The rapid scaling of frontier AI models has introduced novel societal and technical risks, necessitating governance frameworks that move beyond model-centric regulation. Method: This paper proposes “frontier data governance” as a paradigm shift—treating data not merely as a risk vector but as a primary governance lever. We systematically analyze stakeholders across the AI data supply chain and synthesize 15 existing governance mechanisms. Building on this, we introduce five underexplored yet actionable policy instruments: data watermarking (canary tokens), automated content filtering, mandatory dataset registration, generative algorithm security hardening, and Know-Your-Data-Provider (KYD) requirements. Through empirical integration of data provenance, secure data encapsulation, and synthetic data oversight, we design and validate five implementable policy proposals. Contribution/Results: This work delivers the first comprehensive, data supply chain–oriented governance roadmap for frontier AI, offering both theoretical foundations and operational blueprints to inform global AI regulatory practice.

Data is essential to train and fine-tune today's frontier artificial intelligence (AI) models and to develop future ones. To date, academic, legal, and regulatory work has primarily addressed how data can directly harm consumers and creators, such as through privacy breaches, copyright infringements, and bias and discrimination. Our work, instead, focuses on the comparatively neglected question of how data can enable new governance capacities for frontier AI models. This approach for"frontier data governance"opens up new avenues for monitoring and mitigating risks from advanced AI models, particularly as they scale and acquire specific dangerous capabilities. Still, frontier data governance faces challenges that stem from the fundamental properties of data itself: data is non-rival, often non-excludable, easily replicable, and increasingly synthesizable. Despite these inherent difficulties, we propose a set of policy mechanisms targeting key actors along the data supply chain, including data producers, aggregators, model developers, and data vendors. We provide a brief overview of 15 governance mechanisms, of which we centrally introduce five, underexplored policy recommendations. These include developing canary tokens to detect unauthorized use for producers; (automated) data filtering to remove malicious content for pre-training and post-training datasets; mandatory dataset reporting requirements for developers and vendors; improved security for datasets and data generation algorithms; and know-your-customer requirements for vendors. By considering data not just as a source of potential harm, but as a critical governance lever, this work aims to equip policymakers with a new tool for the governance and regulation of frontier AI models.