Home / Industry / Digital Rights Management in Financial Data: Why We’re Still Stuck – And How to Get Unstuck Without Losing a Shoe!

Digital Rights Management in Financial Data: Why We’re Still Stuck – And How to Get Unstuck Without Losing a Shoe!

By David Dubery | Financial Data Governance | June 2025

I was recently asked to sit on a thought-provoking conference panel with my industry peers, to discuss (once again) the challenges of Digital Rights Management (DRM) adoption in the financial data industry.

Despite years of dialogue, workshops, whitepapers, interesting technical innovations and proof-of-concepts, Digital Rights Management (DRM) in our industry continues to lag. Progress has been incremental, if uneven — yet hardly transformational.

Why? Because DRM isn’t simply a technical challenge. It’s a commercial, cultural, and governance issue — and one that exposes the chronic misalignments in our industry. To move forward, we need to align incentives, standardize core definitions, and shift the conversation to it being part of an essential data fabric, beneficial to all.

DRM Progress Is Slow Because the Existing System Works (for Some)

In consumer industries, DRM has typically served content owners: think digital music, eBooks, or streaming services. But in financial data, it’s different. Data isn’t pirated at boot fairs — it’s purchased via complex contracts, run through entitlements systems, and consumed by professionals who, broadly speaking, want to do the right thing.

For many of the data vendors that we know and love, once beyond the initial entitlement layer, rights management interest tails off. Why?

Because the system as it stands still works. Vendors can (and generally do) audit clients. Penalties for unlicensed use are financial, not criminal. And it is fair to say that in many cases, vendors actively prefer some degree of ambiguity, enabling them to:

  • Tailor license terms to each client
  • Preserve flexibility in enforcement
  • Encourage “all-you-can-eat” licenses that bypass fine-grained compliance challenges

As a result, true DRM — meaning the real-time enforcement of licensing rights, restrictions, and usage across systems is simply not a priority for vendors. 

Ambiguity in licensing isn’t something seen in need of addressing for many vendors, it’s a “feature”. By keeping rights definitions fluid and pricing opaque, vendors unlock commercial advantages that standardization would threaten.

At the heart of this strategy is revenue optimization through flexibility. Vendors can tailor contracts based on client profile, perceived risk, or willingness to pay — rather than rigidly parameterised and transparent usage scenarios. The same data feed might cost one firm $250K and another $750K, depending on entitlements, redistribution clauses, or negotiation leverage. Without clear benchmarks or standardized definitions, every deal is bespoke — and every enforcement opportunity a potential revenue stream.

This vagueness also serves a strategic purpose: vendor lock-in. If clients struggle to map one provider’s terms to another’s, switching becomes costly and risky. Add to that the fear of under-licensing due to unclear terms like “per user” or “derived data,” and some clients opt to over-license — another win for vendors.

The issue is further compounded by the fact that data originators and data aggregators have different pricing and policy structures.

From a market perspective, this ambiguity stalls collective progress. It fragments the ecosystem, prevents interoperability, and pushes DRM into the realm of custom solutions rather than shared infrastructure. Until vendors have incentives to embrace transparency and standards, ambiguity will remain a deliberate — and profitable — part of their playbook.

This does not go unnoticed by consumers who recognise that getting vendor alignment, while key, is not an imminent possibility. Various industry bodies have encouraged initiatives to standardise contracts and terms for years, but this has borne precious little fruit to date.

Technology is Reducing Barriers to Progress: But It’s Not Just the Tech

Technical Complexity

New exciting innovations abound with AI, cloud, block-chain and water-marking solutions. To be truly effective however DRM requires deep integration with diverse systems — databases, applications, analytics engines, and delivery pipelines. The potential risks include latency, downtime, or worse: breaking mission-critical workflows.

Fragmentation by Design

As already discussed, data vendors have few incentives to standardize. The same is true of DRM vendors. Fragmentation allows them to extract more value through custom integrations, enterprise licenses, and licensing opacity.

Commercial Misalignment

Firms weigh the cost of DRM tools against the perceived benefits. And too often, the sums don’t work. Even when the business case is strong. I have seen first-hand senior managers turning down a solution that is almost guaranteed to save money as they cannot prioritise the budget that spends 1 dollar to save 2. The same is true of DRM solutions but without a proven return on investment. It competes with other priorities — and few teams are getting more budget or resources today. 

Cultural Resistance

Front-office agility generally trumps governance. No Market Data manager has gone to jail over a bad audit (yet), and compliance teams often struggle to justify long-term investments in DRM when short-term incentives favour speed and innovation. Manage (or at least understand) the risk and pay your dues when the time comes, is a very common practice. A bad audit does not result in a “fine”. It results in a request to pay what should have been paid had the correct licenses been in place. And the amount is frequently negotiable after the fact.

