Background, what’s new and future considerations

Background

Generative artificial intelligence (GenAI) is a prominent type of artificial intelligence (AI). GenAI refers to deep-learning models that can generate high-quality text, images, and other content based on the data they were trained on, for example: ChatGPT, Claude, Copilot, Gemini, DALL·E. Other types of AI include, but are not limited to, agentic AI, computer vision, deep learning, machine learning, natural language processing, robotics and predictive AI.

GenAI use across the UK 

In 2025, 95% of English councils were using or experimenting with GenAI tools (Local Government Association), while in Northern Ireland, 24% of public sector organisations report using AI in most or all data-driven decision making (Microsoft Ireland and Trinity Centre for Digital Business and Analytics). In Scotland and Wales, most councils are already exploring GenAI through pilot projects or formal policies, while nearly two-thirds of the public in the UK are familiar with large language models (LLMs) – a subset of GenAI, 40% having used them. 

GenAI is the most accessible form of AI available to public sector staff and supports a wide range of everyday tasks. Evidence from The Alan Turing Institute (2025) suggests that GenAI could assist with approximately 41 percent of the UK’s public sector work activities, highlighting its potential to enhance service delivery and operational efficiency.

Many organisations are actively planning or implementing GenAI solutions to improve public services and internal processes. For example:

1. Administration, content and communication: Automating routine tasks such as report writing, email drafting, meeting notes, surveys, and media content.
2. Adult social care and health services: Generating care plans or case summaries and providing advice for care situations or scenarios.
3. Customer service and resident engagement: Using chatbots and virtual assistants to retrieve organisational information quickly to handle and answer routine queries. This also includes digital front-doors and making information available in different formats (e.g. translation and accessibility).
4. Data and consultation analysis, summary and decision support: Handling large datasets or large volumes of information such as public consultation responses, coding, extracting insights, streamlining reporting processes and supporting evidence-based decision-making.
5. Research, policy development and strategic planning: Assisting with planning, research, analysis, documentation, scenario modelling, policy drafting and trend analysis.
6. Training and capacity building: Creating training materials, simulating role-play scenarios and supporting staff learning e.g. summarising complex legal or financial documents.

To find case studies featuring any of the examples above of GenAI and AI use in the public sector, visit the following resources:

• AI@Socitm (Socitm)
• AI Knowledge Hub (GOV.UK)
• Artificial intelligence case study bank (Local Government Association)
• Examples of artificial intelligence use (Digital Public Services Wales)
• Scottish AI Register (Scottish Government)

Benefits and risks of GenAI use

The benefits of GenAI in these various applications extend not only to staff but also to residents and other public service users through:

• Speeding up the delivery of services
• Streamlining workloads and freeing up staff time
• Simplifying complicated tasks
• Performing specialist tasks more cost-effectively
• Improving the quality of services

While GenAI adoption is growing and more benefits are being realised, much of the public sector is still in the early exploration or pilot stages of AI use. Few organisations have embedded AI properly into their services in part due to the lack of clear governance, policies, and guidance (The Alan Turing Institute). 

Alongside the rapid uptake of GenAI, the public sector faces a dual challenge. Organisations must encourage staff to use these tools where they add value, while also providing clear guard rails that support safe, responsible and confident use. Staff should feel enabled to use GenAI, whilst also understanding that outputs may be inaccurate, incomplete or biased. Responsibility for judgement and decision making when using GenAI always rests with the organisation and its people. A clear usage policy helps balance innovation with assurance by setting expectations, boundaries and support mechanisms for everyday use.

In 2024, more than three out of four UK councils did not have corporate usage policies for AI or GenAI. Since then, many organisations previously without AI usage policies have now published or are drafting policies according to Freedom of Information Act requests by WalkMe, a digital adoption platform.  

The risks and consequences of using GenAI without a policy or equivalent governance measures can result in serious consequences that can put councils and public sector organisations’ employees and residents at risk. For example: 

