Bengaluru: As artificial intelligence (AI) makes strides globally with its offerings, data and security breaches have followed the path with more than 40% of such incidents estimated to arise by the improper use of generative (Gen) AI across borders by 2027, a report by Gartner showed on Monday.

The swift adoption of GenAI coupled with cheaper models by end-users has outrun the development of data governance and security measures, raising concerns about data localisation due to the centralised computing power required to support these technologies.

“Unintended cross-border data transfers often occur due to insufficient oversight, particularly when GenAI is integrated in existing products without clear descriptions or announcement,” said Joerg Fritsch, Vice President - Analyst at Gartner. 

While India is still catching up with scaling this emerging tech, it has its set of rules in the digital personal data protection (DPDP) Rules, 2025 which aims to enhance privacy and data protection, however, ambiguities like consent and third-party risks remain unaddressed, a report by EY out in January showed. 

On a global scale, the success of OpenAI and China’s low cost DeepSeek R1 is pushing countries to focus on building the tech’s infrastructure, however, regulation continues to be a struggle. The UD and UK refused to sign an AI Action Summit at the Paris AI Summit held last week stating that policies should ensure that AI is open, inclusive, transparent, ethical, safe, secure and trustworthy. 

However, the report suggests that lack of regulation can limit organisations’ ability to scale operations globally and benefit from AI products and services. Gartner has estimated that by 2027, AI governance will become a requirement of all sovereign AI laws and regulations worldwide.

“Organisations that cannot integrate required governance models and controls may find themselves at a competitive disadvantage, especially those lacking the resources to quickly extend existing data governance frameworks,” added Fritsch.