DAM governance for the 2026 stack, what we are seeing break in production

Most DAM governance models we inherit are designed for a problem that no longer exists. The closed authoring loop is gone. Content Hub, MCP endpoints, and Brand Experience Agents have opened it, and the governance has not kept up.

What is breaking in production

Stale rights metadata reaching external partners through Content Hub. AI generated variants with no lineage back to the source. Tags that look right but were produced by an LLM without controlled vocabulary alignment. Distribution portals shipping content past its expiry because nothing on the way out re-reads the policy.

What is working for us so far

Governance lives in metadata, not in folder paths. Folder structure is a navigation aid. Rights, lifecycle state, AI provenance, market scope, and approval state are schema fields, queryable and enforceable in workflow.

Rights management is a first class object, not a tag. Model release, talent expiry, and market exclusion need their own model with start and end dates, and a workflow that blocks publication automatically.

AI origin is captured at creation time. Which agent generated or modified the asset, against which source, at what confidence. Without lineage, audit is impossible six months in.

Approval state is per surface, not per asset. The same asset can be approved for the web and blocked for partner distribution. The model needs to support that, otherwise teams build shadow systems to track it.

Further reading

For anyone digging into this, we wrote the longer version of how we structure AEM Assets governance here: https://www.cyber64.com/insights/aem-assets-governance-guide

Q&A

We are still figuring out the volume problem. Agents can produce hundreds of variants in minutes, and human in the loop review does not scale to that throughput.

How are others drawing the line between automated policy enforcement and human review when agents are in the asset creation path?