In any global enterprise messaging platform, retention and access rules are not abstractions. They are code paths that decide, in milliseconds, whether a given message must be preserved under a litigation hold, deleted under a regional retention rule, or surfaced to an authorized auditor. As of January 17, 2025, the European Union’s Digital Operational Resilience Act binds more than 22,000 financial entities to a single framework for ICT risk management and third-party oversight, with penalties reaching up to 2% of annual worldwide turnover. In November 2025, the European Supervisory Authorities designated Amazon Web Services, Google Cloud, Microsoft, and 16 other technology providers as critical to the financial sector and placed them under direct EU supervision. DORA joins GDPR, SEC recordkeeping rules, and equivalent statutes across Asia. For the communication platforms underneath, every new rule narrows the time and tolerance the engineering stack has to respond. The question is no longer whether data governance will be audited. It is whether the underlying architecture can hold up under scrutiny when it is.
Sidhesh Badrinarayan, a Senior Software Engineer at Google and a Senior Member of IEEE, has spent the past several years inside that problem. As technical lead on Google Chat’s Data Governance and Trust infrastructure, Badrinarayan re-architected the systems that govern how billions of enterprise messages are retained, routed across jurisdictions, and made discoverable for legal and regulatory processes. His focus is what most users never see: the back-end machinery that turns regulatory text into enforceable, real-time controls on a platform serving governments, financial institutions, and global enterprises.
The Hidden Cost of Batch-Cycle Governance
The global eDiscovery market reached USD 30.5 billion in 2026, growing at a 10.9% compound annual rate as digital evidence volumes and litigation hold obligations expand. Under Federal Rule of Civil Procedure 37(e), courts can impose sanctions including adverse inference instructions and case-dispositive penalties when a party fails to preserve electronically stored information after litigation becomes reasonably anticipated. The duty triggers not at the filing of a complaint, but the moment litigation can be foreseen, which means a platform’s retention controls must respond to administrative actions in hours, not days. Most legacy enterprise communication systems were not designed for that tempo.
The structural flaw in many of these platforms is hidden in plain sight. Retention policies, the rules that decide how long a particular message must be preserved or when it may be deleted, are often synchronized through monolithic batch cycles that run on fixed schedules. When a legal hold is issued or a retention rule is changed, the policy update enters a queue and waits. In a 24-hour batch system, that wait can leave a multi-hour window during which the platform is operating under stale governance rules. Inside that window, messages can be permanently deleted under outdated retention settings, or preserved when they should have been purged, exposing the organization to spoliation sanctions, regulatory fines, and reputational damage. Badrinarayan led the engineering effort to close that window.
“Compliance only holds when the policy and the data converge in real time,” Badrinarayan notes. “Batch cycles made sense in an era when discovery requests took weeks to resolve and regulators moved slowly. That era is over.”
From Batch Monoliths to Event-Driven Pipelines
The number of countries with comprehensive data protection laws has expanded from 76 in 2011 to more than 120 in 2025, with another 24 jurisdictions advancing similar frameworks. Each layer of regulation, from the EU’s GDPR to India’s DPDPA to China’s PIPL, imposes its own rules on where data may be stored, how long it must be kept, and under what conditions it can cross a border. For a global communication platform, that complexity translates directly into engineering surface area. Every policy change, every new data type, and every jurisdiction-specific rule must propagate to the system reliably and on time.
Badrinarayan’s team migrated the underlying policy synchronization mechanism from a legacy batch-processing monolith to a generic, event-driven architecture. The new design listens for policy changes as discrete notifications, processes them asynchronously, and updates the relevant backend tables without waiting for a scheduled run. The shift collapsed policy synchronization time from a 24-hour batch cycle to near real-time execution, closing the multi-hour window in which legacy systems had operated under stale governance rules. The framework was deliberately generalized rather than custom-built for a single policy type, and it now manages eight distinct data governance policies across the platform.
“The mistake teams make is treating each new regulation as a one-off integration,” Badrinarayan explains. “If you build a generic notification framework, the next ten policies cost a fraction of what the first one did. That math is what makes compliance sustainable at scale.”
