Paul Zimmerman
INV Group Chief Communications Officer
21 May 2026
Why Britain must treat risk and ethics as delivery infrastructure
AI will not become trusted in public services because organisations publish more policies. It will become trusted when governance, risk, ethics and accountability are built into the operating model of delivery.
The UK public sector is no longer deciding whether AI will arrive. It has already arrived.
It is arriving through formal pilots, supplier platforms, Microsoft Copilot deployments, experimental service redesign projects and individual staff using public tools to make sense of their work. Some of this is visible. Much of it is not.
That is why AI governance now matters so much.
In a recent interview with INV Group’s Paul Zimmerman, Professor Alan W. Brown, author of Making AI Work for Britain, made a distinction every public sector leader should take seriously:
“There’s a big difference between risk avoidance and risk management.”
That distinction may define whether AI succeeds or fails in public services.
Risk avoidance says: stop people using the tools.
Risk management says: understand the risks, make them visible, govern them properly and create safe routes for responsible use.
The danger is that many organisations confuse the two. They respond to AI by locking down tools, delaying access, restricting experimentation or waiting for central guidance. That may feel prudent, but it can create a more dangerous situation: AI use moves into the shadows.
Alan described a pattern many organisations will recognise. Staff are told they cannot use certain AI tools because they are too risky. So they use them elsewhere, on personal devices, outside formal monitoring, away from organisational controls, and then bring the outputs back into work.
His conclusion was blunt:
“That kind of stuff is now endemic. It’s everywhere.”
This is the uncomfortable truth of AI governance. The question is not whether people are using AI. They are. The question is whether the organisation can see it, understand it, govern it and learn from it.
Without that visibility, leaders cannot know what tools are being used, what data is being entered, which outputs are influencing decisions, or where automated advice is beginning to shape services delivered to citizens.
That is not governance. That is blindness.
The legitimacy problem
In Chapter 6 of Making AI Work for Britain, Alan writes about the “legitimacy deficit” that emerges when algorithmic systems replace or reshape human judgement without adequate accountability.
The risk is not simply that an AI system produces an inaccurate output. The deeper risk is that people lose trust in the institutions using those systems.
Alan writes that this legitimacy deficit is not a future concern. It is already the UK’s most established pattern of AI failure.
That should give every public sector leader pause.
AI failure is often discussed in technical terms: hallucination, bias, weak data, poor model performance, cyber security, privacy leakage or procurement risk. All of these matter. But they are only part of the picture.
The bigger question is whether citizens believe the use of AI is legitimate.
Do they know when AI is involved? Can they challenge a decision? Is there a human route of appeal? Are vulnerable groups protected? Is the system monitored after deployment? Does anyone remain accountable?
This is why AI governance cannot be treated as a compliance document. It must be part of how services are designed, procured, deployed, monitored and improved.
As Alan argues in the chapter, risk is not simply a technical matter. It is a social challenge, shaped by history, governance and everyday realities in sectors from health to finance, justice and the creative industries.
For public services, that point is critical.
Citizens often cannot opt out. They cannot choose another tax system, another social care pathway, another benefits assessment process or another local planning authority. That creates a higher obligation.
When AI is introduced into these settings, governance is not a brake on progress. It is the condition for public trust.
Ethics has to become operational
Most organisations now have AI principles. They use words like fairness, transparency, accountability, privacy, explainability and safety.
The problem is not the language. The problem is whether those principles change what happens in practice.
Alan’s Chapter 6 conclusion makes this point clearly. Ethical commitments cannot remain aspirational or abstract. They must become practised realities through stewardship, participation and adaptive policy.
That is where many AI programmes will succeed or fail.
It is easy to say an AI system should be transparent. It is harder to define what transparency means for a resident trying to challenge a decision.
It is easy to say a system should be accountable. It is harder to name the person, team or governance body that has authority to pause, amend or retire that system.
It is easy to say AI should be safe. It is harder to maintain an evidence trail showing how the system was tested, what risks were identified, what controls were applied and what changed over time.
That is why Alan’s framing is so useful. AI ethics must move from aspiration to delivery.
It has to become operational.
Risk, trust and value
One of the strongest themes from our conversation with Alan was the need to balance risk, trust and value in more mature ways.
He put it like this:
“We’ll see situations where we’ll be able to balance risk, trust and value in new ways.”
That is exactly the conversation public sector organisations now need to have.
