \u003cp\u003e \u003cb\u003eNovelty statement\u003c/b\u003e:\u003c/p\u003e \u003cp\u003e \u003cul\u003e \u003cli\u003e \u003cp\u003e \u003cb\u003eBenchmarkability-first governance\u003c/b\u003e: DG-SA is explicitly defined in terms of observable evidence, and we operationalize governance progress via an open benchmarkability ratio rather than principle compliance.\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003e \u003cb\u003eMarketplace microdata augmentation\u003c/b\u003e: we empirically demonstrate how cloud-marketplace microdata (electricity carbon intensity) can be joined with governed AI telemetry to produce audit-ready sustainability KPIs that are otherwise weakly benchmarkable via public surveys.\u003c/p\u003e \u003c/li\u003e \u003cli\u003e \u003cp\u003e \u003cb\u003eOperationalization\u003c/b\u003e: we provide a lifecycle operating model and minimum evidence pack that converts sustainable AI governance into implementable engineering controls (gates, dashboards, and runbooks).\u003c/p\u003e \u003c/li\u003e \u003c/ul\u003e \u003c/p\u003e \u003cp\u003e \u003c/p\u003e"},{"header":"II. RELATED WORK AND CONCEPTUAL FOUNDATIONS","content":"\u003cp\u003eThis section synthesizes four streams of work that motivate DG-SA: data governance as organizational control, AI governance as risk and assurance, sustainable AI measurement, and evidence-based benchmarking.\u003c/p\u003e\n\u003cp\u003e\u003cspan\u003e\u003cstrong\u003eA. Data governance as control and accountability\u003c/strong\u003e. IT and data governance research emphasize decision rights, accountabilities, and measurable controls as prerequisites for reliable enterprise systems [\u003cspan class=\"CitationRef\"\u003e3\u003c/span\u003e], [\u003cspan class=\"CitationRef\"\u003e4\u003c/span\u003e]. In AI settings, these ideas extend beyond data stewardship to include traceability of model decisions and accountability for downstream impacts.\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan\u003e\u003cstrong\u003eB. AI governance frameworks and assurance artifacts.\u003c/strong\u003e Major standards\u0026rsquo; bodies and policy institutions provide AI governance guidance, including NIST AI RMF [\u003cspan class=\"CitationRef\"\u003e5\u003c/span\u003e], ISO/IEC risk management guidance [\u003cspan class=\"CitationRef\"\u003e6\u003c/span\u003e], ISO/IEC AI management systems [\u003cspan class=\"CitationRef\"\u003e7\u003c/span\u003e], and international policy principles [\u003cspan class=\"CitationRef\"\u003e8\u003c/span\u003e], [\u003cspan class=\"CitationRef\"\u003e9\u003c/span\u003e]. Industry frameworks, such as the Microsoft Responsible AI Standard [\u003cspan class=\"CitationRef\"\u003e20\u003c/span\u003e] and IBM\u0026rsquo;s Everyday Ethics for AI resources [\u003cspan class=\"CitationRef\"\u003e22\u003c/span\u003e], complement standards with organization-level process controls and templates. Academic work argues that principles alone are insufficient without enforceable mechanisms and evidence [\u003cspan class=\"CitationRef\"\u003e18\u003c/span\u003e]. Complementary artifact-based approaches such as Datasheets for Datasets [\u003cspan class=\"CitationRef\"\u003e14\u003c/span\u003e] and Model Cards [\u003cspan class=\"CitationRef\"\u003e15\u003c/span\u003e]-provide practical documentation structures, while algorithmic auditing frameworks formalize internal assurance processes [\u003cspan class=\"CitationRef\"\u003e16\u003c/span\u003e], [\u003cspan class=\"CitationRef\"\u003e17\u003c/span\u003e].\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan\u003e\u003cstrong\u003eC. Sustainable AI and measurement.\u003c/strong\u003e Green AI calls for efficiency and transparent reporting of AI resource use [\u003cspan class=\"CitationRef\"\u003e1\u003c/span\u003e]. Empirical studies highlight energy and policy trade-offs in model development and inference [\u003cspan class=\"CitationRef\"\u003e2\u003c/span\u003e], propose systematic reporting practices for energy and carbon footprints [\u003cspan class=\"CitationRef\"\u003e12\u003c/span\u003e], [\u003cspan class=\"CitationRef\"\u003e13\u003c/span\u003e]. Yet, sustainability metrics are often measured inconsistently across organizations, limiting comparability and cross-sector learning.\u003c/span\u003e\u003c/p\u003e\n\u003cp\u003e\u003cspan\u003e\u003cstrong\u003eD. Benchmarking and evidence-based governance\u003c/strong\u003e. Benchmarking is central to continuous improvement, but governance benchmarkability requires measurable constructs and comparable data. Many governance indicators are internal by nature (e.g., incident response maturity), which limits public evaluation. This motivates an explicit benchmarkability analysis: a governance model should disclose which aspects can be openly benchmarked and which require internal evidence packs.\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e"},{"header":"III. DG-SA CAPABILITY MODEL","content":"\u003cp\u003eDG-SA is defined as a capability model that specifies governance dimensions using evidence-oriented criteria. A capability is considered operational only when it can be demonstrated through artifacts, logs, tests, policies, or measurable controls rather than aspirational principles. The 12 DG-SA capabilities are provided in Table I.\u003c/p\u003e \u003cp\u003eTABLE I. DG-SA Capability Codebook\u003c/p\u003e \u003cp\u003e \u003cdiv class=\"gridtable\"\u003e\u003ctable float=\"No\" id=\"Tabc\" border=\"1\"\u003e \u003ccolgroup cols=\"2\"\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c1\" colnum=\"1\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c2\" colnum=\"2\"\u003e\u003c/div\u003e \u003cthead\u003e \u003ctr\u003e \u003cth align=\"left\" colname=\"c1\"\u003e \u003cp\u003eCapability dimension\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c2\"\u003e \u003cp\u003eEvidence-oriented definition (paraphrased)\u003c/p\u003e \u003c/th\u003e \u003c/tr\u003e \u003c/thead\u003e \u003ctbody\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eDataQuality\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eDefined data quality dimensions, validation, and stewardship for AI‑relevant datasets.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eLineage\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eEnd‑to‑end lineage and versioned retention for datasets, features, prompts, and model artifacts; reproducibility of the pipeline.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eAccessControl\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eRole‑based access, least privilege, segregation of duties for data/model operations.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003ePrivacy\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003ePII handling, consent, minimization, retention, and privacy‑preserving techniques.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eModelDocumentation\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eModel cards, intended use, limitations, versioning, and change history.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eEvaluationBenchmarking\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eBenchmark suites, stress tests, red‑team tests, and acceptance thresholds.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eMonitoringDrift\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eRuntime monitoring for performance, drift, bias, and anomaly detection with alert thresholds.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eHumanOversight\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eHuman‑in‑the‑loop control mechanisms, approvals, escalation paths, and override mechanisms.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eRiskAssessment\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eFormal risk classification, hazard analysis, and mitigation control mechanisms across lifecycle.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eSustainabilityEnergy\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eEnergy/carbon measurement, efficiency targets, and sustainable compute policies.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eAuditability\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eImmutable logs, traceability, and evidence packs to support audits and accountability.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eIncidentResponse\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eIncident detection, triage, containment, post‑mortems, and continuous improvement loops.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003c/tbody\u003e \u003c/colgroup\u003e \u003c/table\u003e\u003c/div\u003e \u003c/p\u003e \u003cp\u003e \u003cb\u003eA. DG-SA as an extension of classical data governance.\u003c/b\u003e DG-SA retains foundational data governance controls (e.g., data quality, privacy, access control) while adding AI-specific governance needs such as model documentation, evaluation benchmarking, drift monitoring, human oversight, and sustainability/energy management. Table III summarizes the foundational vs. AI-specific extension view, while Table II provides an overview of the study artifacts and datasets used in this work.\u003c/p\u003e \u003cp\u003eTABLE II. Study Artifacts and Datasets\u003c/p\u003e \u003cp\u003e \u003cdiv class=\"gridtable\"\u003e\u003ctable float=\"No\" id=\"Tabd\" border=\"1\"\u003e \u003ccolgroup cols=\"3\"\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c1\" colnum=\"1\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c2\" colnum=\"2\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c3\" colnum=\"3\"\u003e\u003c/div\u003e \u003cthead\u003e \u003ctr\u003e \u003cth align=\"left\" colname=\"c1\"\u003e \u003cp\u003eArtifact\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c2\"\u003e \u003cp\u003eDescription\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c3\"\u003e \u003cp\u003eScope/size\u003c/p\u003e \u003c/th\u003e \u003c/tr\u003e \u003c/thead\u003e \u003ctbody\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eCoded corpus\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eSecondary sources (standards, academic, corporate) coded against 12 governance capabilities\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003en\u0026thinsp;=\u0026thinsp;18\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eCapability codebook\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eOperational definitions for the 12 capabilities used for coding\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003en\u0026thinsp;=\u0026thinsp;12\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003ePublic/open benchmark mapping\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eProxy indicators mapped to selected governance survey items from publicly available surveys/reports\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003en\u0026thinsp;=\u0026thinsp;31 datapoints\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eSurvey instrument items\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e54 governance items used to assess what is measurable from public benchmarks\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003en\u0026thinsp;=\u0026thinsp;54\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eBenchmark