AI Governance for Local Councils: What Leaders Need in Place Now

Most UK councils have no AI governance policy. They have data protection policies, information security policies, and acceptable use policies — but these were written before AI became a practical tool in council operations. They do not address algorithmic accountability, model transparency, or the human oversight obligations that apply to automated decisions affecting members of the public.

This gap is not academic. When an AI system contributes to a benefits decision that is subsequently challenged at tribunal, or a planning recommendation that is found to have applied criteria inconsistently, the council carries the liability. The fact that a third-party AI supplier provided the system is not a defence.

UK GDPR Article 22 already prohibits solely automated decisions that produce legal or similarly significant effects without explicit human review and the ability for individuals to request human reconsideration. Many councils are already in breach of this requirement in their current AI deployments — not because the systems are new, but because the human oversight mechanisms are not documented or consistently applied.

The Public Sector Equality Duty adds a further layer. Any AI system used in service delivery must be shown not to discriminate on protected characteristics. Councils must be able to demonstrate this with evidence, not assertion.

An AI register. A complete inventory of every AI system in use across the council, including supplier-embedded AI in existing platforms, with risk classification against the EU AI Act categories and UK GDPR obligations.

An AI governance policy. A board-approved policy covering accountability, acceptable use, human oversight requirements, and incident response. This must be a living document reviewed at least annually, not a one-time exercise.

A decision accountability framework. For every AI-assisted decision that affects a member of the public, a documented process showing who made the final decision, what AI input was considered, and how the individual can seek review.

Staff training. Officers using AI tools must understand what the system can and cannot do, where its outputs are reliable, and when human judgement must override the AI's recommendation. Training is not optional and "AI literacy" is not sufficient — role-specific training against specific tools is what works.

Start with an honest audit of what AI is already in use across your council. This is nearly always more extensive than senior leaders realise. Once you know what you have, you can prioritise by risk. High-risk systems — those affecting decisions about people — need governance in place immediately. Lower-risk administrative tools can follow in a second phase.

The councils that build this governance infrastructure now will have a material advantage when the next round of government AI guidance is published — and when the AI Act's obligations for public-sector AI crystallise in 2026.

Simon Steggles is a Fractional AI Director with current NPPV3 Police vetting and Royal Navy 1984–90 service (Cat 3 PV at the time, now superseded by DV), working with UK local councils and SMEs on AI governance, strategy, and board-level leadership. He has delivered over £300,000 in documented AI-driven savings for UK public and private sector organisations.