The updated AI Playbook for UK government expands on the Generative AI framework, offering procurement and delivery guidance for safe, effective AI adoption across departments. Use it to align tender language and runtime assurance.
Why this matters
The Playbook provides practical checkpoints for risk assessment, human oversight, and data protection that UK public-sector deployers must address. It bridges policy expectations and operational delivery.
Impact on obligations
Deployer
Map Playbook checks into runtime logging and evidence capture. Document risk assessments, human-in-the-loop controls, and data protection impact assessments.
What to evidence
- Risk assessments
- Human-in-the-loop controls
- Data protection impact assessments (DPIAs)
- Review logs
Key artefacts explained:
- DSSE: Dead Simple Signing Envelope — portable signature format
- STH: Signed Tree Head — tamper-evident checkpoint in transparency log
- TSA: Time-Stamp Authority — independent timestamp receipt
- WORM: Write Once Read Many — immutable storage for audit trails