mapping dataset (public/open)\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e31 proxy datapoints mapped to 13 survey items; includes URLs, dates, and notes\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003e31 rows; 13 items; 7 sources\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eCoded corpus matrix\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eBinary coding matrix used for coverage analysis (18\u0026times;12)\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003e18 sources \u0026times; 12 capabilities\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003c/tbody\u003e \u003c/colgroup\u003e \u003c/table\u003e\u003c/div\u003e \u003c/p\u003e \u003cp\u003eTABLE III. DG-SA Capabilities: Foundational vs AI-Specific Extensions\u003c/p\u003e \u003cp\u003e \u003cdiv class=\"gridtable\"\u003e\u003ctable float=\"No\" id=\"Tabe\" border=\"1\"\u003e \u003ccolgroup cols=\"3\"\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c1\" colnum=\"1\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c2\" colnum=\"2\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c3\" colnum=\"3\"\u003e\u003c/div\u003e \u003cthead\u003e \u003ctr\u003e \u003cth align=\"left\" colname=\"c1\"\u003e \u003cp\u003eCategory\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c2\"\u003e \u003cp\u003eCapability\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c3\"\u003e \u003cp\u003eAI-specific rationale\u003c/p\u003e \u003c/th\u003e \u003c/tr\u003e \u003c/thead\u003e \u003ctbody\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eFoundational DG\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eDataQuality\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eQuality controls, validation, and error handling for data feeding AI.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eFoundational DG\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eAccessControl\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eLeast privilege, RBAC, and data/model access enforcement.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eFoundational DG\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003ePrivacy\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003ePII minimization, lawful basis, and privacy-by-design controls.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eFoundational DG\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eAuditability\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eImmutable logs, lineage, traceability, and audit trails.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eCross-cutting\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eRiskAssessment\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eRisk classification for AI use (incl. safety, bias, compliance).\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eAI-specific extension\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eModelDocumentation\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eModel cards, intended use, limitations, training data provenance.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eAI-specific extension\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eEvaluationBenchmarking\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003ePre-deploy and regression benchmarking with acceptance thresholds.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eAI-specific extension\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eMonitoringDrift\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eRuntime surveillance of performance/quality drift and data shifts.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eAI-specific extension\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eHumanOversight\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eHuman-in-the-loop triggers, approvals, and override controls.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eAI-specific extension\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eIncidentResponse\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eAI incident handling, escalation, containment, and postmortems.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eAI-specific extension\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eLineage\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eVersioned datasets/models, retention policies, reproducibility.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eAI-specific extension\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eSustainabilityEnergy\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eEnergy/carbon measurement, efficiency targets, and reporting.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003c/tbody\u003e \u003c/colgroup\u003e \u003c/table\u003e\u003c/div\u003e \u003c/p\u003e \u003cp\u003e \u003cb\u003eB. Positioning relative to NIST/ISO governance.\u003c/b\u003e DG-SA is designed to be complementary to risk management and management systems standards. NIST AI RMF emphasizes high-level functions (govern\u0026ndash;map\u0026ndash;measure\u0026ndash;manage) [\u003cspan citationid=\"CR5\" class=\"CitationRef\"\u003e5\u003c/span\u003e], while ISO/IEC 42001 formalizes management system requirements [\u003cspan citationid=\"CR7\" class=\"CitationRef\"\u003e7\u003c/span\u003e]. DG-SA focuses on capability-level evidence that can be implemented and measured, thereby providing an operational layer that can be mapped to these frameworks. Table IV provides a high-level mapping to clarify this relationship.\u003c/p\u003e \u003cp\u003eTABLE IV. Illustrative Mapping: DG-SA to NIST AI RMF and ISO/IEC 42001 Concepts\u003c/p\u003e \u003cp\u003e \u003cdiv class=\"gridtable\"\u003e\u003ctable float=\"No\" id=\"Tabf\" border=\"1\"\u003e \u003ccolgroup cols=\"4\"\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c1\" colnum=\"1\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c2\" colnum=\"2\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c3\" colnum=\"3\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c4\" colnum=\"4\"\u003e\u003c/div\u003e \u003cthead\u003e \u003ctr\u003e \u003cth align=\"left\" colname=\"c1\"\u003e \u003cp\u003eDG-SA capability\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c2\"\u003e \u003cp\u003eNIST AI RMF function(s)\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c3\"\u003e \u003cp\u003eISO/IEC 42001 concept\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c4\"\u003e \u003cp\u003eExample evidence artifacts\u003c/p\u003e \u003c/th\u003e \u003c/tr\u003e \u003c/thead\u003e \u003ctbody\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eRiskAssessment\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eMAP / MEASURE\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eRisk identification and measurement\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eAI impact/risk assessments, risk registers\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003ePrivacy\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eGOVERN / MANAGE\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003ePolicy\u0026thinsp;+\u0026thinsp;controls\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003ePII controls, DPIA where applicable\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eAuditability\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eGOVERN / MANAGE\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eAccountability and traceability\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eAudit logs, trace IDs, evidence retention\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eModelDocumentation\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eMAP\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eSystem context and documentation\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eModel cards, intended use\u0026thinsp;+\u0026thinsp;limitations\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eEvaluationBenchmarking\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eMEASURE\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eTesting and validation\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eBenchmark suites, acceptance thresholds\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eMonitoringDrift\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eMANAGE\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eOngoing monitoring\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eDrift dashboards, alerts, rollback criteria\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eHumanOversight\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eGOVERN / MANAGE\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eHuman accountability\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eHIL triggers, approvals, overrides\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eSustainabilityEnergy\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eMEASURE\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eSustainability measurement\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eEnergy/carbon reporting, efficiency KPIs\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003c/tbody\u003e \u003c/colgroup\u003e \u003c/table\u003e\u003c/div\u003e \u003c/p\u003e"},{"header":"IV. RESEARCH DESIGN AND METHODS","content":"\u003cp\u003eThe study is a mixed conceptual\u0026ndash;empirical design. Conceptually, DG-SA is developed by consolidating governance and sustainable AI requirements into evidence-based capability definitions. Empirically, we (i) code a curated corpus of influential sources against DG-SA and (ii) test the public benchmarkability of governance survey items via open proxy mapping.\u003c/p\u003e \u003cp\u003e \u003c/p\u003e \u003cp\u003e \u003cb\u003eA. Corpus selection (coded evidence corpus).\u003c/b\u003e We constructed a corpus of 18 sources spanning standards/policy, academic research artifacts, and corporate frameworks. The selection objective was not exhaustive, but influence and coverage: documents were included if they are widely referenced, officially adopted, or provide reusable governance mechanisms for organizational AI. Searches and shortlisting were conducted across standards\u0026rsquo; repositories (NIST, ISO, OECD, UNESCO, EU), academic indexes (Google Scholar, IEEE Xplore, ACM DL), and corporate governance publications. Inclusion criteria required: (i) organizational applicability (controls, processes, or assurance artifacts), (ii) explicit relevance to AI governance or data governance in AI contexts, (iii) public accessibility, and (iv) sufficient specificity to evaluate evidence requirements.