Incorporating Generative AI into Public Sector Contracts Goes Beyond the AI Act

Artificial intelligence (AI) is profoundly reshaping the way organizations source, develop and manage technology. For the public sector, this transformation is particularly impactful, as authorities must balance innovation with transparency, compliance and responsible use of public funds. Contracting authorities today face growing pressure to understand how AI affects procurement cycles, vendor selection, risk allocation and long-term contract management.  

An essential consideration for public sector contracting officers is that AI is not a static technology. On the contrary, risk levels, market capabilities, algorithm maturity and even cost models can change weekly – or even daily. For public buyers, this means operating in an environment of continuous uncertainty: what is compliant, cost-effective or technically suitable today may no longer be so in the near future. Procurement decisions must therefore be designed as dynamic processes, where continuous monitoring, periodic requirements reassessments and evolving supplier management are integral to the strategy. 

Here are three ways AI is transforming technology sourcing – and what this means specifically for public sector buyers. 

1. AI as an integral component of tech services 

In today’s digital economy, almost every IT product or service incorporates some degree of AI. For public administrations, this means that AI-enabled functionality is increasingly embedded in citizen services, health and social care tools, public safety applications and cybersecurity systems. 

A major consequence of this trend is the automation of routine tasks. AI-driven automation increases efficiency and scalability, supporting public sector priorities such as reducing administrative burden and improving service quality despite budget constraints. But it also disrupts traditional pricing models. Public contracting officers must now determine how to evaluate offers where value depends not on labor hours but on algorithms, datasets and performance indicators. 

Indeed, traditional cost-based pricing often no longer applies when automation changes the volume, complexity and nature of work. One key approach is autonomy-level pricing, where the level of AI autonomy in performing tasks – ranging from decision-support to fully automated operations – directly influences cost allocation and service value. 

In addition, the rapid evolution of AI technologies creates technical uncertainty. For procurement teams, defining whether an AI-enabled system should be purchased as a product or a service becomes a critical decision that affects budgeting models and regulatory compliance. Organizations now need frameworks for defining and specifying IT services in the context of constantly shifting technical boundaries. This is especially important for public bodies operating under strict tendering and transparency rules. 

2. Sourcing AI capabilities 

AI not only transforms what organizations buy, it also transforms how they build their internal technological capabilities. Governments all over Europe are investing in digital transformation, but each public authority must decide which AI skills – such as data governance, model monitoring or algorithmic oversight – should be developed internally and which ones can be sourced from trusted partners.  

But which AI capabilities should they acquire? Public authorities have different missions: a transport authority may prioritize demand forecasting, while a healthcare provider may require diagnostic support or secure data-sharing capabilities. To ensure a successful and sustainable future, organizations must evaluate their business models, data assets and ethical frameworks to determine which AI to run internally and which to outsource. For the public sector, this must also comply with the national digital strategies, public accountability requirements and evolving EU AI regulations.  

Strategic sourcing decisions must therefore be aligned with both immediate operational needs and long-term vision for digital transformation. Partnerships with AI vendors, startups and cloud providers can accelerate capability development – but they also introduce new dependencies that must be carefully managed through clear public procurement guidelines, vendor due diligence and exit strategies that preserve data sovereignty.  

Furthermore, the challenge is not only selecting which AI capabilities to acquire but also recognizing that these capabilities change rapidly. Models can appear state-of-the-art today but may become outdated within months, while new market entrants introduce more efficient or regulation-compliant solutions. Therefore, contracting authorities must adopt an adaptive approach to supplier management, continuously evaluating technological maturity, vendor sustainability and solution relevance to evolving public needs.  

3. The impact of AI on contractual terms 

AI raises complex legal and contractual challenges that traditional IT contracts were not designed to address. In the public sector in the EU, contracting officers must ensure that all contractual provisions comply with the EU law, national procurement rules and sector-specific regulations. Examples include: who owns AI-generated insights or content? How is accountability allocated when an AI system influences the administrative decisions? How should public bodies monitor algorithmic fairness and transparency? 

Furthermore, the emergence of regulatory frameworks – including but not limited to the European AI Act – introduces additional obligations related to transparency, safety and compliance. These obligations are even stricter for public sector, often involving high- or very high-risk systems. But for public sector contracting authorities, the challenge is not just knowing EU legislation or related frameworks but translating these rules into actionable sourcing decisions.  

