Gowling WLG sets out five-artefact checklist for public sector AI contracts
TL;DR:
- Gowling WLG partners Alexi Markham and Jocelyn Paulley have published a practical procurement guide for UK public-sector AI contracts, arguing that “AI-powered” is not a contract requirement and that buyers must pin down the precise use case and data flows.
- The piece distils the government’s AI Playbook into four workstreams (use case and impact, data and rights, testing and assurance, live governance) and recommends a five-artefact evidence pack rather than a long checklist of supplier questions.
- Key contract issues flagged: transparency and explainability, hallucinations, bias and data quality, IP and confidentiality, cyber security supply-chain exposure, and liability allocation that matches who actually controls each layer of the AI stack.
The guidance is timed against a UK procurement landscape in which AI-enabled services are moving from pilot to production in central government, local authorities, and NHS trusts simultaneously. Warwickshire’s £2.4m AI partner procurement (covered on Resultsense this week), Rotherham NHS Foundation Trust’s helpdesk AI deployment, and GOV.UK Chat’s national launch all share the same legal substrate Gowling is mapping.
The five-artefact evidence pack
Rather than asking suppliers a long question list, the authors recommend producing five artefacts: a one-page use-case brief (buyer-owned), a data map and permissions note (joint), a testing and assurance summary (supplier-evidenced, buyer-validated), a live monitoring and change plan (joint governance), and a review and escalation route (especially where individuals are affected). The argument is that artefacts force the practical conversations that question lists let suppliers paper over.
UK angle: context-based regulation cuts both ways
The UK’s context-based approach to AI regulation — relying on existing sectoral laws rather than a single AI Act — means a single public-sector AI procurement can engage data protection, equality, IP, confidentiality, cyber security, and changing-law obligations across jurisdictions. Gowling’s framing makes the legal-procurement-technical-operational team early-engagement requirement explicit, and pairs naturally with ICO guidance on AI-powered cyber threats also published this week.
Looking forward
For UK SMEs bidding into public-sector AI work, the practical signal is in how liability is allocated. The authors stress that risk allocation should follow practical control: where the customer controls data and fine-tuning, they should carry that risk; where the supplier controls model design and updates, contractual obligations should reflect that. Bidders walking into a procurement with template liability caps unchanged from non-AI work will increasingly find themselves out-positioned by competitors who have engaged with this risk-allocation logic from the start.