\u003c/p\u003e \u003cp\u003eTo reduce selection bias, the coded corpus was balanced across source types (6 standards/policy, 6 academic artifacts, and 6 corporate/platform sources), selected for prominence and practical relevance to implementable governance. The corpus includes, for example, NIST AI RMF [\u003cspan citationid=\"CR5\" class=\"CitationRef\"\u003e5\u003c/span\u003e], ISO standards [\u003cspan citationid=\"CR6\" class=\"CitationRef\"\u003e6\u003c/span\u003e], [\u003cspan citationid=\"CR7\" class=\"CitationRef\"\u003e7\u003c/span\u003e], and international policy guidance [\u003cspan citationid=\"CR8\" class=\"CitationRef\"\u003e8\u003c/span\u003e], [\u003cspan citationid=\"CR9\" class=\"CitationRef\"\u003e9\u003c/span\u003e], [\u003cspan citationid=\"CR11\" class=\"CitationRef\"\u003e11\u003c/span\u003e]; academic evidence artifacts such as Datasheets and Model Cards [\u003cspan citationid=\"CR14\" class=\"CitationRef\"\u003e14\u003c/span\u003e], [\u003cspan citationid=\"CR15\" class=\"CitationRef\"\u003e15\u003c/span\u003e] together with auditing and verifiable-claims mechanisms [\u003cspan citationid=\"CR16\" class=\"CitationRef\"\u003e16\u003c/span\u003e], [\u003cspan citationid=\"CR17\" class=\"CitationRef\"\u003e17\u003c/span\u003e]; and corporate/platform operational guidance including the Microsoft Responsible AI Standard [\u003cspan citationid=\"CR20\" class=\"CitationRef\"\u003e20\u003c/span\u003e], Google\u0026rsquo;s AI responsibility lifecycle [\u003cspan citationid=\"CR32\" class=\"CitationRef\"\u003e32\u003c/span\u003e], AWS responsible AI guidance [\u003cspan citationid=\"CR33\" class=\"CitationRef\"\u003e33\u003c/span\u003e], and cloud data-exchange documentation (AWS Data Exchange [\u003cspan citationid=\"CR34\" class=\"CitationRef\"\u003e34\u003c/span\u003e], Snowflake Marketplace [\u003cspan citationid=\"CR35\" class=\"CitationRef\"\u003e35\u003c/span\u003e], and BigQuery sharing/Analytics Hub [\u003cspan citationid=\"CR36\" class=\"CitationRef\"\u003e36\u003c/span\u003e]).\u003c/p\u003e \u003cp\u003eTABLE V. Coded Evidence Corpus (N\u0026thinsp;=\u0026thinsp;18) and DG-SA Coverage Ratios\u003c/p\u003e \u003cp\u003e \u003cdiv class=\"gridtable\"\u003e\u003ctable float=\"No\" id=\"Tabg\" border=\"1\"\u003e \u003ccolgroup cols=\"6\"\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c1\" colnum=\"1\"\u003e\u003c/div\u003e \u003cdiv align=\"char\" char=\".\" class=\"colspec\" colname=\"c2\" colnum=\"2\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c3\" colnum=\"3\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c4\" colnum=\"4\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c5\" colnum=\"5\"\u003e\u003c/div\u003e \u003cdiv align=\"char\" char=\".\" class=\"colspec\" colname=\"c6\" colnum=\"6\"\u003e\u003c/div\u003e \u003cthead\u003e \u003ctr\u003e \u003cth align=\"left\" colname=\"c1\"\u003e \u003cp\u003eID\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c2\"\u003e \u003cp\u003eYear\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c3\"\u003e \u003cp\u003eType\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c4\"\u003e \u003cp\u003eSource title (short)\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c5\"\u003e \u003cp\u003eCoverage count\u003c/p\u003e \u003cp\u003e(0\u0026ndash;12)\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c6\"\u003e \u003cp\u003eCoverage ratio (%)\u003c/p\u003e \u003c/th\u003e \u003c/tr\u003e \u003c/thead\u003e \u003ctbody\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eA1\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e2010\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eAcademic\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eDesigning data governance (Khatri \u0026amp; Brown) [\u003cspan citationid=\"CR4\" class=\"CitationRef\"\u003e4\u003c/span\u003e]\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003e3/12\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c6\"\u003e \u003cp\u003e25.0\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eA2\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e2019\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eAcademic\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eModel Cards for Model Reporting (Mitchell et al.) [\u003cspan citationid=\"CR15\" class=\"CitationRef\"\u003e15\u003c/span\u003e]\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003e3/12\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c6\"\u003e \u003cp\u003e25.0\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eA3\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e2021\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eAcademic\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eDatasheets for Datasets (Gebru et al.) [\u003cspan citationid=\"CR14\" class=\"CitationRef\"\u003e14\u003c/span\u003e]\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003e3/12\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c6\"\u003e \u003cp\u003e25.0\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eA4\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e2020\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eAcademic\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eClosing the AI accountability gap: internal algorithmic auditing (Raji et al.) [\u003cspan citationid=\"CR16\" class=\"CitationRef\"\u003e16\u003c/span\u003e]\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003e10/12\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c6\"\u003e \u003cp\u003e83.3\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eA5\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e2020\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eAcademic\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eToward trustworthy AI development: mechanisms for supporting verifiable claims (Brundage et al.) [\u003cspan citationid=\"CR17\" class=\"CitationRef\"\u003e17\u003c/span\u003e]\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003e10/12\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c6\"\u003e \u003cp\u003e83.3\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eA6\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e2020\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eAcademic\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eGreen AI (Schwartz et al.) [\u003cspan citationid=\"CR1\" class=\"CitationRef\"\u003e1\u003c/span\u003e]\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003e3/12\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c6\"\u003e \u003cp\u003e25.0\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eC1\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e2022\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eCorporate\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eMicrosoft Responsible AI Standard v2 (General Requirements) [\u003cspan citationid=\"CR20\" class=\"CitationRef\"\u003e20\u003c/span\u003e]\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003e11/12\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c6\"\u003e \u003cp\u003e91.7\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eC2\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e2024\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eCorporate\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eEnd-to-end responsibility: A lifecycle approach to AI (Google) [\u003cspan citationid=\"CR32\" class=\"CitationRef\"\u003e32\u003c/span\u003e]\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003e8/12\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c6\"\u003e \u003cp\u003e66.7\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eC3\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e2024\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eCorporate\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eAWS Responsible Use of AI Guide [\u003cspan citationid=\"CR33\" class=\"CitationRef\"\u003e33\u003c/span\u003e]\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003e10/12\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c6\"\u003e \u003cp\u003e83.3\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eC4\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e2025\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eCorporate\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eAWS Data Exchange User Guide (Overview/Subscribing) [\u003cspan citationid=\"CR34\" class=\"CitationRef\"\u003e34\u003c/span\u003e]\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003e2/12\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c6\"\u003e \u003cp\u003e16.7\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eC5\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e2026\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eCorporate\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eSnowflake Marketplace and Listings Documentation [\u003cspan citationid=\"CR35\" class=\"CitationRef\"\u003e35\u003c/span\u003e]\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003e3/12\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c6\"\u003e \u003cp\u003e25.0\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eC6\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e2026\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eCorporate\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eBigQuery sharing (formerly Analytics Hub) Documentation [\u003cspan citationid=\"CR36\" class=\"CitationRef\"\u003e36\u003c/span\u003e]\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003e3/12\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c6\"\u003e \u003cp\u003e25.0\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eS1\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e2023\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eStandards\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eNIST AI Risk Management Framework 1.0 [\u003cspan citationid=\"CR5\" class=\"CitationRef\"\u003e5\u003c/span\u003e]\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003e11/12\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c6\"\u003e \u003cp\u003e91.7\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eS2\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e2023\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eStandards\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eISO/IEC 23894:2023 AI risk management guidance [\u003cspan citationid=\"CR6\" class=\"CitationRef\"\u003e6\u003c/span\u003e]\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003e10/12\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c6\"\u003e \u003cp\u003e83.3\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eS3\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e2023\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eStandards\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eISO/IEC 42001:2023 AI management system [\u003cspan citationid=\"CR7\" class=\"CitationRef\"\u003e7\u003c/span\u003e]\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003e9/12\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c6\"\u003e \u003cp\u003e75.0\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eS4\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e2019\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eStandards\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eOECD Recommendation on Artificial Intelligence [\u003cspan citationid=\"CR8\" class=\"CitationRef\"\u003e8\u003c/span\u003e]\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003e2/12\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c6\"\u003e \u003cp\u003e16.7\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eS5\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e2021\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eStandards\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eUNESCO Recommendation on the Ethics of Artificial Intelligence [\u003cspan citationid=\"CR9\" class=\"CitationRef\"\u003e9\u003c/span\u003e]\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003e5/12\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c6\"\u003e \u003cp\u003e41.7\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eS6\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e2024\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eStandards\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eEU Artificial Intelligence Act [\u003cspan citationid=\"CR11\" class=\"CitationRef\"\u003e11\u003c/span\u003e]\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003e11/12\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c6\"\u003e \u003cp\u003e91.7\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003c/tbody\u003e \u003c/colgroup\u003e \u003c/table\u003e\u003c/div\u003e \u003c/p\u003e \u003cp\u003e \u003cb\u003eB. Coding protocol and operational decision rule.