Some areas of AI should move slowly, with deep assurance, strong human oversight and careful public explanation. Getting them wrong could cause serious harm.
Other areas can move faster, helping teams reduce administrative pressure, improve information access, identify service bottlenecks or support better internal decision-making.
The mistake is to treat all AI use as the same.
A chatbot helping staff find internal policy information is not the same as an automated system influencing eligibility for a statutory service.
A summarisation tool used by a communications team is not the same as a decision-support tool used in children’s social care.
A back-office workflow agent is not the same as a public-facing system handling vulnerable residents.
Public sector AI governance needs to make these distinctions visible. It needs to help organisations ask: what is the value, what is the risk, what is the trust requirement, and what controls are proportionate?
That is not bureaucracy. That is responsible delivery.
Governance must have authority
Alan also raised another issue that is often missed. Governance only works when it has responsibility, authority and budget.
In the interview, he described the three questions he asks when looking at governance structures:
“What’s the responsibility? What’s the authority and what’s the budget?”
Those questions expose a weakness in many AI programmes.
A working group may have responsibility, but no authority. A senior leader may have authority, but no budget. A digital team may have budget, but no organisation-wide mandate. A governance board may exist, but meet too slowly to influence live delivery.
This matters because AI is moving faster than traditional governance cycles.
Public sector AI governance needs a different rhythm. It needs clear ownership, escalation routes, audit trails, live registers of AI use cases, risk classification, supplier oversight, human review points, incident reporting and post-deployment monitoring.
Most importantly, it needs the power to stop, change or scale systems based on evidence.
From governance theatre to governed systems
There is a danger that AI governance becomes performative.
A policy is written.
A committee is formed.
A risk register is created.
A set of principles is published.
A pilot is announced.
But little changes in the way systems are actually designed, deployed and managed.
That is governance theatre.
What the public sector needs instead is governed AI infrastructure: practical systems, workflows and operating models that make responsible adoption possible.
Can an organisation see where AI is being used? Can it classify each use case by risk? Can it record who owns the system? Can it show what data is involved? Can it explain what human oversight exists? Can it monitor outputs over time?
This is the shift from governance as paperwork to governance as infrastructure.
A digitally just society needs social infrastructure too
One of the most important ideas in Alan’s Chapter 6 conclusion is that a digitally just society requires investment in social, not just technical, infrastructure.
AI adoption is often framed as a technology challenge: platforms, models, data centres, integrations, cloud infrastructure, cyber security and user interfaces.
But public trust also depends on social infrastructure.
That includes public engagement, citizen participation, staff training, ethical review, contestability, transparency, inclusion, governance forums and leadership cultures that are willing to learn.
Alan argues that the future will become more complex as algorithmic systems grow in influence, data flows intensify and new dilemmas emerge between autonomy, efficiency and public trust.
That is exactly why governance cannot be solved once and filed away.
Good AI governance is not a one-off project. It is a permanent organisational capability.
The opportunity for the UK
There is a positive argument here too.
The UK does not have to choose between reckless innovation and paralysing caution.
With foresight, humility and learning-centred leadership, the UK can remain at the cutting edge of both responsible innovation and ethical transformation.
That should be the ambition.
The UK can lead not by being the fastest adopter of AI at any cost, but by becoming one of the most trusted places in the world to design, govern and deploy AI in complex public service environments.
Public services are among the hardest environments for AI. They involve vulnerable people, statutory duties, legacy systems, fragmented data, political accountability, budget pressure, public scrutiny and high consequences when things go wrong.
If the UK can make AI work safely and responsibly in those conditions, it will have something genuinely valuable to offer.
But that will not happen through slogans. It will happen through delivery.
How INV Group can help
At INV Group, our focus is on helping public sector organisations move from AI ambition to governed AI delivery.
Through Invotra, Invuse and the wider group, we bring together secure technology, human-centred service design, accessibility, workflow expertise and two decades of public sector delivery experience.
Our view is simple.
AI adoption is already happening. The question is whether public sector organisations can govern it.
That means helping organisations understand where AI is being used, assess the risks, design the right controls, support responsible experimentation and create the governance infrastructure needed to scale safely.
It means moving beyond isolated pilots and unmanaged tools.
It means creating AI systems that are visible, auditable, accountable and trusted.
Because AI governance is not a checkbox.
It is how Britain makes AI work.