The UK Government's AI Ambition and the Procurement Reality

In April 2023, the UK government published its AI Regulation Whitepaper, a 99-page document setting out a vision for proportionate, pro-innovation governance of artificial intelligence. In September 2023, it published the National AI Strategy Annual Review. In January 2024, the Department for Science, Innovation and Technology published its AI Safety Framework. In March 2024, the Cabinet Office published guidance on algorithmic transparency. In October 2024, the newly elected Labour government published its AI Opportunities Action Plan. In 2025, there was another strategy. In 2026, a refresh.

Each document was coherent, sensible, and largely consistent with European best practice. None of them changed what happens when a government department actually tries to buy AI. That process is governed by a different set of documents, a different set of incentives, and a different cast of characters — one that has remained remarkably consistent across all the strategy refreshes and all the political changes.

The procurement trap

When a UK government department wants to buy an IT system, it goes through the Crown Commercial Service framework agreements or the G-Cloud catalogue, writes an Invitation to Tender, runs a procurement process, and awards a contract, usually to one of a small number of suppliers who have invested heavily in understanding the procurement process: Capita, Fujitsu, IBM, Serco, BT, Accenture, and their tier-one subcontractors. This group has been the primary recipient of UK government technology spending for roughly 30 years. The National Audit Office’s reports on IT project failures have, with minor variation, been documenting the same problems with the same types of suppliers for the same reasons since the late 1990s.

The digital transformation programme of the 2010s, centered on the Government Digital Service (GDS), was a genuine attempt to break this pattern. GDS built GOV.UK, which is objectively excellent. It established design standards and service standards that represented real improvements over the previous regime. It had a brief period (roughly 2012-2016) of genuine institutional authority and produced lasting good work.

What it could not change was the larger procurement ecology. Outside of GDS-led services, departments continued to procure through the legacy mechanisms, continued to award long contracts with high switching costs to established suppliers, and continued to embed those suppliers so deeply in operational infrastructure that failure was not an option in the practical sense — not because the systems worked well, but because the cost of replacing them was so high that no one would authorize it. The Universal Credit programme, begun in 2012, had spent £2 billion by 2017 with years of delay and reduced functionality. Post Office Horizon, the Fujitsu accounting system that produced evidence used to prosecute more than 700 subpostmasters for fraud between 1999 and 2015 on the basis of software bugs, is the most extreme example: a system that was known to be faulty inside the organization and whose failure was covered up for 15 years because admitting it would have meant admitting that prosecutions were wrongful.

AI arriving into this structure

AI procurement is arriving into this same ecology, and many of the same patterns are replicating. The large established suppliers have added AI product lines (most of them wrappers around Azure OpenAI, Google Vertex, or AWS Bedrock with department-specific fine-tuning and a services engagement wrapped around them) and are positioning to capture the AI transformation budget the same way they captured previous digital transformation budgets. The smaller AI-native companies that might offer genuine innovation face the same barriers they always have: inability to navigate complex frameworks, lack of track record for risk-averse procurement officers, difficulty meeting indemnity and security requirements sized for enterprises.

The AI pilots that have gone well — the NHS Cohere pilot for clinical coding, the HMRC chatbot for basic tax queries, the Home Office biometrics processing improvements — have generally been smaller, more focused, and more heavily overseen than the ambitious multi-year contracts. The ones that have gone badly are predictable: ambitious scope, long contract duration, insufficient internal capability to manage a complex supplier relationship, and (crucially) no mechanism for exiting the contract when the system underperforms.

The structural problem is that the UK government’s internal technical capability remains inadequate to the task of managing AI procurement intelligently. GDS employed roughly 800 people at its height. The Central Digital and Data Office that followed it is smaller and has less institutional authority. Departments generally lack the in-house expertise to write specifications that would hold AI suppliers to meaningful performance standards, conduct evaluations that would catch systematic failures, or maintain genuine oversight of running systems. When you don’t know enough to specify what you want, you cannot evaluate whether you’ve received it, and you cannot detect when it’s failing.

The transparency problem

The UK has made more progress than most comparable countries on algorithmic transparency requirements. The Algorithmic Transparency Recording Standard, launched in 2021 and updated since, requires departments to publish details of AI and algorithmic tools used in significant government decisions. By the end of 2025, approximately 35 entries had been published across central and local government. There are thousands of AI systems deployed in UK public services. The gap between the standard and compliance with it is substantial.

This is partly a resource problem — producing a compliant transparency record requires internal technical staff who can describe what the system does in meaningful terms, which is the same staff shortage that afflicts procurement. It is partly a classification problem — departments are uncertain which systems trigger the requirement. It is substantially a culture problem: civil service culture does not yet treat algorithmic transparency as a professional obligation comparable to financial disclosure, and without that cultural shift, the standard remains a guideline rather than a constraint.

The comparison with the Netherlands’ childcare benefit failure is instructive here. That disaster happened partly because internal flagging of problems with the fraud algorithm was not taken seriously. The people within Belastingdienst who could see that something was going wrong lacked the institutional standing to stop a process that leadership had committed to. The same dynamic — individual awareness that a system is performing badly, institutional inability to act on that awareness — is what produces the delayed-catastrophe pattern seen repeatedly in government IT.

What would actually work

The reforms that would change the situation are understood. Longer in-house capability investment, with civil service pay structures that can actually compete for technical talent. Smaller, more bounded contracts with performance requirements and genuine exit mechanisms. Independent technical assessment of AI systems before major deployments. Meaningful penalties for vendors whose systems underperform. Procurement rules that favor demonstrated outcome over credential-and-relationship.

None of these are technically difficult. All of them require a level of institutional will that has, repeatedly, not materialized. The strategy documents describe what good looks like. The procurement reality reflects what the system actually optimizes for: risk distribution onto suppliers in ways that don’t protect outcomes, dependency creation in ways that limit accountability, and relationship continuity in ways that insulate established players from competition.

The gap between UK government’s articulated AI ambition and its procurement reality is not primarily a gap in vision. It is a gap in the institutional machinery required to execute vision. Strategy documents cannot close that gap. They can only describe it in different language every 18 months.