\u003c/b\u003e Each source was coded across the 12 DG-SA capabilities using a conservative, evidence-based rule: a capability was marked present (1) only when the source specified implementable controls or required evidence (e.g., artifacts, tests, logs, documentation structures, monitoring expectations). Merely stating a principle without operationalization was coded as absent (0). This rule mitigates inflation of coverage that can occur when principle lists are treated as equivalent to implementation guidance. Coding was conducted at the document level (unit of analysis\u0026thinsp;=\u0026thinsp;source), with a maintained coding log to make decisions reviewable.\u003c/p\u003e \u003cp\u003eInter-rater reliability and reproducibility: the present evidence map was produced by a single coder. To make the analysis reviewable, we provide (i) an operationalized codebook (Table I), (ii) the complete 18\u0026times;12 binary coding matrix and source metadata (Appendix D), and (iii) explicit decision rules that prioritize implementable evidence over principle statements. These artifacts enable replication and independent multi-coder reliability assessment as a straightforward extension for future work (Section X).\u003c/p\u003e \u003cp\u003e \u003cb\u003eC. Benchmarkability mapping protocol.\u003c/b\u003e We evaluated benchmarkability for 54 governance survey items (developed to measure DG-SA capabilities). For each item, we attempted to identify a public/open-data proxy that could serve as an external benchmark. Searches were performed between Dec. 2024 and Nov. 2025 using query patterns that combined each construct with terms such as \"benchmark\", \"survey\", \"adoption rate\", \"coverage\", \"maturity\", and \"observability\". A proxy was accepted when it (i) measured an organization-level practice/outcome close to the survey construct, (ii) provided an explicit numeric or clearly bounded estimate, (iii) identified the source organization and reporting year, and (iv) allowed documentation of scope and assumptions. Each mapping was assessed as direct or approximate (Appendix A2), reflecting conceptual distance between the proxy and the survey item.\u003c/p\u003e \u003cp\u003ePublication bias is a known risk in open benchmarking: public surveys tend to over-represent large organizations and consultancies. We therefore treat the benchmarkability dataset as exploratory and emphasize transparent reporting of proxy limitations. The benchmark dataset uses sources such as ISACA [\u003cspan citationid=\"CR23\" class=\"CitationRef\"\u003e23\u003c/span\u003e], Precisely [\u003cspan citationid=\"CR24\" class=\"CitationRef\"\u003e24\u003c/span\u003e], EY [\u003cspan citationid=\"CR25\" class=\"CitationRef\"\u003e25\u003c/span\u003e], Dresner [\u003cspan citationid=\"CR26\" class=\"CitationRef\"\u003e26\u003c/span\u003e], TDAN [\u003cspan citationid=\"CR27\" class=\"CitationRef\"\u003e27\u003c/span\u003e], Fastly [\u003cspan citationid=\"CR28\" class=\"CitationRef\"\u003e28\u003c/span\u003e], the AI Incident Database [\u003cspan citationid=\"CR29\" class=\"CitationRef\"\u003e29\u003c/span\u003e], and McKinsey [\u003cspan citationid=\"CR30\" class=\"CitationRef\"\u003e30\u003c/span\u003e], [\u003cspan citationid=\"CR31\" class=\"CitationRef\"\u003e31\u003c/span\u003e].\u003c/p\u003e \u003cp\u003eProxy provenance/authentication. Public proxy statistics are frequently re-posted across reports and blogs, which can obscure the original survey instrument, sample, and fielding period. To strengthen validity, we authenticate each public proxy against its primary source wherever possible (e.g., the original report PDF or survey owner\u0026rsquo;s publication) and record (i) sampling frame and respondent profile, (ii) sample size, geography, and fielding dates, (iii) question wording (when available), and (iv) licensing/reuse constraints. We summarize this provenance information and assign an authentication tier in Appendix C (Table \u003cspan refid=\"Tab3\" class=\"InternalRef\"\u003eC2\u003c/span\u003e).\u003c/p\u003e \u003cp\u003ePrimary-data pathway via data exchanges. Where public proxies are absent or too coarse, we propose augmenting benchmarkability using primary datasets accessible through cloud data exchanges and marketplaces-including AWS Data Exchange [\u003cspan citationid=\"CR34\" class=\"CitationRef\"\u003e34\u003c/span\u003e], Snowflake Marketplace [\u003cspan citationid=\"CR35\" class=\"CitationRef\"\u003e35\u003c/span\u003e], and BigQuery sharing/Analytics Hub [\u003cspan citationid=\"CR36\" class=\"CitationRef\"\u003e36\u003c/span\u003e]-as well as comparable marketplaces (e.g., Databricks Marketplace [\u003cspan citationid=\"CR37\" class=\"CitationRef\"\u003e37\u003c/span\u003e] and Azure Data Share [\u003cspan citationid=\"CR38\" class=\"CitationRef\"\u003e38\u003c/span\u003e]). These exchanges enable licensed access to structured organizational and ecosystem data (e.g., ESG disclosures, corporate filings, job postings, vulnerability feeds, and energy/carbon intensity datasets) that can operationalize DG-SA indicators with higher resolution and auditability (Appendix C, Table C1). Section VIII provides an empirical demonstration of this pathway using marketplace-distributed electricity carbon-intensity microdata (OWID/Ember) joined with governed AI telemetry to compute an auditable footprint KPI.\u003c/p\u003e \u003cp\u003eTABLE VI. DG-SA Dashboard Blueprint (Illustrative)\u003c/p\u003e \u003cp\u003e \u003cdiv class=\"gridtable\"\u003e\u003ctable float=\"No\" id=\"Tabh\" border=\"1\"\u003e \u003ccolgroup cols=\"3\"\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c1\" colnum=\"1\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c2\" colnum=\"2\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c3\" colnum=\"3\"\u003e\u003c/div\u003e \u003cthead\u003e \u003ctr\u003e \u003cth align=\"left\" colname=\"c1\"\u003e \u003cp\u003eDashboard layer\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c2\"\u003e \u003cp\u003eExample indicators\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c3\"\u003e \u003cp\u003eDecision trigger (example)\u003c/p\u003e \u003c/th\u003e \u003c/tr\u003e \u003c/thead\u003e \u003ctbody\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eGovernance compliance\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eArtifact completeness (%), model card coverage, dataset lineage present/absent\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eBlock release if required evidence pack is incomplete\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eRuntime trust \u0026amp; safety\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eDrift score, policy violations, incident rate, human override rate\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eEscalate to review board if incident rate exceeds threshold\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eSustainability \u0026amp; efficiency\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eEnergy per training run, cost per 1K inferences, utilization, carbon intensity (if available)\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eRequire efficiency review if energy per inference increases\u0026thinsp;\u0026gt;\u0026thinsp;X% QoQ\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003c/tbody\u003e \u003c/colgroup\u003e \u003c/table\u003e\u003c/div\u003e \u003c/p\u003e \u003cp\u003e \u003cb\u003eTABLE VII. Benchmarkable Survey Items and Proxy Coverage (N\u0026thinsp;=\u0026thinsp;13)\u003c/b\u003e \u003c/p\u003e \u003cp\u003e \u003cdiv class=\"gridtable\"\u003e\u003ctable float=\"No\" id=\"Tabi\" border=\"1\"\u003e \u003ccolgroup cols=\"4\"\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c1\" colnum=\"1\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c2\" colnum=\"2\"\u003e\u003c/div\u003e \u003cdiv align=\"char\" char=\".\" class=\"colspec\" colname=\"c3\" colnum=\"3\"\u003e\u003c/div\u003e \u003cdiv align=\"char\" char=\".\" class=\"colspec\" colname=\"c4\" colnum=\"4\"\u003e\u003c/div\u003e \u003cthead\u003e \u003ctr\u003e \u003cth align=\"left\" colname=\"c1\"\u003e \u003cp\u003eQuestion ID\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c2\"\u003e \u003cp\u003eSurvey item (short)\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c3\"\u003e \u003cp\u003e# Sources\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c4\"\u003e \u003cp\u003e# Datapoints\u003c/p\u003e \u003c/th\u003e \u003c/tr\u003e \u003c/thead\u003e \u003ctbody\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eQ10\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eFormal data governance exists in my organization (single select): Yes; In progress; \u0026hellip;\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e3\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c4\"\u003e \u003cp\u003e3\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eQ11\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eFormal AI governance exists in my organization (single select): Yes; In progress; No.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e2\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c4\"\u003e \u003cp\u003e3\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eQ13\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eWe have an ethics review board / model risk committee that reviews AI use cases (Yes\u0026hellip;\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e1\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c4\"\u003e \u003cp\u003e2\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eQ16\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eEstimated monitoring coverage across deployed AI systems (0\u0026ndash;100%).\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e1\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c4\"\u003e \u003cp\u003e2\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eQ19\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eCross-functional training frequency for governance/responsible AI topics (single sel\u0026hellip;\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e1\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c4\"\u003e \u003cp\u003e3\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eQ25\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eOur organization has a defined ethical AI framework that is used in delivery.