• Flawed decision-making resulting from systematic data bias, causing discrimination and stereotyping leading to unfair outcomes, reduced trust and potential breaches of equality duties. For example, an AI system used by the UK government to detect welfare fraud is showing bias according to people’s age, disability, marital status and nationality.
• Over-dependence on GenAI outputs which can result in reduced professional judgement and insufficient challenge of incorrect outputs. The West Midlands Police Chief Constable admitted misleading MPs by citing a fictitious football match generated by Microsoft Copilot in an intelligence report justifying a fan ban.
• Environmental harm, including the energy and water consumption associated with training and operating large‑scale AI models and the data centres that support them. Some US councils debated or paused approval of new data centres because of water consumption, diesel emissions, and public‑health impacts.
• Ethical violations due to lack of transparency and explainability including situations where staff or the public cannot see how decisions were influenced by GenAI, reducing accountability. See a legal analysis of the Home Office’s failure to inform asylum applicants that AI tools are being used in their assessments which has been deemed as likely to be unlawful.
• Frauds, scams and manipulations including misuse of GenAI to generate convincing phishing content or misinformation that targets staff or residents. Research from Palo Alto Unit 42 who showed AI‑powered phishing pages impersonating public‑sector institutions such as government agencies, increasing cyber‑risk for public employees and residents.
• Inaccuracies and loss of human judgement including misinformation which can lead to incorrect advice, flawed reports or decisions, and lower quality outputs. Further analysis of the West Midlands police AI error that reiterates that without clear guardrails and governance for AI, organisations risk reputational and ethical failure.
• Toxic, abusive or harmful AI outputs can distress staff or users and damage reputation. Incidents are rising, including hate speech and abusive chatbot responses, requiring public sector safeguarding and remediation.
• Unregulated data use leading to privacy or security breaches potentially resulting in GDPR non-compliance. For example, healthcare workers have been found to violate patient privacy by uploading sensitive data to GenAI and cloud accounts.

These risks are amplified by the fact that 71% of county or unitary authority council staff in England lack the necessary training to use AI, according to the County Council Network and half lack the right skills or capabilities to use AI (Local Government Association). To prevent these risks, many public sector organisations are implementing governance arrangements to make sure AI is used safely and effectively. 

In addition to supporting safe and effective use, a clearly articulated GenAI usage policy provides legal and reputational protection for the public sector by demonstrating due diligence, defined responsibilities and reasonable controls should incidents, complaints or challenges arise. This includes implementing one or more of the following measures: usage policies, guidance, frameworks, working groups and committees or governance boards.

This publication therefore aims to provide a policy template for GenAI that can be adapted to suit each individual organisation’s requirements. 

What is a GenAI usage policy?

A GenAI usage policy outlines the rules, regulations, and guidelines established by a governing authority to oversee the development, deployment and procurement of GenAI technologies such as:

• Public tools e.g. OpenAI’s ChatGPT, Anthropic’s Claude, Microsoft’s Copilot, Google’s Gemini.
• GenAI features in enterprise platforms e.g., Microsoft 365 Copilot, Netcall, Oracle.
• Internally developed tools / application programming interface (APIs) / software development kit (SDKs) e.g. AI Search and Webchat, Hey Geraldine, Simply Readable).
• Procured tools e.g. Agylisys EHCP tool, Beam Magic Notes, ICS.AI.
• Open‑source models developed externally and deployed internally e.g. Azure Sonic Brief, Consult, Minute).

A usage policy should ensure that GenAI use is responsible and accountable, ethical, secure, compliant and transparent. This means: 

• Public benefit and organisational value: GenAI should not be adopted solely to achieve cost savings where this would reduce service quality or create unfair outcomes. Decisions to use GenAI must balance efficiency with maintaining appropriate professional standards, safeguarding, and public trust. 
• Responsible and accountable: GenAI must be used in a way that is fit for purpose and proportionate to risk, with clear human accountability, governance, defined responsibilities and approval processes.  
• Ethical: GenAI use must be fair, socially responsible and respectful of user dignity and choice. This includes mitigating bias and discrimination, ensuring human oversight, maintaining accuracy, protecting copyright and considering environmental impact. 
• Secure: GenAI use should protect data privacy and security by never compromising the privacy or safety of individuals.  
• Transparent: GenAI use should be clear, explainable, and accountable, with disclosure of its use and role in decisions to those affected where it is necessary and appropriate. 
• Compliant: GenAI use should align with applicable laws and regulations and organisational policies.   

Typically GenAI usage policies within public sector organisations apply to all staff, elected members, contractors, authorised individuals, developers, vendors, suppliers and delivery partners.

Across the UK, many organisations have used and adapted the original ALGIM and Socitm sample policy document to create AI and GenAI policies, either as standalone documents or as clauses within other internal policies. For example:

AI usage policies that include guidance on Gen AI, automation, algorithms and more  

• Argyll and Bute Council [PDF] (March 2025) 
• Dorset Council (June 2025) 
• Kent County Council [PDF] (September 2023) 

GenAI usage specific policies

• Ceredigion County Council (October 2025) 
• East Riding of Yorkshire Council [PDF] (February 2026) 
• Gloucestershire County Council [PDF] (May 2024) 

AI usage guidance is incorporated within existing data protection and information management, privacy and security policies or frameworks

• Bristol City Council [PDF] (October 2023)
• London Borough of Camden (November 2024) 
• London Borough of Hammersmith and Fulham [PDF] (November 2024) 

The variation in approach to governing AI usage through policies is reflective of the fact that there is no single ‘one-size-fits-all’ AI usage policy. This is largely because AI maturity varies considerably within the public sector, as do ways of working. 

