Most enterprises treat Unity Catalog as a governance tool. Permissions. Access controls. Audit trails. It's installed, configured, and handed to the security team to manage.

This is a category error that is quietly undermining AI-native architecture across the enterprise. IDC's 2025 Worldwide AI Governance Platform assessment named Databricks a Leader in Unified AI Governance — but the real question isn't whether to adopt Unity Catalog. It's whether to adopt it as overlay or as foundation.

The Overlay Mistake

What most organisations do: Unity Catalog sits on top of existing data infrastructure as a permissions service. It governs who can access what. When AI agents interact with the ecosystem, it's governance as an afterthought — a control layer bolted onto an architecture that wasn't designed for AI.

The consequences are predictable. Data and models live in separate registries with no unified lineage. Agents operate without governed access to the data they need. Policy is enforced at the perimeter, not at the point of action. And when something goes wrong — a model produces a biased outcome, an agent makes an unauthorised change — the organisation discovers that its governance tool can't trace what happened or prevent it from happening again.

IDC research shows that 60% of AI failures stem from governance gaps. Not model quality. Not data volume. Governance gaps. The overlay approach creates those gaps by design: the governance system sits at a different altitude from where agents actually operate, so the enforcement is eventual, not inline.

%%{init: {'theme': 'base', 'themeVariables': {'primaryColor': '#1a2540', 'primaryTextColor': '#ffffff', 'primaryBorderColor': '#ffffff', 'lineColor': '#ffffff', 'background': '#0a0f1e', 'mainBkg': '#1a2540', 'nodeBorder': '#ffffff', 'edgeLabelBackground': '#1a2540'}}}%%
graph TB
    subgraph OVERLAY ["Unity Catalog as Overlay"]
        O1["Agent acts"] --> O2["System runs"]
        O2 --> O3["Governance reviews
after the fact"]
        O3 -.->|"too late"| O1
    end
    subgraph FOUNDATION ["Unity Catalog as Foundation"]
        F1["Agent requests action"] --> F2["Policy evaluated inline"]
        F2 --> F3{"Allowed?"}
        F3 -->|"Yes"| F4["Execute + log lineage"]
        F3 -->|"No"| F5["Block + alert"]
    end
    style OVERLAY fill:#2a1a1a,stroke:#ff6b6b,color:#ffffff
    style FOUNDATION fill:#0a2a1e,stroke:#00ff88,color:#ffffff
    style O1 fill:#1a2540,stroke:#ff6b6b,color:#ffffff
    style O2 fill:#1a2540,stroke:#ff6b6b,color:#ffffff
    style O3 fill:#1a2540,stroke:#ff6b6b,color:#ffffff
    style F1 fill:#1a2540,stroke:#00ff88,color:#ffffff
    style F2 fill:#1a2540,stroke:#00ff88,color:#ffffff
    style F3 fill:#1a2540,stroke:#ffb347,color:#ffffff
    style F4 fill:#1a2540,stroke:#00ff88,color:#ffffff
    style F5 fill:#1a2540,stroke:#ff6b6b,color:#ffffff

The Foundation Shift

The AI-native approach treats Unity Catalog not as a governance overlay but as an architectural foundation. The difference is not semantic. It's structural.

Data + Lineage = Trusted, traceable. In an AI-native architecture, data doesn't exist in tables. It exists in a governed graph of relationships, transformations, and dependencies. When an agent queries a dataset, it doesn't just get data — it gets context. It knows where the data came from, what transformations were applied, and whether the upstream sources are still valid. This isn't auditing after the fact. It's trust built into the architecture.

Models + Versions = Full lifecycle. Models in an AI-native architecture are not separate artefacts managed in a different system. They're first-class citizens in the same catalog as the data they operate on. Versioning, lineage, and governance apply uniformly. When a dataset shifts, downstream agents know. When a model is updated, dependent pipelines can be flagged. The catalog is the single source of truth for the entire AI ecosystem.

Agents + Policy = Runtime governed. In the overlay model, policy is checked at access time. In the foundation model, policy is enforced at runtime. An agent doesn't just execute and hope the policy allows it. The agent operates within a governed runtime where every action — every query, every tool call, every data modification — is traceable, reversible, and compliant by design. Policy is not a gate. It's the terrain.

%%{init: {'theme': 'base', 'themeVariables': {'primaryColor': '#1a2540', 'primaryTextColor': '#ffffff', 'primaryBorderColor': '#ffffff', 'lineColor': '#ffffff', 'background': '#0a0f1e', 'mainBkg': '#1a2540', 'nodeBorder': '#ffffff', 'edgeLabelBackground': '#1a2540'}}}%%
graph TB
    UC["Unity Catalog Foundation"]
    UC --> D["Data
Governed + Lineage"]
    UC --> M["Models
Versions + Lifecycle"]
    UC --> A["Agents
Runtime Policy"]
    UC --> P["Pipelines
Traceable + Reversible"]
    D --> Use["AI-Native Use Cases"]
    M --> Use
    A --> Use
    P --> Use
    style UC fill:#1a2540,stroke:#00d4ff,color:#ffffff
    style D fill:#1a2540,stroke:#00d4ff,color:#ffffff
    style M fill:#1a2540,stroke:#00d4ff,color:#ffffff
    style A fill:#1a2540,stroke:#ffb347,color:#ffffff
    style P fill:#1a2540,stroke:#00ff88,color:#ffffff
    style Use fill:#1a2540,stroke:#00ff88,color:#ffffff

From Quarterly Audit to Continuous Trust

The overlay model produces quarterly audits. The foundation model produces continuous trust.

A Nordic insurance firm I advised last year had built an extensive AI governance framework — review boards, model cards, bias testing, the full suite. But their agents operated in a separate environment with manual data access requests. The governance was thorough. It was also three weeks behind the agents' actions. By the time a policy violation was caught, the damage was done and the agent had moved on.

The shift to Unity Catalog as foundation changed the game. Agents operated within the governed catalog. Every data access was lineage-traced. Every model version was signed. Policy violations were caught in seconds, not weeks. Downtime dropped from six weeks to ten days. Audit shifted from quarterly compliance exercises to continuous monitoring.

The Architect's Perspective

Here's the test I use to tell whether an enterprise treats Unity Catalog as overlay or foundation: ask a data engineer, "If an agent needs to access a dataset it hasn't touched before, what happens?" In the overlay model, the answer involves humans — a ticket, an approval, a manual permission change. In the foundation model, the answer is architectural — the agent checks its scope, the catalog evaluates policy, the action either proceeds with full lineage or blocks with a clear reason. No human in the loop for the routine case. Humans only for the novel exceptions.

That difference — scope enforced in the architecture, not in someone's inbox — is what makes agentic scale possible. Without it, every new agent becomes another governance headache. With it, each new agent slots into a system that already knows how to govern it.

The Question

IDC named Databricks a Leader in Unified AI Governance 2025-2026. The question for most enterprises isn't whether to adopt Unity Catalog. It's whether to adopt it as overlay or as foundation.

Overlay governance is a permission system. Foundation governance is an architecture. The organisations that understand this difference are building AI-native systems that scale. The ones that don't are building smarter legacy systems that will fail the same way — just faster.

Build the foundation first. Bolt the overlay on afterwards, and you'll spend the next three years chasing governance gaps that the foundation would have closed by design.

Sources

Daniel Piatkowski Data & Analytics veteran shaping AI-native enterprises elicify.ai