In an AI-driven environment, contract clauses must evolve to address the dynamic nature of AI systems. For example: 

• Ethical use of AI: to define principles of transparency, fairness, explainability and human oversight to guide the responsible design and development of AI systems.

• Data protection and privacy: to ensure full compliance with GDPR and other relevant data protection laws, particularly regarding the collection, storage and processing of large datasets used for training and inference. Given that GenAI systems rely heavily on large and often sensitive datasets, specific attention should be paid to data provenance and data subject rights.  

• Intellectual property rights: to clarify ownership of AI-generated outputs, datasets, algorithms and any derivative work created using AI tools.  

• Liability and indemnification: to allocate responsibilities and risks between parties in case of malfunction, bias, misuse or legal non-compliance arising from AI operations. These clauses are critical to protect both users and providers from unforeseen damages, clarifying responsibilities for maintaining model accuracy, data integrity and lawful use.  

• Performance and quality assurance: to establish measurable criteria for accuracy, reliability and service performance. These clauses should also outline mechanisms for monitoring and auditing AI models, regular retraining procedures and agreed-upon thresholds for acceptable performance degradation.  

• Termination and exit strategies: to define conditions and procedures for safely discontinuing, transferring or replacing AI solutions without data loss or business disruption. These clauses should also help avoid vendor lock-ins, thus allowing organizations to transition to new providers or in-house solutions with minimal disruption.  

• AI solution and price benchmarking: to include provisions for comparing AI services, technologies and pricing against industry standards to ensure ongoing competitiveness, fairness and transparency.  

• Third-party relations: to address dependencies on external data providers, model developers or infrastructure partners, ensuring proper due diligence and compliance.  

• Dispute resolution: to establish clear processes for handling disagreements, including escalation paths, mediation or arbitration procedures and governing law to facilitate timely and fair resolution without jeopardizing business continuity.   

For the public sector, these clauses ensure that AI systems remain transparent, lawful and aligned with public interest – even as technology evolves.  

Also, because AI evolves so quickly, contracts cannot be static documents. Public buyers must include mechanisms for ongoing updates, periodic performance reviews, alignment with new regulatory obligations, and the ability to replace technology components in case of sudden obsolescence. Such contractual flexibility is critical to avoid locking public administrations into solutions that may no longer be compliant, secure or efficient relative to the current market state. 

Incorporating Generative AI into Public Sector Contracts: Beyond Regulatory Compliance 

Incorporating GenAI requires more than compliance with the European AI Act. For public bodies, the challenge is to introduce GenAI in a way that safeguards institutional trust, prevents bias in administrative decisions and ensures responsible data management across agencies and jurisdictions. This broader framework aligns with the 2020 European Strategy for Data, the 2020 Data Governance Act and the 2022 Data Act and European Common Data Spaces. Officers for public sector contracting authorities must therefore embed GenAI in a trusted data ecosystem that supports interoperability, citizen rights and secure data sharing across governments.  

How Should Organizations Use AI in Technology Sourcing?  

Public administrations should consider the following four strategic and operational steps when incorporating AI into their IT services:  

1. Integrating AI: understand the extent to which AI is embedded in the solution you procure for citizen services or internal operations. Assess the efficiency gains and how these improvements may influence future pricing and value for taxpayers. Ensure that productivity gains are shared equitably between vendors and public bodies.  

2. Procuring AI capabilities: following a thorough AI maturity assessment, clearly define which AI capabilities are required. Clarify what can be developed internally (e.g., data governance) and what should be sourced externally (e.g., specialist training). 

3. Writing new contracts for AI: ensure that contracts reflect the latest best practices for AI, going beyond regulatory compliance with the AI Act. Include clauses that safeguard ethical use, data privacy, intellectual property, liability allocation and performance monitoring. Public sector entities should also require auditability and algorithmic logs, ensuring oversight for automated decisions. 

4. Ensuring compliance and accountability: align procurement and implementation with the EU AI Act risk classification and national regulations, ensuring traceability and periodic evaluation.  

Navigating the rapidly evolving AI landscape in technology sourcing is particularly challenging for public administrations, which must make decisions that are innovative yet compliant and cost-effective yet secure.  

ISG helps public sector clients by assessing AI maturity, defining sourcing strategies and implementing AI-ready contracts that maximize efficiency while mitigating legal and operational risks. Partner with us to ensure your AI initiatives are aligned with public mandates, ethically responsible and legally sound, giving contracting officers the confidence to make informed, defensible and future-proof sourcing decisions.