Enterprise data governance is the discipline of knowing what data exists, who owns it, how it changes, who can access it, and what obligations apply. Carrier helps by making models, policies, routes, and metadata explicit.
Schema Ownership
Schema ownership should match service ownership. If a Carrier service declares a model, that service should be responsible for the schema, lifecycle, migrations, and access policies for that model. Other services should not casually treat that schema as shared internal infrastructure. Architects should distinguish between authoritative operational data, derived read models, reporting copies, integration caches, audit records, and system metadata. Each category has different governance expectations.
Auditability
Auditability is the ability to reconstruct what happened, when, by whom, and under what authority. In regulated systems, it is not optional. Carrier actions and routes provide natural review points for audit design. Auditability should be designed into workflows, not added after incidents.
Sensitive Data Handling
Sensitive data includes personal information, protected health information, financial data, credentials, secrets, confidential business data, and regulated identifiers. The hello-carrier example demonstrates first-class field-level annotations for both encryption and PII classification:
model Customer {id: UUIDemail: String @pii(category: "contact")ssn: String @encrypted(key: env("CUSTOMER_SSN_KEY", "dev-key"))@pii(category: "government_id")created_at: Timeupdated_at: Time}These attributes are not decoration. They are inspectable facts that governance tooling can use — to identify where regulated data lives, to confirm that storage is encrypted, and to prove to auditors that protection is part of the design rather than an after-the-fact promise.
Regulated-Domain Considerations
Regulated domains require evidence. It is not enough to say that access is controlled; the organization must often show how it is controlled. Carrier supports this evidence model because important architecture is declared and generated artifacts can be archived: source shows service intent, OpenAPI shows published contract, migrations show schema evolution, manifest metadata shows service structure, and policy declarations show access design.