For the consumer firm then the incentive for DRM adoption is limited and it remains deprioritized. It’s seen as a defensive IT cost, not a strategic necessity.

Why Firms Still Say “No” to DRM

Cost & ROI – Too expensive for uncertain quantifiable benefits

Integration Risk – Fear of breaking pipelines or slowing performance

Legal/Tech Gap – Rights are too vague and variable to enforce with confidence

Organisational Silos – No clear owner or budget authority

Culture Clash – Governance loses out to front-office speed

Low Audit Pressure – “We haven’t been caught yet (significantly)” mindset

Immature Ecosystem – Lack of vendor trust and tooling maturity

The AI and Regulatory Future Imperatives Might Move the Needle!

AI is of course very much here and looming large in our mirrors to overtake much that we previously took for granted. 

The potential is huge. New solutions will offer the potential for Auto-tagging & classification for policy enforcement. Natural language interfaces for querying complex policy rights in plain English. At some stage it might even be good enough to not need a practiced human eye to validate it.

But AI is both catalyst and problem. Financial firms are aggressively training LLMs (Large Language Models) and quant models on licensed data, which creates:

Ambiguous boundaries – What counts as a “use” when models ingest data once, but output derivatives information from that data forever?

Opaque lineage – Derived data is increasingly hard to trace.

Vendor anxiety – There’s growing concern over how outputs are reused, fine-tuned, or redistributed.

We can expect Rights tracing tools to emerge at scale in the coming year. Almost certainly accompanied by LLM rights auditors.

The current legal actions over LLM training source data from Disney and the like are very likely the tip of a legal iceberg.

To support the rapid shift, DRM of sorts will need to become a data engineering discipline, not just a governance guardrail.

Additionally, the regulatory environment is tightening. Consider the EU’s DGA & AI Acts requiring machine-readable rights and sourcing transparency. The UK’s FCA/PRA Guidance emphasizes operational resilience and data access clarity. On the other side of the pond, SEC scrutiny points toward enforceable governance over third-party data usage.

On top of the AI changes then regulation will further encourage the issue towards a need for systemic DRM infrastructures.

Why DRM Remains a Governance Problem First

While the need for DRM may be escalating, the real issue remains ambiguity. Without a shared understanding of rights definitions, usage categories, and enforcement policies, even the best tools fall short.

A mature DRM strategy begins with:

Clear policy schemas – embedded in a comprehensive data catalogue

Eligibility rules – tied to users, applications, and licenses

Auditability and traceability – through meticulously maintained metadata

Integration with existing workflows – not disruption of them

Do Nothing and Wait?

For the time being most financial firms currently sit and wait on DRM solution values to be proven, its simply not their priority yet. This though is not an excuse to do nothing.

At 3di, our approach centres on digitizing market data contracts into structured metadata. To get around the lack of standardized machine-readable policies we use expert practiced analysis to decipher legal terms and utilise real-world policy application experience. Overlaying this upon market data inventories in our DCDM (Data Compliance & Dependency Manager) product creates and maintains a persistent, linkable source of truth that maps contracts to users, applications, systems, and usage events. 

Until all parties are aligned on a technical DRM solution for the whole industry this approach remains a fundamental and pragmatic step. There remains limited excuse for not attempting to understand risk and potentially changing exposure. Application data consumption and lineage is a critical area to monitor yet frequently rather opaque.

It’s not a silver bullet — but it’s a non-disruptive, solid foundation to the enterprise’s understanding and reporting of data compliance.

Conclusion: DRM Is Everyone’s Problem — and No One’s Priority

DRM will not “just work” if we get the tech right. The real challenge remains alignment. Until all stakeholders agree on what DRM is, how it should be enforced, and why it matters, we’ll just keep inching forward with fragmented, duplicative efforts.

But with AI, regulation, and commercial complexity all converging, the momentum may finally be changing. The question isn’t whether DRM will be needed — it’s whether firms can be motivated to try to operationalize it technically before regulators and AI challenges make that decision for them and lay out a clearer and cohesive path for the industry.

Until DRM becomes a collective advantage — not an individual burden via a patchwork of solutions — the transformation we need remains tantalisingly out of reach.

Popular

3d innovations announces major Indices upgrade to its data vendor catalogue PROFILER.

London, 15/09/2024 3d innovations (3di), a leading data management software and services…

PR | 15 Sep 2024

3d innovations and BST Agree Strategic Technology Partnership Entry-level Market Data Inventory Abacus upgraded with BST

London, UK, 17/10/2022 3d innovations (3di), a global data management product and…

PR | 17 Oct 2022

3di at ATeam Data Management Summit, NYC

3di are pleased to be exhibiting at the A Team, Data Management…

Events | 19 Sep 2019