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e1\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c4\"\u003e \u003cp\u003e1\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eQ39\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eEnergy use is measured per training/inference job.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e1\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c4\"\u003e \u003cp\u003e1\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eQ4\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eAI adoption stage (single select): Exploring; Pilot; Production; Scaling.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e1\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c4\"\u003e \u003cp\u003e3\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eQ41\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eGreen training practices are used (e.g., efficient architectures, scheduling, hardwa\u0026hellip;\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e1\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c4\"\u003e \u003cp\u003e1\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eQ46\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eEstimated reduction in data quality issues after governance (%).\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e1\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c4\"\u003e \u003cp\u003e1\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eQ48\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eEstimated reduction in training energy after efficiency/governance interventions (%).\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e1\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c4\"\u003e \u003cp\u003e2\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eQ51\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eAlignment of AI work with sustainability targets (Likert 1\u0026ndash;5).\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e1\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c4\"\u003e \u003cp\u003e3\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eQ52\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eTop challenge (single select): Fragmented standards; Skill gaps; Tooling gaps; Data \u0026hellip;\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e3\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c4\"\u003e \u003cp\u003e6\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003c/tbody\u003e \u003c/colgroup\u003e \u003c/table\u003e\u003c/div\u003e \u003c/p\u003e \u003cp\u003e \u003cb\u003eD. Statistical treatment. Our analysis is primarily descriptive.\u003c/b\u003e Coverage counts and ratios are computed per capability and per source. To explore whether coverage improves over time, we compute Pearson correlation between publication year and source coverage ratio, reporting r, p-value, and a 95% confidence interval; this is explicitly treated as exploratory because N\u0026thinsp;=\u0026thinsp;18 is small. For benchmarkable items, we report proxy ranges and medians (Fig.\u0026nbsp;\u003cspan refid=\"Fig6\" class=\"InternalRef\"\u003e6\u003c/span\u003e) and provide numeric summaries in text to avoid purely qualitative range descriptions.\u003c/p\u003e "},{"header":"V. RESULTS","content":"\u003cp\u003e \u003cb\u003eA. Capability coverage across the coded corpus.\u003c/b\u003e Figure\u0026nbsp;\u003cspan refid=\"Fig3\" class=\"InternalRef\"\u003e3\u003c/span\u003e summarizes how frequently each DG-SA capability is operationalized across the 18-source corpus. Auditability is the most consistently evidenced capability (15/18 sources), followed by Privacy (13/18) and Human Oversight (12/18). Data Quality and Risk Assessment are each evidenced in 11/18 sources, while Access Control, Model Documentation, and Evaluation/Benchmarking each appear in 10/18 sources. Monitoring/Drift and Incident Response are each operationalized in 9/18 sources. Two capability dimensions remain notably under-specified: Lineage (5/18) and Sustainability/Energy (2/18). This pattern suggests that most influential frameworks provide substantial guidance for compliance-critical controls, but far fewer provide implementable evidence for end-to-end traceability and environmental sustainability.\u003c/p\u003e \u003cp\u003e \u003cb\u003eB. Coverage by source type.\u003c/b\u003e Figure\u0026nbsp;\u003cspan refid=\"Fig4\" class=\"InternalRef\"\u003e4\u003c/span\u003e reports the mean DG-SA coverage ratio by source type. Standards/policy sources have the highest mean coverage (66.7%), followed by corporate/platform sources (51.4%), and academic artifacts (44.4%). The higher standards coverage is driven by comprehensive, multi-domain requirements (e.g., NIST AI RMF and the EU AI Act), while principle-only sources contribute fewer evidence-oriented controls. Academic artifacts tend to be deep in a small subset of capabilities (e.g., documentation, auditing, or sustainability), rather than broad across the full DG-SA set.\u003c/p\u003e \u003cp\u003e \u003cb\u003eC. Temporal trend (exploratory).\u003c/b\u003e Figure\u0026nbsp;\u003cspan refid=\"Fig5\" class=\"InternalRef\"\u003e5\u003c/span\u003e plots DG-SA coverage ratio against publication year. The Pearson correlation is r\u0026thinsp;=\u0026thinsp;0.22 (n\u0026thinsp;=\u0026thinsp;18, p\u0026thinsp;=\u0026thinsp;0.372; 95% CI [-0.27, 0.63]). The direction is weakly positive but not statistically distinguishable from zero at conventional thresholds, reinforcing that gaps (especially sustainability/energy and lineage) persist even in recent governance sources.\u003c/p\u003e \u003cp\u003e \u003cb\u003eD. Open benchmarkability ratio.\u003c/b\u003e Table VII reports that 13 of 54 governance survey items (24.1%) can be mapped to public/open-data proxies with sufficient specificity for external benchmarking. To avoid treating secondary re-publications as primary evidence, we authenticate proxy sources where possible and record sampling and methodological metadata (Appendix C). The low benchmarkability ratio indicates that most governance constructs are currently measured internally (or qualitatively), rather than through externally observable indicators; this motivates the data-exchange primary-data pathway described in Section IV.C and Appendix C.\u003c/p\u003e \u003cp\u003e \u003cb\u003eE. Range behavior for benchmarkable items.\u003c/b\u003e For items with percent-like numeric proxies (Fig.\u0026nbsp;\u003cspan refid=\"Fig6\" class=\"InternalRef\"\u003e6\u003c/span\u003e), dispersion is substantial for several constructs (e.g., Q10 ranges from 31% to 71% across sources). Even when medians are stable, ranges often reflect differences in survey framing, geography, and respondent roles. This reinforces the need to report provenance and to prefer primary microdata (or traceable marketplace datasets) when converting survey results into benchmark indicators.\u003c/p\u003e \u003cp\u003e \u003cb\u003eTABLE VIII. Percent-like Proxy Summary for Selected Benchmarkable Survey Items\u003c/b\u003e \u003c/p\u003e \u003cp\u003e \u003cdiv class=\"gridtable\"\u003e\u003ctable float=\"No\" id=\"Tabj\" border=\"1\"\u003e \u003ccolgroup cols=\"5\"\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c1\" colnum=\"1\"\u003e\u003c/div\u003e \u003cdiv align=\"char\" char=\".\" class=\"colspec\" colname=\"c2\" colnum=\"2\"\u003e\u003c/div\u003e \u003cdiv align=\"char\" char=\".\" class=\"colspec\" colname=\"c3\" colnum=\"3\"\u003e\u003c/div\u003e \u003cdiv align=\"char\" char=\".\" class=\"colspec\" colname=\"c4\" colnum=\"4\"\u003e\u003c/div\u003e \u003cdiv align=\"char\" char=\".\" class=\"colspec\" colname=\"c5\" colnum=\"5\"\u003e\u003c/div\u003e \u003cthead\u003e \u003ctr\u003e \u003cth align=\"left\" colname=\"c1\"\u003e \u003cp\u003eQuestion ID\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c2\"\u003e \u003cp\u003e# proxies\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c3\"\u003e \u003cp\u003eMin\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c4\"\u003e \u003cp\u003eMedian\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c5\"\u003e \u003cp\u003eMax\u003c/p\u003e \u003c/th\u003e \u003c/tr\u003e \u003c/thead\u003e \u003ctbody\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eQ10\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e3\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e31.0\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c4\"\u003e \u003cp\u003e32.0\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c5\"\u003e \u003cp\u003e71.0\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eQ11\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e2\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e28.0\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c4\"\u003e \u003cp\u003e29.5\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c5\"\u003e \u003cp\u003e31.0\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eQ13\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e2\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e61.0\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c4\"\u003e \u003cp\u003e67.5\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c5\"\u003e \u003cp\u003e74.0\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eQ16\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e2\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e9.5\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c4\"\u003e \u003cp\u003e10.2\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c5\"\u003e \u003cp\u003e11.0\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eQ19\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e3\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e22.0\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c4\"\u003e \u003cp\u003e32.0\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c5\"\u003e \u003cp\u003e35.0\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eQ39\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e1\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e67.0\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c4\"\u003e \u003cp\u003e67.0\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c5\"\u003e \u003cp\u003e67.0\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eQ46\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e1\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e68.0\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c4\"\u003e \u003cp\u003e68.0\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c5\"\u003e \u003cp\u003e68.0\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eQ48\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e2\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e30.0\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c4\"\u003e \u003cp\u003e40.0\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c5\"\u003e \u003cp\u003e50.0\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eQ51\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c2\"\u003e \u003cp\u003e3\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c3\"\u003e \u003cp\u003e28.0\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c4\"\u003e \u003cp\u003e36.0\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"char\" char=\".