AI in government: CIOs, take control before it's too late

AI tools such as ChatGPT, Microsoft Copilot and Perplexity are widely used in the public sector. Sometimes planned, but often quietly, out of the sight of IT and security. One thing is certain: this technology will no longer disappear.

This means opportunities for innovation and productivity, but also a growing risk of data leaks, legal errors and uncontrolled archiving.

For CIOs, now is the time to take control. Not by blocking everything, but by setting smart frameworks, putting compliance in order and facilitating use within safe limits.

Also read the blog: Build your own AI colleagues

Using AI without control? Here are the risks

More and more employees are using generative AI in their work. Sometimes for brainstorms or summaries, but also for policy notes or advice concepts.

Without clear agreements and technical control, this poses immediate risks:

• ‍Dates is fed with AI tools with no insight into what is happening to them.‍
• Output may fall under the Archives Act or Woo without anyone knowing.‍
• Decision making becomes more difficult to justify or reconstruct.‍
• Security and Compliance come under pressure, especially as shadow IT increases.

This is not a theoretical problem, especially in government organizations. You are bound by legislation, transparency requirements and social control.

AI output is information: so it falls under your governance

The use of AI not only affects technology, but also your information management.

Output from Copilot or ChatGPT can be archival, for example if it is part of decision-making, policy making or advisory processes. This means that it falls — consciously or unconsciously — under the Archives Act and the Woo.

So the question is not whether you should arrange something, but how quickly you do it.

Microsoft Purview gives you control — if you set it up properly

Many CIOs already have Microsoft 365 (E5), but are not yet using the full capabilities.

With Microsoft Purview also allows you to integrate AI interactions, such as prompts and generated responses, into your information management. Think about:

• ‍Retention policies that apply to AI output‍
• Logging, eDiscovery, and Classification
• Limited access to sensitive AI results

But note: this only works if it is legally and technically well organized. It requires choices about retention periods, accessibility and archival worthiness.

This does not include external tools such as ChatGPT or Perplexity. If you want to get a grip on this, this requires additional measures, such as integrations via APIs or tightening policies.

From preventing incidents to building structure

CIOs who take control now prevent AI from becoming a headache.

By linking clear policies to technical control, you can give employees space to work with AI without losing control. You prevent incidents, stay in control and comply with laws and regulations.

And just as important: you create a foundation for the safe, scalable use of AI in the future.

Take control now? Start with the basics.

A manageable AI practice starts with a good design of Microsoft Purview. In this article, you can read how to do that: Data retention and compliance don't have to be a headache

Curious about how your organization is doing? Take contact join us for an informal exploratory conversation.