The approach an organisation takes to governing AI depends on multiple factors. These include but are not limited to how the organisation is structured, its priorities, intended uses of AI in decision making, capacity and capability, ethical values, risk appetite, stakeholder interests, regulatory environment, and the broader cultural and geographic context. 

Despite these differences and challenges, all public sector AI and/or GenAI usage policies should explain explicitly how and why AI is used to support decision making. This aligns with findings from the Ada Lovelace Institute and The Alan Turing Institute (2025) that a majority of the UK public are uncomfortable with AI-driven decision making, prioritising explainability over accuracy.  

While explainability can be complex, policies help operationalise it by setting expectations for disclosure, documentation and human oversight. This includes stating when GenAI has been used, providing plain English explanations of its role in decisions, publishing transparency statements and ensuring that staff can justify outcomes when challenged.

Updates

Since the publication of Appendix A of this policy template in 2023, the use of AI across the public sector has accelerated significantly. Many councils and equivalent public sector organisations that previously had not authorised or had restricted the use of GenAI [PDF] are now adopting governance measures to provide oversight and assurance. Having a clear usage policy, or an equivalent governance mechanism, gives organisations greater confidence to expand the safe and responsible use of GenAI, knowing that ethical and legal safeguards are in place.

The updated 2026 GenAI policy template is a major expansion and redesign of the original 2023 ALGIM and Socitm sample. The changes reflect emerging best practice in public sector AI governance, integration of content from existing council or integrated care board AI use policies and lessons from early GenAI adoption across local government. The new structure introduces clearer governance, stronger safeguards and more practical guidance for councils seeking to adopt GenAI safely and proportionately. The main amendments in version two include:

• A revised and more accessible structure.
• Clearer policy governance and ownership.
• Expanded content addressing ethical and responsible use, transparency, accountability, human oversight, data protection, data quality, environmental sustainability, procurement, equality and diversity, and reporting requirements.
• Integration of practical guidance for staff and service leads.
• New sections on tools and services, roles and responsibilities, documentation and audit logs, risk management, training and awareness, and public communication.
• Updated wording for existing sections and removal of outdated elements from Appendix A.

Detailed changes are set out in Appendix B.

This policy template may be reviewed periodically to ensure it continues to reflect sector learning, evolving technologies, and future changes in national guidance, regulation and organisational need.

Future considerations 

Socitm recognises that this policy template provides a general foundation for public sector to adapt and use based on the needs of their organisations. In being general, this document does not and cannot encapsulate all possible issues and challenges presented by GenAI usage. Future versions of this policy template may seek to address the following points and questions:  

1. National regulations and laws: At the time of publication, the UK does not have any AI specific laws but the AI Regulations Bill may follow. As AI technologies and regulations evolve, this policy template may need updating to reflect these changes.
2. Appropriate governance models: Public sector organisations currently use several approaches to AI governance: usage policies, guidance, frameworks, working groups and committees or governance boards. It will be necessary to broaden the scope of this template in future versions to cover additional types of AI such as predictive or agentic AI.
3. The impact of local government reorganisation: Future iterations of this policy may consider how local government reorganisation (LGR), which will have a significant impact on AI implementation in councils will impact upon AI governance. LGR aims to simplify service delivery, cut costs, and reduce duplication, which aligns with the goals of leveraging AI to enhance efficiency and effectiveness.
4. Human oversight in an era of automation: Future versions may need to clarify expectations for meaningful human oversight, including how councils document decision rights, escalation routes and assurance mechanisms when AI tools become more automated or embedded in workflows.
5. Workforce capability and skills planning: Councils may need to consider long‑term workforce capability planning, including developing specialist AI assurance skills and providing ongoing training for staff and elected members as technologies evolve.
6. Procurement and vendor assurance: As AI supply chains become more complex, future versions of this template may need to address evolving vendor assurance requirements, including transparency about model provenance, training data, safety testing and data flows.
7. Accountability, redress, and resilience: Although no major data or cyber breach involving AI has yet been reported in local government, the risk is increasing. Future versions may need to strengthen approaches to incident response, accountability and consequences for policy breaches.
8. Manging cumulative risks: As organisations adopt multiple AI tools, cumulative and systemic risks may emerge, requiring approaches that look beyond individual use cases to the combined impact across services.