\" colname=\"c5\"\u003e \u003cp\u003e45.0\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003c/tbody\u003e \u003c/colgroup\u003e \u003c/table\u003e\u003c/div\u003e \u003c/p\u003e \u003cp\u003e \u003cb\u003eF. Sustainability proxy scarcity.\u003c/b\u003e SustainabilityEnergy is the least represented DG-SA capability in the coded corpus (11.1%). Consistently, the benchmarkability dataset contains only limited public proxies for energy/footprint governance. For example, a Fastly report indicates that more than two-thirds of surveyed organizations track training and inference energy separately (Q39), but such statements rarely include standardized measurement baselines or comparable denominators. This reinforces the conclusion that sustainable AI governance needs stronger measurement conventions, and that open benchmarking in this area remains early-stage [\u003cspan citationid=\"CR1\" class=\"CitationRef\"\u003e1\u003c/span\u003e], [\u003cspan citationid=\"CR12\" class=\"CitationRef\"\u003e12\u003c/span\u003e].\u003c/p\u003e "},{"header":"VI. SYNTHESIS AND DISCUSSION","content":" \u003cp\u003eThe evidence map and benchmarkability analysis jointly suggest a practical interpretation: governance is increasingly well-specified for compliance-critical capabilities (privacy, auditability, risk assessment), but weaker for operational and sustainability-centric capabilities. The benchmarkability ratio adds an additional constraint-public/open benchmarking is possible for only about one-quarter of governance survey items, and even these require proxies that may be conceptually approximate.\u003c/p\u003e \u003cp\u003e \u003cstrong\u003eImplication 1 (measurement-first governance)\u003c/strong\u003e \u003cp\u003eorganizations should treat public benchmarks as a complement, not a substitute, for internal evidence packs. External proxies can offer directional signals (e.g., typical governance adoption or monitoring coverage), while acceptance decisions for high-risk AI must rely on auditable internal evidence (tests, logs, red-team reports, model cards).\u003c/p\u003e \u003cp\u003e \u003cstrong\u003eImplication 2 (AI-specific differentiation)\u003c/strong\u003e \u003cp\u003eseveral DG-SA capabilities are explicitly AI-specific (ModelDocumentation, EvaluationBenchmarking, MonitoringDrift, HumanOversight, SustainabilityEnergy). These are precisely the areas where generic data governance is insufficient because models evolve, drift, and interact with humans and environments. The coded corpus shows these capabilities are less consistently operationalized than privacy and auditability, suggesting a priority area for future standards work.\u003c/p\u003e\u003cp\u003e \u003cstrong\u003eImplication 3 (sustainable AI as operational practice)\u003c/strong\u003e \u003cp\u003esustainable AI governance must be integrated into lifecycle operations, not treated as an after-the-fact reporting exercise. Evidence needs to include measurement methods, thresholds, and response playbooks (e.g., what action is taken when energy per inference rises above a budget).\u003c/p\u003e \u003c/p\u003e"},{"header":"VII. MINI-CASE INSTANTIATION: LLM-BASED BUSINESS ASSISTANT","content":"\u003cp\u003eTo address application-oriented expectations, we instantiate DG-SA for a realistic enterprise automation case: a retrieval-augmented LLM assistant that answers customer queries and drafts compliant responses. The system consumes enterprise knowledge bases and ticket histories, performs retrieval and prompt orchestration (Data AIService), executes an LLM endpoint (Model AIService), applies policy/guardrail logic (Algo AIService), and exposes the capability via an API and web interface.\u003c/p\u003e \u003cp\u003e \u003c/p\u003e \u003cp\u003eIn this mini-case, DG-SA capabilities translate into concrete artifacts. For example, ModelDocumentation is realized via a model card documenting intended use, known failure modes, and training data constraints [\u003cspan citationid=\"CR15\" class=\"CitationRef\"\u003e15\u003c/span\u003e]. EvaluationBenchmarking requires a benchmark suite (including red-team prompts) and acceptance thresholds before release [\u003cspan citationid=\"CR16\" class=\"CitationRef\"\u003e16\u003c/span\u003e], [\u003cspan citationid=\"CR17\" class=\"CitationRef\"\u003e17\u003c/span\u003e]. MonitoringDrift is implemented as runtime dashboards tracking response quality, safety violations, and retrieval health. SustainabilityEnergy becomes actionable when the assistant reports energy per request and enforces compute budgets, aligned to Green AI reporting practices [\u003cspan citationid=\"CR1\" class=\"CitationRef\"\u003e1\u003c/span\u003e], [\u003cspan citationid=\"CR12\" class=\"CitationRef\"\u003e12\u003c/span\u003e].\u003c/p\u003e \u003cp\u003eTABLE IX. Mini-Case: Example DG-SA Evidence Artifacts and Lifecycle Use\u003c/p\u003e \u003cp\u003e \u003cdiv class=\"gridtable\"\u003e\u003ctable float=\"No\" id=\"Tabk\" border=\"1\"\u003e \u003ccolgroup cols=\"4\"\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c1\" colnum=\"1\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c2\" colnum=\"2\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c3\" colnum=\"3\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c4\" colnum=\"4\"\u003e\u003c/div\u003e \u003cthead\u003e \u003ctr\u003e \u003cth align=\"left\" colname=\"c1\"\u003e \u003cp\u003eDG-SA capability\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c2\"\u003e \u003cp\u003ePrimary artifact\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c3\"\u003e \u003cp\u003eWhat it evidences\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c4\"\u003e \u003cp\u003eWhere used\u003c/p\u003e \u003c/th\u003e \u003c/tr\u003e \u003c/thead\u003e \u003ctbody\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eModelDocumentation\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eModel card\u0026thinsp;+\u0026thinsp;change log\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eModel choice, version, limitations\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eRelease gate (DoD)\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eEvaluationBenchmarking\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eBenchmark\u0026thinsp;+\u0026thinsp;red-team report\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eAccuracy, safety, latency thresholds\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eRelease gate (DoD)\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eMonitoringDrift\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eQuality \u0026amp; drift dashboards\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eRetrieval hit-rate, hallucination indicators\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eOperate\u0026thinsp;+\u0026thinsp;rollback\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eIncidentResponse\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eAI incident runbook\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eSafety incident triage, escalation\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eOperate\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eSustainabilityEnergy\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eEnergy/footprint report\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eEnergy per request, budget adherence\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eOperate\u0026thinsp;+\u0026thinsp;scale decision\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003c/tbody\u003e \u003c/colgroup\u003e \u003c/table\u003e\u003c/div\u003e \u003c/p\u003e"},{"header":"VIII. MARKETPLACE MICRODATA DEMONSTRATION","content":"\u003cp\u003ePublic/open proxies are often too coarse to benchmark sustainability-oriented AI governance. This section provides a concrete empirical demonstration of how cloud data marketplaces can supply primary microdata that, when joined with governed AI telemetry and lineage, yields audit-ready sustainability indicators.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eA. Dataset and provenance.\u003c/strong\u003e We use the Our World in Data (OWID) energy dataset, which includes a country-year series for the lifecycle carbon intensity of electricity (carbon_intensity_elec, in gCO₂e/kWh). OWID curates these series from primary energy-system sources (e.g., Ember) and distributes the dataset both directly and through data-marketplace channels (e.g., Snowflake data sharing). For the illustration below, we use 2024 values to reflect recent grids while avoiding partial-year artifacts. [39], [40].\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eB. Demonstration 1:\u003c/strong\u003e Carbon-intensity dispersion across illustrative cloud regions. To highlight why SustainableAI/Energy governance must capture region metadata, we map a set of commonly used cloud regions to their host countries and compare 2024 electricity carbon intensity. Fig. 8 shows a wide dispersion: across these regions, carbon intensity ranges from approximately 41 gCO₂e/kWh (France) to approximately 707 gCO₂e/kWh (India), a \u0026asymp;17\u0026times; spread. This implies that identical AI workloads can have order-of-magnitude different operational emissions solely due to regional electricity mix, making location-aware telemetry and standardized reference data a governance requirement\u0026mdash;not an optional sustainability add-on. [39].\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eC. Demonstration 2:\u003c/strong\u003e Marketplace microdata join for an auditable AI footprint KPI. DG-SA treats sustainability as measurable control. A minimal auditable KPI is per-model or per-release emissions, computed as: Emissions (kgCO₂e) = \u0026Sigma;_r,t E_r,t (kWh) \u0026times; CI_r,t (gCO₂e/kWh) / 1000, where E_r,t is governed AI energy telemetry (or GPU-hours converted to kWh) and CI_r,t is carbon-intensity microdata for the execution region and time. Fig. 9 summarizes the join pattern: an external carbon-intensity feed becomes decision-grade once connected to internal telemetry, model documentation, and lineage under governance control.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eD. Implications for benchmarkability.\u003c/strong\u003e The demonstration operationalizes the SustainabilityEnergy capability as an externally auditable indicator, even when public benchmarking surveys provide only high-level adoption percentages. In practice, organizations can standardize reporting (e.g., per-model emissions per 1,000 inferences; per-training-run emissions with uncertainty bounds) and publish comparable statistics using a combination of internal evidence and marketplace-sourced reference microdata. This provides a pragmatic route to closing the measurement gap identified in Section V.\u003c/p\u003e"},{"header":"IX. LIFECYCLE OPERATING MODEL AND MINIMUM EVIDENCE PACK","content":"\u003cp\u003eDG-SA is intended for forward-engineering delivery. We therefore propose a lifecycle operating model that separates four planes-data, model, runtime, and feedback-so that evidence can be produced and accepted at gates. This helps reconcile two realities: (i) governance must be enforced during build, integration, and operations; and (ii) sustainable AI requires continuous measurement and improvement loops.