By Rupali Patel Shah, Head of Legal Solutions, DiliTrust
The recent Supreme Court limiting executive authority on tariffs, which was immediately met with the executive branch declaring more tariffs has created a maelstrom of activity and uncertainty. While the executive and judicial branches go back and forth on authority , however, our organizations continue to run. And markets continue to react amidst the economic uncertainty.
Decision -> Workaround -> Policy shift ->Market reaction, all in a single news cycle.
It was a vivid reminder that we are not simply living through “regulatory uncertainty.” We are living through regulatory improvisation.
But here’s the thing about volatility: it eventually subsides. Political cycles shift. Legal challenges work their way through the courts. Agencies clarify. Congress reacts. The ground eventually steadies.
The mess, however, lingers.
And in that mess, what determines whether an organization weathers scrutiny or collapses under it is not whether it predicted the future. It’s whether it can defend the past.
A familiar question in a different context
A few months ago, I attended the Association of Corporate Counsel Greater Philadelphia Diversity Summit. The conversation there was less about disagreement and more about shared confusion. Lawyers were asking the same question:
What do we do next when a single tweet can upend years of administrative precedent?
At the time, the focus was DEI. Now it’s tariffs. Tomorrow it will be AI oversight, data localization, privacy enforcement, cybersecurity disclosure rules, or something none of us have yet anticipated.
Different issue. Same underlying anxiety.
My advice then is my advice now:
In times of regulatory uncertainty, your job is not to predict every possible shift.
Your job is to ensure your decisions are defensible, traceable, and sufficiently documented.
That sounds simple. It is not.
Because defensibility requires foresight and infrastructure.
The real risk isn’t the policy. It’s the paper trail.
When tariff rules change overnight, companies must decide quickly:
- Do we adjust pricing models?
- Do we shift supply chains?
- Do we revise investor disclosures?
- Do we hedge?
- Do we wait?
Each of those decisions relies on data. Financial models. Market analysis. Internal communications. Risk assessments. AI-assisted forecasts.
Now fast-forward eighteen months.
A regulator asks:
What assumptions were you relying on when you made that pricing decision?
A shareholder suit alleges:
You should have foreseen the impact of the workaround.
A trade partner disputes:
You interpreted the policy too aggressively.
At that moment, the question is no longer what did the Supreme Court say?
The questions are why did you make this decision? What data informed the decision? Were the decisions documented in a way that shows good-faith deliberation?
In other words: Can you prove you acted prudently in a murky environment?
If you cannot answer those questions quickly and confidently, the exposure compounds.
And this is why information governance is not administrative housekeeping. It is operational protection.
Documentation is not busywork. It is evidence of integrity.
I’ve joked before that my middle-aged, Xennial self was raised to keep receipts. It turns out that instinct serves general counsel remarkably well.
But documentation alone is not governance.
Scattered emails are not governance.
Unstructured file shares are not governance.
An AI tool generating brilliant summaries from unreliable inputs is not governance.
In volatile environments, information multiplies rapidly through internal debates over Slack threads, multiple versions of policy interpretations and draft analysis, and in a myriad of other locations. Without structure, that information becomes both asset and liability.
Good information governance ensures that documentation is intentional, discoverable, and disposed of defensibly. It transforms “we talked about this” into “we can demonstrate this.”
Intelligence depends on governed information
Businesses often say they want more data-driven decision-making. What they really want is intelligence: systems that help them see clearly, act quickly, and adapt responsibly.
But intelligence depends on inputs.
If the data informing your tariff response is incomplete, outdated, or improperly retained, then automation only accelerates risk.
And in times of uncertainty, poor data quality is not neutral. It is dangerous.
When regulatory environments are shifting, every decision is being made against a backdrop of evolving interpretation.
You cannot automate prudence.
You must structure it.
Why legal must own this function
Information governance is not administrative housekeeping. It is the control system for enterprise risk. It dictates whether regulatory scrutiny becomes routine or catastrophic. It determines whether litigation exposure is contained or compounded. It shapes your cybersecurity resilience, your AI accountability, your disclosures, your contractual integrity, and ultimately your reputation. If information is the lifeblood of the business, governance decides whether it circulates with precision or hemorrhages under pressure.
No function sees across those silos like Legal does.
The General Counsel’s role is not merely advisory, it is protective, integrative, and anticipatory.
Legal understands:
- How regulators reconstruct narratives
- How hindsight bias reshapes context
- How enforcement priorities shift
- How documentation—or lack thereof—becomes decisive
In volatile times, information governance is not an IT issue. It is a duty-of-care issue.
Ownership does not mean Legal personally categorizes every dataset. It means Legal sets the standards of defensibility and defines what “good documentation” looks like. Legal ensures retention policies align with litigation realities. Legal aligns AI usage with regulatory risk tolerance. Governance is embedded into business processes before the crisis, not after it.
If governance lives nowhere, it fails everywhere.
Volatility will end. Scrutiny will not.
The tariff turbulence will settle. The DEI debates will evolve. AI regulation will mature. Privacy frameworks will stabilize. And organizations will need to explain and defend the decisions they made.
Our job as counsel, as fiduciaries is to help our organizations answer these questions, to document their work, if you will. Information governance, strategically led by Legal, is protective infrastructure. It is designed to keep companies running—calmly, compliantly, and defensibly—when the external environment becomes unpredictable.
It gives organizations the confidence to adapt without panic, innovate without overexposure, and document decisions without drowning in process. It enables automation that reduces friction without multiplying risk, and when regulators come knocking, it replaces last-minute scrambles with calm, controlled clarity. In short: progress without chaos.
