Why sovereign AI is now essential for local government

Local government is entering a new phase of AI adoption – one where usage is moving faster than governance can keep up.

While many councils are still shaping formal strategies, the reality inside organisations already looks very different. Employees are using AI to draft reports, summarise information and support everyday decisions, often without formal approval or oversight. Over time, this creates a widening gap between policy and practice, introducing risks that are difficult to see and even harder to manage.

At the centre of this challenge is the rapid growth of shadow AI, as employees increasingly turn to unauthorised tools to meet day-to-day demands.

The current reality – AI use without visibility

AI is no longer confined to pilots or innovation teams. It has become part of everyday work, although not always in ways that are visible to IT or leadership.

According to a recent Microsoft UK study, 71% of employees have used unapproved AI tools at work, with more than half doing so on a weekly basis.  

This pattern of adoption has developed quickly and often informally. When tools are easy to access and clearly save time, they spread without much coordination, particularly in environments where teams are under pressure to deliver more with limited resources.

In local government, those pressures are familiar. Staff are balancing rising demand with constrained capacity, so the appeal of reducing admin or speeding up routine work is immediate. The difficulty is that this uptake rarely follows a consistent path. Different teams adopt different tools, often using personal accounts or free versions, with little shared understanding of how they should be used.

The result is a fragmented picture. It becomes harder to understand where AI is being used, what information is being processed, and whether that use aligns with existing policies.

The hidden risk – when helpful becomes exposure

The challenge with shadow AI is not about intent. People are simply trying to do their jobs more efficiently.

The risk lies in how these tools handle information. When data is entered into public or consumer AI services, it may be processed outside the organisation’s environment, particularly when accessed through unmanaged accounts. That creates uncertainty around where data ends up and how it is used.

Industry analysis suggests this is already happening more often than many organisations expect, with more than a third of employees admitting they have shared sensitive organisational data with AI tools without permission.

In local government, this has wider implications. Data protection requirements, audit processes and public accountability all depend on being able to trace how information is handled. When AI is used in an unstructured way, that visibility becomes harder to maintain.

There is also a practical challenge. Unlike traditional shadow IT, AI sits within everyday workflows – drafting documents, summarising information, analysing data. That makes it less visible and therefore harder to manage through conventional controls.

There is also a broader structural impact. As more unapproved tools are introduced, organisations are not just adding isolated risks, they are expanding their overall attack surface – the number of potential entry points that can be exploited. Shadow AI contributes directly to this by creating new, unmanaged pathways for data to leave the organisation, often beyond the reach of existing security controls.

This challenge is already visible in the sector. Freedom of Information data shows that 27 UK councils reported more than 2,400 suspected data breaches in a single year, highlighting the scale and persistence of pressure on local government systems.

Why restriction alone isn’t enough

When organisations recognise these risks, the instinct is often to introduce tighter controls or restrict access. While that may reduce some visible usage, it does not address why those tools are being used.

AI has gained traction because it helps people deal with practical pressures – volume of work and limited capacity. Those pressures remain, regardless of policy.

As a result, people continue to look for ways to maintain that efficiency, even if it means working outside formal systems. This is less about resisting policy and more about maintaining the ability to get work done.

A more effective starting point is to accept that AI is already part of the working environment and to focus on how it can be used in a way that is both useful and controlled.

What best practice looks like – sovereign, controlled, connected

From here, the focus turns to how AI should be set up in practice.

Sovereign AI provides a useful guide. It is about ensuring organisations retain control over how AI is used – where data sits, how systems operate and how outputs are generated. For the public sector, that control is closely tied to legal and regulatory responsibilities.

In practical terms, this starts with data. Information needs to sit within environments where its location, access and usage are understood. For local authorities, that often means keeping citizen and operational data within UK-based frameworks with appropriate controls.

It also affects how systems are designed. Governance is more effective when it is built into the system itself. When policies and controls sit within workflows, it becomes easier to maintain oversight and ensure outputs align with organisational standards.

Access plays a role as well. When AI tools are linked to identity management, organisations have a clearer view of who is using them, reducing reliance on personal accounts.

Finally, there is the question of how systems connect. Fragmentation makes governance harder. Bringing data, workflows and tools into a more unified structure makes it easier to apply consistent controls.

From fragmented tools to embedded intelligence

A common thread across these challenges is fragmentation. Disconnected systems and siloed data make it difficult to introduce AI in a coordinated way, while also encouraging the use of external tools that feel quicker or easier.

Moving away from that model involves rethinking how AI is introduced. Rather than adding standalone tools, organisations are starting to integrate AI into the systems where work already takes place.

This reduces the need for workarounds and makes it easier to apply governance consistently. AI becomes part of normal operations, rather than something separate that needs managing alongside existing processes.

Enabling sovereign AI in practice – IQ for Government

For many local government organisations, this is where the discussion becomes more practical. The need for a more controlled approach is clear, but the challenge is implementing it without adding complexity.

IQ for Government is designed with that in mind. It brings together workflows, data and AI within a single, secure environment, allowing teams to use AI as part of their existing processes rather than through separate tools.

This helps address some of the drivers behind shadow AI. When approved tools meet day-to-day needs, there is less reason to rely on external alternatives. At the same time, organisations gain a clearer view of how AI is being used and how information flows through the system.

Governance sits alongside the AI itself, shaping how it is used within workflows and helping maintain consistency. The platform also reflects the importance of data control, operating within a UK-based, sovereign environment that allows organisations to define clearer boundaries around how information is stored and processed.

The AI platform that forms a core part of IQ for Government is backed by ISO 42001 accreditation – the global ‘gold standard’ for responsible AI usage and governance.

A more confident path forward

AI will continue to shape how local government operates, regardless of where organisations are in their adoption.

The focus now is on making sure it is used in a way that reflects the realities of public service delivery – with proper control over data, clear oversight, and confidence in how outcomes are produced.

Sovereign AI supports that shift. By bringing governance and usability together, it allows councils to make practical use of AI without losing sight of their responsibilities around data protection, accountability and trust.

As AI becomes more embedded in day-to-day work, that balance becomes increasingly important.

---

Learn more

Don’t miss our whitepaper: Redefining work in local government with embedded intelligence to find out how intelligent, connected systems and responsible AI can drive efficiency and enable smarter, data-driven decision making.

We’re also hosting a live webinar on 7 July, which takes an in-depth, practical look at how IQ for Government can help you and your teams achieve more, focusing on IQ’s three core pillars: Intelligent, Connected, Trusted. The webinar will be available free and on-demand post-event.