Guide7 min read

Is It Safe to Use AI for Government Work?

Yes, with limits. Follow your department's AI policy, keep sensitive material out of consumer chatbots, and anonymise citizen data before any prompt.

By Pierre de ONYRI

Yes, AI has a place in government work — but only under strict conditions. Three rules carry most of the weight. Never paste identifiable citizen data into a consumer chatbot. Never move classified or restricted material outside the tools your organisation has approved. Keep a named human accountable for any decision about a person. The reason is simple. The public did not choose to deal with you. They cannot take their business elsewhere. That raises the duty of care above the commercial standard, not below it. And the guidance already exists: it is public, and it binds you.

Why citizen data is not like other data

An unhappy customer switches supplier. A citizen cannot. They do not choose their tax office, their benefits agency or their council. They hand over their data because they have to. That absence of an exit changes everything. It raises the bar rather than lowering it.

The material moving through a public body is also unusually dense. Named case files. National identity numbers. Case references. Unpublished internal briefings. Live procurement documents. Draft policy. Every one of them has a reason to stay out of a consumer chatbot.

The failure mode is not exotic. It is not a sophisticated cyberattack. It is a stressed caseworker at 5pm, pasting a named citizen's whole file into a public assistant to "speed up the summary". The action takes two seconds. It moves the data outside your organisation's perimeter.

The guidance already exists — and it is public

On 10 February 2025, the UK government published its "Artificial Intelligence Playbook for the UK Government" (Government Digital Service and DSIT). It widens and replaces the earlier generative-AI framework from 2024. It sits on GOV.UK, open to anyone. The consequence is direct: "I didn't know there was guidance" is no longer a defensible position.

The Playbook is built around ten principles for public servants. Several speak straight to the act of pasting text into a chatbot.

  • Know what AI is and where it fails.
  • Use AI lawfully, ethically and responsibly.
  • Know how to use AI securely.
  • Keep meaningful human control at the right stages.
  • Apply these principles alongside your own organisation's policies, with the right assurance in place.

That last point matters most, and gets forgotten first. The central guidance does not replace your internal rules: it tells you to follow them. The prohibition on moving sensitive or protectively marked material does not live in the Playbook. It lives in your department's own information-handling policy. And that policy binds you already, today.

The Playbook adds one demand that applies directly to casework. Humans must validate high-risk decisions influenced by AI. Where real-time review is impossible — a live chatbot, for instance — human control has to be exercised elsewhere in the system's design and deployment. Read across to a benefits queue: a decision about a citizen should never be the unreviewed output of a model.

What the cyber-security authority says

The UK's National Cyber Security Centre (NCSC) is blunt about large language models. Queries sent to a hosted LLM are visible to the provider. They are stored. They may be used in developing the service or future models. Its advice fits in one line: take great care over what you put in a prompt. Its worked example is precisely an employee who should not disclose sensitive or non-public information to a public tool.

The NCSC also treats prompt injection as a structural weakness, not a bug awaiting a patch. A language model cannot reliably tell an instruction apart from data supplied to help it follow that instruction. Its advice to organisations building on LLMs: design the system so you can live with the worst case of whatever the model is allowed to do. That matters for any agency wiring an assistant into internal systems.

Data protection and high-risk uses

The Information Commissioner's Office (ICO), the UK's data protection regulator, publishes dedicated guidance on AI and the UK GDPR. Its demands read easily in a public-sector setting. Identify a lawful basis. Run a DPIA (Data Protection Impact Assessment) for high-risk processing. Be able to evidence fairness, transparency and accountability in how personal data is used.

The takeaway is simple. Pasting citizen data into a third-party model is a processing operation like any other. The department remains the controller. The department answers for it. For readers in the European Union, those duties sit in the GDPR itself and with a national authority such as the CNIL. In the United States there is no single federal analogue: your framework depends on your agency, your state and your sector.

