Public Sector AI Compliance Checker

Compliance checklist for AI use in government and public services

Walk through a structured compliance checklist for AI deployment in public sector contexts — covering UK CDDO AI guidance, the Algorithmic Transparency Recording Standard, the Public Sector Equality Duty, FOI implications, and data protection obligations. It runs free in your browser on Gera Tools, with nothing uploaded.

Last updated Source: Gera Tools

Is this official government guidance?

No. It is an educational checklist that summarises widely published UK public-sector AI principles such as the CDDO guidance, the Algorithmic Transparency Recording Standard, and the Public Sector Equality Duty. Always confirm current obligations with your legal and data-protection teams.

Public sector AI compliance checker

Deploying AI in government or public services carries obligations that private companies do not face: transparency to the public, the Public Sector Equality Duty, freedom-of-information exposure, and heightened expectations of human oversight. This checker walks you through those obligations as a structured checklist tailored to your use case and the stakes of the decision, then gives you a readiness summary you can take into a sign-off meeting.

How it works

You describe your department type, the AI use case, and how high the stakes are for affected individuals. The tool presents a checklist drawn from published UK public-sector AI principles — CDDO guidance, the Algorithmic Transparency Recording Standard, the Public Sector Equality Duty, data-protection (DPIA) duties, FOI implications, and human-in-the-loop requirements. Each item is weighted by your stated stakes, so a high-stakes benefits or enforcement decision surfaces stricter obligations than a low-stakes internal triage tool. As you tick items off you get a live readiness score and a list of the gaps that remain.

Tips and notes

  • Match rigour to stakes. A chatbot that drafts internal notes needs far less scrutiny than a model that influences a benefits or visa decision — proportionality is a principle, not a loophole.
  • Publish a transparency record for public-facing decisions. The Algorithmic Transparency Recording Standard expects higher-stakes tools to be documented and disclosed; assume your record may be requested under FOI.
  • Do the DPIA before, not after. A Data Protection Impact Assessment is a legal requirement for high-risk processing and is far cheaper to do up front.
  • Keep a human accountable. “The algorithm decided” is not a defensible position for a public body — name the human who owns the outcome.

The Algorithmic Transparency Recording Standard (ATRS) asks public bodies to publish structured records of algorithmic tools used in decisions affecting the public. The record covers what the tool does, the data it uses, the human oversight in place, the rationale for using it, and any equality analysis. The expectation is that a higher-stakes tool — one influencing benefits entitlement, enforcement, or resource allocation — should have a published record discoverable by the public and media. Treat an unpublished ATRS record as a freedom-of-information risk.

The Public Sector Equality Duty (PSED) requires public bodies to have due regard to eliminating discrimination and advancing equality of opportunity. Applied to AI, this means actively testing whether the model produces worse outcomes for protected groups — by age, disability, gender, race, religion, sex, or sexual orientation — not waiting for a complaint to discover it. An equality impact assessment documented before deployment is both the legal requirement and the practical defence.

Data Protection Impact Assessments (DPIAs) are mandatory under UK GDPR for high-risk processing. An AI system making automated decisions about individuals, processing special-category data, or conducting large-scale profiling almost certainly meets the threshold. The DPIA must happen before processing begins — post-hoc assessments are common and legally problematic.

Freedom of information exposure is an underappreciated risk. Correspondence about an AI system, the selection process, the vendor contract, and any complaints about outcomes are all potentially FOI-disclosable. Design and procurement decisions made on the basis of “the AI is just a tool” tend to read poorly in an FOI response.

A note on procurement versus in-house build

Both paths carry compliance obligations, but procurement adds a layer: you are responsible for ensuring the vendor’s system meets the standards, not the vendor. Due diligence before signing — asking for the validation evidence, the bias testing results, and the ATRS-ready documentation — is far cheaper than discovering gaps after deployment when contractual leverage is gone.