techUK report - Lessons from the AI procurement frontline: Beyond the contract and buying blind: Rethinking AI procurement as a governance function

Most organisations don't build AI. They buy it. And that changes everything.

For the overwhelming majority of businesses, public sector bodies, financial institutions, and enterprises of every size, artificial intelligence enters the organisation through procurement. Not through internal development. Not through data science teams. Through a contract.

That makes procurement one of the most consequential control points in AI adoption today. And yet, in most organisations, it is still not being treated that way.

What we did

In March 2026, as part of Procurement Week 2026, techUK convened a cross-sector half-day workshop bringing together AI vendors, procurement professionals, legal practitioners, risk managers, consultants, and policy actors. The goal was practical and focused: to identify the questions that actually help organisations evaluate AI systems, and to separate meaningful evidence, of standards, risk mitigation, and post-deployment accountability, from the marketing language that too often substitutes for it.

The session featured a keynote from Phil Belzar, AI and Automation Commercial Lead at Crown Commercial Service, setting out the government's AI procurement infrastructure and strategic expectations. Partners from T3, a specialist AI governance and compliance consultancy, provided a frank account of the risk categories organisations consistently underestimate, from hidden integration costs and operational failures at scale to the governance gaps that risk management frameworks and regulations will expose.

Maria Axente, founder of Responsible Intelligence and a pioneer of AI governance frameworks, issued the session's defining challenge: that AI procurement has not yet been given the strategic status it deserves, and that until procurement is treated as a genuine governance function, not a commercial one running parallel to governance, organisations will remain exposed in ways they may not fully understand until something goes wrong.

What we found

The workshop produced a candid and, at times, uncomfortable picture of a field under significant strain.

Procurement cycles built for traditional software are structurally mismatched with the pace of AI development. Technical literacy on the buying side remains insufficient. For example, model cards are rarely requested, largely because most procurement professionals do not yet have the knowledge to interpret them. Vendor disclosures are largely inadequate, and buyers currently lack either the leverage or the technical knowledge to demand more. AI washing is real and widespread. Liability remains almost entirely unresolved. And AI is regularly being activated within existing contracted products, sometimes without buyer knowledge and frequently without any contractual provision to govern it.

But the workshop also surfaced genuine momentum. Towards minimum viable due diligence frameworks that any organisation can apply regardless of scale. Towards product-level certification, as distinct from organisational accreditation. Towards a recognition that procurement professionals need and deserve a seat at the AI governance table. And towards the kind of vendor-buyer collaboration that could make procurement conversations more transparent and more trustworthy for both sides.

As liability becomes a defining policy question in 2026, and as clear frameworks for allocating responsibility across complex, multi-player model AI supply chains remain absent, organisations are falling back on tort and contract law to manage risks those instruments were never designed to address.

The decisions being made in procurement processes right now about which AI systems are permitted into an organisation, and on what terms are governance decisions. They carry legal, ethical, and operational consequences that extend far beyond the contract. And they are being made, in too many cases, without the right questions, the right skills, or the right organisational mandate to make them well.

This whitepaper captures the key themes, insights, and recommendations from the workshop. It is intended to give visibility on the current state of sentiment across industry and government, and to inform the practical next steps needed to make AI procurement fit for the governance age.

AI procurement is not a compliance exercise. It is one of the most consequential decisions your organisation will make in the AI era. This whitepaper hopes to surface questions that will help you make it better, let this be a start.

Published by techUK, May 2026. A product of the Digital Ethics and Central Government programmes workshop held in March 2026.

To find out more or get involved in our AI Assurance work, contact the team below:

Technology and Innovation programme activities

techUK bring members, industry stakeholders, and UK Government together to champion emerging technologies as an integral part of the UK economy. We help to create an environment where innovation can flourish, helping our members to build relationships, showcase their technology, and grow their business. Visit the programme page here.