Enforce Data Governance Centrally with Confluent Gateway
Confluent Cloud Gateway (Confluent Gateway) enables centralized governance enforcement for your Kafka workloads. You define data policies once in Confluent Cloud Schema Registry, and Confluent Gateway applies them to every producer and consumer request, ensuring data quality across all Kafka traffic.
Because Confluent Gateway enforces the policies in the proxy layer, you can change rules across all routes without reconfiguring client applications or individual brokers.
Note
Centralized governance enforcement is an Early Access feature in Confluent Gateway 1.3 and supports Docker-based deployments only. This feature is intended for evaluation, might change before General Availability (GA), and is not recommended for production workloads.
Centralized governance capabilities
Centralized governance enforcement provides the following capabilities:
Four enforcement policy types: Set enforcement levels independently for record keys and values to match each topic’s risk profile. Confluent Gateway enforces schema ID validation, deep schema validation, field-level encryption, and full-payload encryption for records that use Apache Avro®, JSON Schema, or Protobuf.
Encryption: Apply Confluent Cloud Schema Registry Encrypt rules through data contract rules. Confluent Gateway handles encryption and decryption transparently.
Per-topic overrides: Override the global enforcement level on specific topics to support varying workload requirements.
How centralized governance enforcement works

After you deploy Confluent Gateway between clients and brokers and enable data governance policies, Confluent Gateway inspects each record’s payload, validates it against Confluent Cloud Schema Registry based on the configured enforcement level, and forwards the record, rejects it, or applies data contract rules, such as encryption, before forwarding it to the broker.
On the consume path, Confluent Gateway applies data contract rules, such as decryption, before delivering records to consumers.
Next steps
Configure centralized governance, monitor enforcement activity and handle errors. See Enforce Centralized Governance with Confluent Cloud Gateway.
