techUK
 Printable version
|
techUK report - Lessons from the AI procurement frontline: Beyond the contract and buying blind: Rethinking AI procurement as a governance function
Most organisations don't build AI. They buy it. And that changes everything.
For the overwhelming majority of businesses, public sector bodies, financial institutions, and enterprises of every size, artificial intelligence enters the organisation through procurement. Not through internal development. Not through data science teams. Through a contract.
That makes procurement one of the most consequential control points in AI adoption today. And yet, in most organisations, it is still not being treated that way.
Procurement professionals, legal teams, and commercial leads are being asked to evaluate probabilistic, rapidly evolving technology that behaves nothing like conventional software, often without the tools, training, or authority to do it well.
Governance frameworks designed for internally built systems are poorly suited to the far more common reality of buying AI from third parties. And the questions that matter most, about liability, transparency, model drift, and data ownership, are going unanswered in vendor conversations every day.
This is the challenge techUK set out to examine directly.
Login or register to download the full report
This report is available to everyone. Log in or sign up for free to download the full report.
What we did
In March 2026, as part of Procurement Week 2026, techUK convened a cross-sector half-day workshop bringing together AI vendors, procurement professionals, legal practitioners, risk managers, consultants, and policy actors. The goal was practical and focused: to identify the questions that actually help organisations evaluate AI systems, and to separate meaningful evidence, of standards, risk mitigation, and post-deployment accountability, from the marketing language that too often substitutes for it.
The session featured a keynote from Phil Belzar, AI and Automation Commercial Lead at Crown Commercial Service, setting out the government's AI procurement infrastructure and strategic expectations. Partners from T3, a specialist AI governance and compliance consultancy, provided a frank account of the risk categories organisations consistently underestimate, from hidden integration costs and operational failures at scale to the governance gaps that risk management frameworks and regulations will expose.
Maria Axente, founder of Responsible Intelligence and a pioneer of AI governance frameworks, issued the session's defining challenge: that AI procurement has not yet been given the strategic status it deserves, and that until procurement is treated as a genuine governance function, not a commercial one running parallel to governance, organisations will remain exposed in ways they may not fully understand until something goes wrong.
What we found
The workshop produced a candid and, at times, uncomfortable picture of a field under significant strain.
Procurement cycles built for traditional software are structurally mismatched with the pace of AI development. Technical literacy on the buying side remains insufficient. For example, model cards are rarely requested, largely because most procurement professionals do not yet have the knowledge to interpret them. Vendor disclosures are largely inadequate, and buyers currently lack either the leverage or the technical knowledge to demand more. AI washing is real and widespread. Liability remains almost entirely unresolved. And AI is regularly being activated within existing contracted products, sometimes without buyer knowledge and frequently without any contractual provision to govern it.
But the workshop also surfaced genuine momentum. Towards minimum viable due diligence frameworks that any organisation can apply regardless of scale. Towards product-level certification, as distinct from organisational accreditation. Towards a recognition that procurement professionals need and deserve a seat at the AI governance table. And towards the kind of vendor-buyer collaboration that could make procurement conversations more transparent and more trustworthy for both sides.
Why this report matters now
As liability becomes a defining policy question in 2026, and as clear frameworks for allocating responsibility across complex, multi-player model AI supply chains remain absent, organisations are falling back on tort and contract law to manage risks those instruments were never designed to address.
The decisions being made in procurement processes right now about which AI systems are permitted into an organisation, and on what terms are governance decisions. They carry legal, ethical, and operational consequences that extend far beyond the contract. And they are being made, in too many cases, without the right questions, the right skills, or the right organisational mandate to make them well.
This whitepaper captures the key themes, insights, and recommendations from the workshop. It is intended to give visibility on the current state of sentiment across industry and government, and to inform the practical next steps needed to make AI procurement fit for the governance age.
AI procurement is not a compliance exercise. It is one of the most consequential decisions your organisation will make in the AI era. This whitepaper hopes to surface questions that will help you make it better, let this be a start.
Published by techUK, May 2026. A product of the Digital Ethics and Central Government programmes workshop held in March 2026.
Original article link: https://www.techuk.org/resource/techuk-report-lessons-from-the-ai-procurement-frontline-beyond-the-contract-and-buying-blind-rethinking-ai-procurement-as-a-governance-function.html