State Management as the New Compliance Frontier
Enterprise governance, risk, and compliance platform spending reached approximately USD 51.4 billion in 2025 and is forecast to climb past USD 92 billion by 2031, growing at a 10.3% compound annual rate. Gartner projects that legal and compliance functions will increase their investment in GRC platforms by 50% in 2026 alone, a response to mounting regulatory volume that now produces more than 250 daily regulatory updates worldwide. Most of that money goes to surface-level reporting tools. The underlying problem, the one that determines whether a compliance system actually works under audit, is state management.
Inside the routing layer for enterprise messaging, Badrinarayan tackled a particularly thorny version of the state problem. To comply with data sovereignty rules that strictly forbid exposing user content in traffic routing decisions, he engineered an event-driven routing mechanism that encodes geographic eligibility as an attribute on the chat room itself. More than 400 million chat room entities were tagged with a sovereignty marker, and routing rules were rewritten to consult that marker exclusively, never the message payload. Badrinarayan has also written publicly on the underlying engineering question, including a DZone analysis, Implementing Transactional Boundaries in Agentic Loops, which examines how strict transactional design and durable state separate reliable systems from brittle ones.
“The systems that pass audit are the ones where every change is observable and every decision is traceable, with no state living in two places at once,” Badrinarayan observes. “Once you accept that constraint, the architecture mostly designs itself.”
Decoupling Access from the Monolith
The global Zero Trust security market reached USD 42.3 billion in 2025 and is projected to grow to USD 148.7 billion by 2034. The driver is not an abstract policy preference. Insider-related security incidents now cost organizations an average of USD 16.2 million per year, a 40% increase over three years, and 19% of confirmed data breaches in 2024 involved internal actors. For enterprise platforms operating in regulated industries and the public sector, the architectural question is no longer whether to verify every access request. It is how to verify them without throttling developer velocity to a crawl.
Badrinarayan’s response was structural. He led the decoupling of the messaging platform’s access control logic from the shared monolith that had previously throttled it, extracting authorization decisions into an isolated, auditable microservice. The redesign replaced legacy shared ownership models with strict, customer-owned data boundaries and a unified security schema that automatically routes authorization requests. The change cut the time required for engineering teams to onboard new data structures into compliant access models from roughly eight weeks to under two. The core philosophy behind this decoupling is that disciplined state and access infrastructure are universal prerequisites for handling sensitive data. Badrinarayan recently extended this exact argument to the domain of autonomous systems in his piece for The AI Journal, Beyond the “Agents of Chaos” Crisis: Why State Management Is the Next Engineering Frontier for GenAI, illustrating how secure state management is the critical safeguard preventing AI models from becoming operational liabilities.
“Access transparency is not a product feature you bolt on at the end,” Badrinarayan argues. “It is a property of the infrastructure underneath. If the access layer is shared with everything else, you cannot prove who looked at what, and you certainly cannot prove it in real time. Regulators expect both.”
The Compliance Backbone of the Next Decade
The 2024 IBM Cost of a Data Breach report placed the average global breach cost at USD 4.88 million, with financial services breaches averaging USD 6.08 million and incidents involving 50 million records or more reaching USD 375 million on average. Enterprise communication platforms now process hundreds of millions of regulated messages per day across messaging, voice, and collaboration surfaces. The cost of a single governance failure routinely exceeds the entire annual engineering budget of the system meant to prevent it.
The shift Badrinarayan helped engineer points toward a broader change in how enterprise software treats compliance. For most of the past two decades, governance was a downstream concern, layered on top of platforms built primarily for performance and reach. The next decade demands the inversion: compliance as a first-class architectural property, with retention controls, access decisions, and routing logic operating at the tempo of user activity rather than the tempo of legacy batch jobs. Re-architecting that backbone is unglamorous work. It rarely appears in product launches or keynote demonstrations. It is the work that determines whether a platform can be defended in a courtroom, an audit, or a regulator’s review.
“Communication platforms have to grow up in public,” Badrinarayan reflects. “The features customers see are the easy part. The hard part is making sure that every byte that moves through the system can be accounted for, located, retained, deleted, and explained, exactly as the law requires, at the moment the law requires it. That is the work.”