The EU AI Act, Regulation (EU) 2024/1689, adds a layer for public bodies. Its Annex III classes several public-sector uses as high-risk. AI used by a public authority to assess whether people qualify for essential public assistance benefits and services, healthcare included. AI used to grant, reduce, revoke or reclaim them. The triage of emergency calls and the dispatch of first responders. High-risk obligations apply from 2 August 2026. So an assistant that helps sift eligibility is not simply a productivity tool.

Do not over-read it, though. Annex III targets systems that make or support those specific determinations. It does not say that every AI use in a ministry is high-risk.

The common assumptionWhat actually applies
“We have no rules on AI”Most governments have issued staff guidance; in the UK, the AI Playbook is public on GOV.UK
“The chatbot forgets what I send it”The NCSC notes that queries to a hosted LLM are visible to the provider and stored
“An internal briefing isn't personal data”Maybe not — but your department's information-handling policy still governs it
“It's only assistance, not a decision”The ICO expects a lawful basis and a DPIA; the AI Act classes some public uses as high-risk
The risk is not using AI — it is the material you leave in the prompt and the decisions you hand over.

Approved tools, records and transparency

A word on foreign providers. Several governments and agencies have restricted particular AI apps on official devices. The point is not to track who banned what. It is to check your own organisation's approved-tools list, rather than assuming a popular tool is allowed.

The second blind spot is records. A document produced with AI help may itself be a disclosable record, subject to records-management and freedom-of-information rules. Regimes differ by country. Check your records and access obligations before you draft, not after.

The fix: anonymise before you send

The control that works is unglamorous. It strips citizen identifiers before the text ever reaches a model. Names. National identity numbers. Case references. Addresses. Contact details. The model then reasons about the shape of the problem, without ever seeing who is behind it.

Two-part diagram: at top, a citizen record card with its rows in the clear and an official document bearing a classification stamp, both amber, travel toward an AI card showing a risk alert; at bottom, the same card and document are anonymised into cobalt token chips, and the AI card, backed by an institutional shield, receives only tokens with a checkmark.
After the AI Playbook for the UK Government (GOV.UK), the NCSC's guidance on large language models, and the ICO's guidance on AI and data protection.
  1. 1Read your organisation's AI policy — it exists, and it takes precedence.
  2. 2Never send classified or protectively marked material to a consumer tool.
  3. 3Anonymise citizen identifiers before any prompt, whatever the tool.
  4. 4Use only the tools your organisation has approved or assured.
  5. 5Keep a named human accountable for every decision affecting a person.

That is what ONYRI Sanitize is for. The engine detects sensitive data — names, identity numbers, case references, addresses, contact details — and replaces it with reversible tokens before sending. Detection and the mapping stay in your browser. Only anonymised text reaches the model. You keep the help of AI, without moving data outside your perimeter that the citizen never chose to hand you.

Frequently asked questions

Is it safe to use AI for government work?
Yes, with limits. AI can help you draft, summarise or clarify with no citizen data at all. But never paste citizen identifiers or classified material into a consumer chatbot. Follow your organisation's AI policy: in the UK, the government's AI Playbook is public on GOV.UK. And keep a named human accountable for any decision that affects a person.
Can I paste an internal or sensitive document into ChatGPT?
Not into a consumer tool. The NCSC notes that queries sent to a hosted LLM are visible to the provider, stored, and may be used to develop the service or future models. More to the point, your department's information-handling policy already governs where protected documents may go. Check your organisation's approved-tools list before you act.
Is AI used by a public authority automatically “high-risk”?
No, not automatically. The EU AI Act, Regulation (EU) 2024/1689, lists specific uses in Annex III: assessing eligibility for essential public assistance benefits and services, granting, reducing, revoking or reclaiming them, and triaging emergency calls. High-risk obligations apply from 2 August 2026. Routine office use does not fall into that category.

Sources & references

Keep your sensitive data in your browser

ONYRI Sanitize detects and masks your sensitive data before it reaches the AI, then restores the answer — from names to API keys.

Anonymize my prompt

Read next