\u003c/p\u003e \u003cp\u003eWe define a minimum evidence pack to make acceptance decisions auditable. The evidence pack aligns to typical release gates (build, verification, UAT, go-live) and includes: model evaluation evidence, security and privacy controls, monitoring readiness, incident response runbooks, and sustainability reporting. Table X summarizes this minimum pack.\u003c/p\u003e \u003cp\u003eTABLE X. Minimum Evidence Pack for DG-SA Acceptance\u003c/p\u003e \u003cp\u003e \u003cdiv class=\"gridtable\"\u003e\u003ctable float=\"No\" id=\"Tabl\" border=\"1\"\u003e \u003ccolgroup cols=\"3\"\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c1\" colnum=\"1\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c2\" colnum=\"2\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c3\" colnum=\"3\"\u003e\u003c/div\u003e \u003cthead\u003e \u003ctr\u003e \u003cth align=\"left\" colname=\"c1\"\u003e \u003cp\u003eLifecycle phase\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c2\"\u003e \u003cp\u003eMinimum evidence artifacts (examples)\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c3\"\u003e \u003cp\u003eGate decision (example)\u003c/p\u003e \u003c/th\u003e \u003c/tr\u003e \u003c/thead\u003e \u003ctbody\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eData onboarding\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eDatasheet, lineage record, access/privacy classification, quality checks\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eReject dataset if lineage or privacy constraints are missing\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eModel development\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eModel card draft, evaluation plan, benchmark suite, risk register entry\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eBlock training if evaluation plan is undefined\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003ePre-release validation\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eBenchmark results, robustness tests, red-team notes, monitoring plan, rollback plan\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eRelease only if thresholds met and rollback defined\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eProduction operation\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eDrift dashboard, incident logs, periodic audit report, sustainability metrics\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eEscalate if incidents/drift exceed thresholds\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003c/tbody\u003e \u003c/colgroup\u003e \u003c/table\u003e\u003c/div\u003e \u003c/p\u003e \u003cp\u003eResearch propositions (forward-looking): P1-Benchmarkable metrics will expand as observability and AI management systems mature, but sustainability metrics will lag unless standardized measurement conventions are adopted. P2-Evidence packs will become the dominant governance mechanism for high-risk AI because they bind requirements to auditable artifacts. P3-Organizations will increasingly integrate AI incident response with security incident response, supported by centralized audit logging and traceability. P4-AI sustainability will shift from voluntary reporting to budgeted operational constraints (e.g., energy per inference budgets) as compute costs and regulatory attention increase.\u003c/p\u003e"},{"header":"X. LIMITATIONS AND FUTURE WORK","content":"\u003cp\u003e \u003cstrong\u003eInternal validity\u003c/strong\u003e \u003cp\u003ethe evidence map relies on a curated corpus (N\u0026thinsp;=\u0026thinsp;18) and binary coding. Binary coding improves transparency but can under-represent partial coverage; this is a deliberate conservative choice.\u003c/p\u003e \u003cp\u003e \u003cstrong\u003eExternal validity\u003c/strong\u003e \u003cp\u003ethe corpus is not exhaustive, and corporate/platform sources may reflect sector-specific operating models.\u003c/p\u003e \u003cp\u003e \u003cb\u003eReliability\u003c/b\u003e: the present version reports single-coder results, but provides the full coding matrix and decision rules (Appendix D) so that other researchers can replicate the coding and compute inter-rater reliability in follow-on studies. Benchmarkability limitations: public proxies are sparse, noisy, and biased toward organizations that publish surveys and reports; we mitigate this with a provenance/authentication rubric (Appendix C) and propose a primary-data pathway via data exchanges (Section IV.C).\u003c/p\u003e \u003cp\u003e \u003cstrong\u003eBenchmarkability limitations\u003c/strong\u003e \u003cp\u003eopen proxies are sparse, noisy, and biased toward large organizations that publish surveys and reports. Proxy mappings may be approximate when constructs do not align perfectly. Future work should develop standardized open benchmarks for AI governance and sustainability, including common denominators for energy reporting (e.g., energy per inference normalized by workload).\u003c/p\u003e \u003cp\u003e \u003cstrong\u003eFuture research directions include\u003c/strong\u003e \u003cp\u003eexpanding the corpus across additional sectors and regions; developing ordinal or weighted coverage scoring to complement binary coding; instantiating DG-SA in multiple AI applications (e.g., credit scoring, medical triage) to test usability; and studying how DG-SA evidence packs influence operational outcomes such as incident rates, audit findings, and compute efficiency over time.\u003c/p\u003e"},{"header":"XI. CONCLUSION","content":"\u003cp\u003eThis paper presented DG-SA, a measurement-first governance model for sustainable AI. By combining a 12-dimension capability model with an evidence map and an explicit open benchmarkability analysis, the study moves beyond descriptive governance narratives toward testable, auditable constructs. Empirically, we find that compliance-critical capabilities (privacy, auditability, risk assessment) are most consistently operationalized across influential sources, while sustainability/energy governance is least operationalized. We also show that only 24.1% of governance survey items are benchmarkable via public/open data proxies. Finally, we propose a lifecycle operating model and minimum evidence pack to support engineering delivery and operations. Collectively, these contributions support sustainable AI as an implementable organizational practice and provide a baseline for future empirical research in AI governance measurement.\u003c/p\u003e"},{"header":"Declarations","content":"\u003cp\u003e\u003cstrong\u003eFunding:\u0026nbsp;\u003c/strong\u003eThe authors received no specific funding for this work.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eCompeting interests:\u0026nbsp;\u003c/strong\u003eThe authors declare no competing interests.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eData availability:\u0026nbsp;\u003c/strong\u003eAll external datasets referenced in the empirical demonstration are publicly accessible from their primary publishers; derived analysis outputs (country-year carbon intensity subset, figures, and the mapping used in Fig. 8) are provided as supplementary material. The coded evidence matrix and proxy mapping tables are included in the appendices.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eCode availability:\u0026nbsp;\u003c/strong\u003eThe scripts used to generate the empirical figures and descriptive statistics are provided as supplementary material to support reproducibility.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eEthics approval and consent to participate:\u0026nbsp;\u003c/strong\u003eNot applicable; this study does not involve human participants or personal data.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eConsent for publication:\u0026nbsp;\u003c/strong\u003eNot applicable.\u003c/p\u003e"},{"header":"References","content":"\u003col\u003e\n\u003cli\u003eR. Schwartz, J. Dodge, N. A. Smith, and O. Etzioni, \u0026quot;Green AI,\u0026quot; Commun. ACM, vol. 63, no. 12, pp. 54\u0026ndash;63, 2020. doi: 10.1145/3381831. Available: https://dl.acm.org/doi/10.1145/3381831\u003c/li\u003e\n\u003cli\u003eE. Strubell, A. Ganesh, and A. McCallum, \u0026ldquo;Energy and policy considerations for deep learning in NLP,\u0026rdquo; in Proc. ACL, 2019. [Online]. Available: https://aclanthology.org/P19-1355/. Accessed: Jan. 29, 2026.\u003c/li\u003e\n\u003cli\u003eP. Weill and J. W. Ross, IT Governance: How Top Performers Manage IT Decision Rights for Superior Results. Boston, MA, USA: Harvard Business School Press, 2004. Available: https://hbr.org/product/it-governance/8468\u003c/li\u003e\n\u003cli\u003eV. Khatri and C. V. Brown, \u0026quot;Designing data governance,\u0026quot; Commun. ACM, vol. 53, no. 1, pp. 148\u0026ndash;152, 2010. doi: 10.1145/1629175.1629210. Available: https://dl.acm.org/doi/10.1145/1629175.1629210\u003c/li\u003e\n\u003cli\u003eNational Institute of Standards and Technology (NIST), \u0026quot;Artificial Intelligence Risk Management Framework (AI RMF 1.0),\u0026quot; NIST AI 100-1, 2023. Available: https://www.nist.gov/itl/ai-risk-management-framework\u003c/li\u003e\n\u003cli\u003eISO/IEC 23894:2023, \u0026quot;Information technology - Artificial intelligence - Guidance on risk management,\u0026quot; International Organization for Standardization, 2023. Available: https://www.iso.org/standard/77304.html\u003c/li\u003e\n\u003cli\u003eISO/IEC 42001:2023, \u0026quot;Information technology - Artificial intelligence - Management system,\u0026quot; International Organization for Standardization, 2023. Available: https://www.iso.org/standard/81230.html\u003c/li\u003e\n\u003cli\u003eOECD, \u0026quot;Recommendation of the Council on Artificial Intelligence,\u0026quot; 2019. Available: https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0449\u003c/li\u003e\n\u003cli\u003eUNESCO, \u0026quot;Recommendation on the Ethics of Artificial Intelligence,\u0026quot; 2021. Available: https://unesdoc.unesco.org/ark:/48223/pf0000380455\u003c/li\u003e\n\u003cli\u003eRegulation (EU) 2016/679 (General Data Protection Regulation), 2016. Available: https://eur-lex.europa.eu/eli/reg/2016/679/oj\u003c/li\u003e\n\u003cli\u003eRegulation (EU) 2024/1689 (Artificial Intelligence Act), 2024. Available: https://eur-lex.europa.eu/eli/reg/2024/1689/oj\u003c/li\u003e\n\u003cli\u003eP. Henderson et al., \u0026ldquo;Towards the systematic reporting of the energy and carbon footprints of machine learning,\u0026rdquo; J. Mach. Learn. Res., vol. 21, 2020. [Online]. Available: https://jmlr.org/papers/v21/20-312.html. Accessed: Jan. 29, 2026.\u003c/li\u003e\n\u003cli\u003eD. Patterson et al., \u0026quot;Carbon emissions and large neural network training,\u0026quot; arXiv:2104.10350, 2021. Available: https://arxiv.org/abs/2104.10350\u003c/li\u003e\n\u003cli\u003eT. Gebru et al., \u0026quot;Datasheets for Datasets,\u0026quot; Commun. ACM, vol. 64, no. 12, pp. 86\u0026ndash;92, 2021. doi: 10.1145/3458723. Available: https://dl.acm.org/doi/10.1145/3458723\u003c/li\u003e\n\u003cli\u003eM. Mitchell et al., \u0026quot;Model Cards for Model Reporting,\u0026quot; in Proc. FAT* (now FAccT), 2019, pp. 220\u0026ndash;229. doi: 10.1145/3287560.3287596. Available: https://dl.acm.org/doi/10.1145/3287560.3287596\u003c/li\u003e\n\u003cli\u003eI. D. Raji et al., \u0026ldquo;Closing the AI accountability gap: Defining an end-to-end framework for internal algorithmic auditing,\u0026rdquo; 2020. [Online]. Available: https://arxiv.org/abs/2001.00973. Accessed: Jan. 29, 2026.\u003c/li\u003e\n\u003cli\u003eB. Brundage et al., \u0026quot;Toward trustworthy AI development: mechanisms for supporting verifiable claims,\u0026quot; arXiv:2004.07213, 2020. Available: https://arxiv.org/abs/2004.07213\u003c/li\u003e\n\u003cli\u003eB. Mittelstadt, \u0026quot;Principles alone cannot guarantee ethical AI,\u0026quot; Nat. Mach. Intell., vol. 1, pp. 501\u0026ndash;507, 2019. doi: 10.1038/s42256-019-0114-4. Available: https://www.nature.com/articles/s42256-019-0114-4\u003c/li\u003e\n\u003cli\u003eL. Floridi and J. Cowls, \u0026quot;A Unified Framework of Five Principles for AI in Society,\u0026quot; Harvard Data Science Review, 2019. doi: 10.1162/99608f92.8cd550d1. Available: https://hdsr.mitpress.mit.edu/pub/l0jsh9d1\u003c/li\u003e\n\u003cli\u003eMicrosoft, \u0026ldquo;Responsible AI Standard v2: General Requirements,\u0026rdquo; 2022. [Online]. Available: https://aka.ms/RAIStandard. Accessed: Jan. 29, 2026.\u003c/li\u003e\n\u003cli\u003eGoogle, \u0026quot;AI Principles,\u0026quot; 2018. Available: https://ai.google/principles/\u003c/li\u003e\n\u003cli\u003eIBM, \u0026quot;Everyday Ethics for Artificial Intelligence,\u0026quot; 2019. Available: https://www.ibm.com/watson/assets/duo/pdf/everydayethics.pdf\u003c/li\u003e\n\u003cli\u003eISACA, \u0026ldquo;AI use is outpacing policy and governance, ISACA finds,\u0026rdquo; 2025. [Online]. Available: https://www.isaca.org/resources/news-and-trends/newsroom/2025/ai-use-is-outpacing-policy-and-governance-isaca-finds. Accessed: Jan. 29, 2026.\u003c/li\u003e\n\u003cli\u003ePrecisely, \u0026ldquo;Data governance adoption has risen dramatically,\u0026rdquo; 2025. [Online]. Available: https://www.precisely.com/blog/data-governance/data-governance-adoption-has-risen-dramatically. Accessed: Jan. 29, 2026.\u003c/li\u003e\n\u003cli\u003eEY, \u0026ldquo;Responsible AI Pulse Survey,\u0026rdquo; 2025. [Online]. Available: https://www.ey.com/en_gl/insights/ai/ey-responsible-ai-pulse-survey. Accessed: Jan. 29, 2026.\u003c/li\u003e\n\u003cli\u003eDresner Advisory Services, \u0026ldquo;Data governance and master data management market study,\u0026rdquo; 2024. [Online]. Available: https://www.dresneradvisory.com/market-studies/data-governance-master-data-management. Accessed: Jan. 29, 2026.\u003c/li\u003e\n\u003cli\u003eThe Data Administration Newsletter (TDAN), \u0026ldquo;State of Data Governance 2024,\u0026rdquo; 2024. [Online]. Available: https://tdan.com/state-of-data-governance-2024/. Accessed: Jan. 29, 2026.\u003c/li\u003e\n\u003cli\u003eFastly, \u0026ldquo;AI Energy Pulse Check: How 500 experts feel about AI energy consumption,\u0026rdquo; 2025. [Online]. Available: https://www.fastly.com/blog/ai-energy-pulse-check-how-500-experts-feel-about-ai-energy-consumption. Accessed: Jan. 29, 2026.\u003c/li\u003e\n\u003cli\u003eAI Incident Database (AIID), \u0026quot;AI Incident Database,\u0026quot; accessed 2025. Available: https://incidentdatabase.ai/\u003c/li\u003e\n\u003cli\u003eMcKinsey \u0026amp; Company, \u0026ldquo;Trust in AI will help determine its future at work,\u0026rdquo; 2025. [Online]. Available: https://www.mckinsey.com/capabilities/quantumblack/our-insights/trust-in-ai-will-help-determine-its-future-at-work. Accessed: Jan. 29, 2026.\u003c/li\u003e\n\u003cli\u003eMcKinsey \u0026amp; Company, \u0026ldquo;The state of AI: How organizations are rewiring to capture value,\u0026rdquo; 2024. [Online]. Available: https://www.mckinsey.com/capabilities/quantumblack/our-insights/the-state-of-ai. Accessed: Jan. 29, 2026.\u003c/li\u003e\n\u003cli\u003eGoogle, \u0026ldquo;End-to-end responsibility: A lifecycle approach to AI (AI Responsibility 2024 update),\u0026rdquo; 2024. [Online]. Available: https://ai.google/static/documents/ai-responsibility-2024-update.pdf. Accessed: Jan. 29, 2026.\u003c/li\u003e\n\u003cli\u003eAmazon Web Services, \u0026ldquo;AWS Responsible Use of AI Guide,\u0026rdquo; 2024. [Online]. Available: https://d1.awsstatic.com/whitepapers/aws-responsible-use-of-ai-guide.pdf. Accessed: Jan. 29, 2026.\u003c/li\u003e\n\u003cli\u003eAmazon Web Services, \u0026ldquo;AWS Data Exchange User Guide,\u0026rdquo; 2025. [Online]. Available: https://docs.aws.amazon.com/pdfs/data-exchange/latest/userguide/data-exchange-ug.pdf. Accessed: Jan. 29, 2026.\u003c/li\u003e\n\u003cli\u003eSnowflake, \u0026ldquo;About listings,\u0026rdquo; Snowflake Documentation, 2026. [Online]. Available: https://docs.snowflake.com/en/collaboration/collaboration-listings-about. Accessed: Jan. 29, 2026.\u003c/li\u003e\n\u003cli\u003eGoogle Cloud, \u0026ldquo;Introduction to BigQuery sharing and Analytics Hub,\u0026rdquo; Google Cloud Documentation, 2026. [Online]. Available: https://cloud.google.com/bigquery/docs/analytics-hub-introduction. Accessed: Jan. 29, 2026.\u003c/li\u003e\n\u003cli\u003eDatabricks, \u0026ldquo;Databricks Marketplace documentation,\u0026rdquo; 2026. [Online]. Available: https://docs.databricks.com/en/marketplace/. Accessed: Jan. 29, 2026.\u003c/li\u003e\n\u003cli\u003eMicrosoft, \u0026ldquo;What is Azure Data Share?,\u0026rdquo; 2026. [Online]. Available: https://learn.microsoft.com/en-us/azure/data-share/overview. Accessed: Jan. 29, 2026.\u003c/li\u003e\n\u003cli\u003eOur World in Data (OWID), \u0026ldquo;Energy Data,\u0026rdquo; 2026. [Online]. Available: https://github.com/owid/energy-data. Accessed: Jan. 29, 2026.\u003c/li\u003e\n\u003cli\u003eSnowflake, \u0026ldquo;Using Our World in Data CO₂ and Greenhouse Gas Emissions Data on Snowflake,\u0026rdquo; Snowflake Quickstart, 2026. [Online]. Available: https://quickstarts.snowflake.com/guide/using_our_world_in_data_co2_and_greenhouse_gas_emissions_data_on_snowflake/. Accessed: Jan. 29, 2026.\u003c/li\u003e\n\u003cli\u003eAmazon Web Services (AWS) Marketplace, \u0026ldquo;EDGAR 10‑K \u0026amp; 10‑Q Filings (stock and CIK) \u0026ndash; 20 years (historical) (Analytext),\u0026rdquo; 2026. [Online]. Available: https://aws.amazon.com/marketplace/pp/prodview-nrrfa4m4vda4k. Accessed: Jan. 29, 2026.\u003c/li\u003e\n\u003cli\u003eSnowflake, \u0026ldquo;SEC data from CIK and ticker symbol,\u0026rdquo; Snowflake Documentation, 2026. [Online]. Available: https://docs.snowflake.com/en/user-guide/sample-data-sec. Accessed: Jan. 29, 2026.\u003c/li\u003e\n\u003cli\u003eGoogle Cloud, \u0026ldquo;SEC Filings dataset,\u0026rdquo; BigQuery Public Datasets, 2026. [Online]. Available: https://cloud.google.com/bigquery/public-data/sec-filings. Accessed: Jan. 29, 2026.\u003c/li\u003e\n\u003c/ol\u003e"}],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":true,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":true,"hideJournal":true,"highlight":"","institution":"","isAcceptedByJournal":false,"isAuthorSuppliedPdf":false,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":false,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true},"keywords":"Data governance, sustainable AI, responsible AI, AI governance, benchmarkability, evidence maps, marketplace microdata, carbon intensity, monitoring and drift, Green AI","lastPublishedDoi":"10.21203/rs.3.rs-8734900/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-8734900/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"\u003cp\u003eSustainable AI requires more than ethical principles: organizations need measurable, auditable governance that links data controls, model lifecycle evidence, and operational monitoring to sustainability outcomes. This paper advances a measurement-first approach by (i) defining a 12-capability Data Governance for Sustainable AI (DG-SA) model with implementable evidence artifacts, (ii) mapping 18 influential standards, academic artifacts, and corporate frameworks to DG-SA using a conservative evidence-based coding protocol, and (iii) quantifying an open benchmarkability ratio over 54 governance survey items. Empirically, only 13 of 54 items (24.1%) admit defensible public/open-data proxy benchmarking, revealing a practical gap between what governance frameworks prescribe and what can be benchmarked externally. To address this gap, we incorporate a marketplace microdata pathway and demonstrate\u0026mdash;using publicly available energy microdata distributed via cloud marketplaces\u0026mdash;how joining governed AI telemetry with region-specific electricity carbon-intensity data yields audit-ready sustainability KPIs. In an illustrative cloud-region comparison for 2024, carbon intensity varies by approximately 17\u0026times; across common regions, underscoring the need for governance-grade measurement conventions. We further provide a lifecycle operating model, dashboard blueprint, and minimum evidence pack (dashboards, runbooks, and decision gates) to make DG-SA actionable in production settings. The resulting artifacts translate sustainable AI governance from principle lists into testable, reproducible constructs and operational controls.\u003c/p\u003e","manuscriptTitle":"Data Governance for Sustainable AI in Organizations: A Benchmarkability-First Capability Model, Evidence Map, and Marketplace Microdata Demonstration","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2026-01-30 07:42:02","doi":"10.21203/rs.3.rs-8734900/v1","editorialEvents":[{"type":"communityComments","content":0}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"6b89e491-96e1-4507-bfe5-820bb0020e9c","owner":[],"postedDate":"January 30th, 2026","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"posted","subjectAreas":[{"id":61993560,"name":"Artificial Intelligence and Machine Learning"},{"id":61993561,"name":"Computer Architecture and Engineering"},{"id":61993562,"name":"Software Engineering"},{"id":61993563,"name":"Information Retrieval and Management"}],"tags":[],"updatedAt":"2026-01-30T07:42:03+00:00","versionOfRecord":[],"versionCreatedAt":"2026-01-30 07:42:02","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-8734900","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-8734900","identity":"rs-8734900","version":["v1"]},"buildId":"XKTyCvWXoU3ODBz1xrDgd","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}

Text is read by the "Ask this paper" AI Q&A widget below. Extraction quality varies by source — PMC NXML preserves structure cleanly, OA-HTML may include some navigation residue, and OA-PDF can have broken hyphenation. The publisher copy (via DOI) is the canonical version.

My notes (saved in your browser only)

Ask this paper AI returns verbatim quotes from the full text · source: preprint-html

Answers must be backed by verbatim quotes from this paper's full text. Hallucinated quotes are dropped automatically; if no verbatim passage answers the question, we say so. How this works

Citation neighborhood (no data yet)

We don't have any in-corpus citations linked to this paper yet. This is a recent paper (2026) — citers typically take a year or two to land, and the OpenAlex reference graph may still be filling in.

Source provenance

europepmc
last seen: 2026-05-20T01:45:00.602351+00:00