Public sector organisations rarely fail because they lack policies. The real challenge is ensuring those policies are consistently applied in day-to-day decision-making.
Many departments are currently drowning in guidance with policy frameworks, statutory instruments, operational standards and internal procedures. These documents are carefully written, legally robust and meticulously archived. Yet they are rarely embedded into the moment a Senior Responsible Officer (SRO) or Programme Lead is making a high-stakes decision on a Tuesday morning.
Most public sector organisations already have well documented and publicly available policies. The real challenge is understanding how those policies should be interpreted and applied in complex, real-world situations. Decisions are shaped by context, precedent, exceptions and evolving guidance, yet that institutional knowledge is rarely captured in a way that is visible, consistent and auditable.
What’s needed is a fundamental shift in how your organisation manages compliance, moving from passive assurance to active compliance.
1. The pathology of policy failure. Why dense PDFs are ‘decorative’
In parts of the public sector, a culture of ‘compliance theatre’ has emerged. The existence of a 200-page policy on a SharePoint site is often treated as proof of protection. In practice, these documents can be too dense, too disconnected and too difficult to navigate to be used in the flow of delivery.
This leads to a predictable, expensive pathology:
- The late-stage panic. Policy is only consulted when something goes wrong or during a formal assurance gate, sometimes months after the work has already begun.
- The subjectivity gap. Without a single source of truth, two different teams interpret the same policy in different ways, leading to inconsistent services and increased legal risk.
- The accountability trap. SROs are often asked to sign off on risk acceptances late in delivery, when the project has already moved too far to change course and options are limited.
Traditional compliance is a gate, a hurdle that delivery teams try to jump over as quickly as possible. Active compliance however, is a guardrail, a guiding force that keeps the project on track from Day 1.
2. The hidden cost of inefficiency. Search tax v rework tax
As a senior leader, you are under constant pressure to deliver more with less. That means confronting two of the biggest hidden drains on public sector budgets – the search tax and the rework tax.
The search tax
In a typical department, an operator can spend up to 20–30% of their day hunting for the ‘right’ version of a policy. Across an organisation of 1,000 people, this adds up to tens of millions of pounds in lost productivity, every year. This is the cost of fragmented guidance, duplicated documents and SharePoint graveyards.
The rework tax
The rework tax is far more damaging.
It’s the cost incurred when a team spends months building a service, only to be told at a governance gate that they’ve breached a data standard or statutory requirement.
- Three months of delivery and policy work.
- A late-stage compliance rejection.
- Six weeks of rework, a delayed public launch and a burned-out team.
This is not a delivery failure. It is a compliance failure happening far too late in the process.
An active compliance model eliminates the rework tax by ensuring issues are identified in the first week, or avoided entirely.
3. From governance gates to everyday assurance
To an SRO, the most valuable asset is certainty. You need to know that the decisions being made by your teams are aligned with the department’s latest standards.
| Feature | Passive Compliance (The Gateway) | Active Compliance (The Guardrail) |
| Operating model | Check at the end of delivery | Guide decisions as work happens |
| Where policy lives | Static documents in fragmented libraries | Embedded into the tools and workflows teams already use. |
| Risk detection | Retrospective. Issues found after delivery | Proactive. Issues prevented before delivery |
| Adoption model | Manual, high-friction & training-led. | Low-friction, embedded & habitual |
| Value for SROs | Formal assurance with limited operational visibility | Continuous assurance with real-time confidence |
4. The path of least resistance. Why workflow matters
In public services, invisibility is a requirement for adoption. If you build a new ‘AI policy portal’, it will quickly become shelf-ware.
The most successful uses of AI in the public sector do not ask people to change how they work. They meet teams where decisions already happen.
For many departments, that place is Microsoft Teams. It is the environment of accountability, where decisions are discussed, challenged and agreed. It is where delivery actually happens.
When policy is embedded directly into that workflow, it stops being a destination and starts becoming part of the decision itself. A project lead should not need to leave a conversation to check a standard or interpret a regulation. The guidance should be available in the moment, grounded in the latest approved policy and easy to trust.
This is how compliance moves from a document problem to a delivery capability.
5. Why general purpose AI fails the public sector test
There is a growing risk of falling into the ‘licence trap’, assuming that a global, out-of-the-box large language model is sufficient for public sector compliance. It is not.
General purpose AI is optimised for fluency. The public sector requires provenance.
A general purpose model may produce a confident, well-written answer based on its training across the open internet. In government, that is not enough. What matters is whether the answer reflects the latest approved policy, statutory guidance, or ministerial direction.
Two structural gaps make general purpose AI unsuitable for this environment:
The hallucination problem. A general purpose model can generate a plausible response that is factually wrong or legally unsafe. In a departmental context, ‘helpful’ is not good enough. The answer must be correct.
The context gap. Similarly, general purpose models have no awareness of internal guidance, secure policy updates, or recent directives issued and stored inside departmental systems.
AI in the public sector must therefore be grounded. It must operate exclusively against authoritative, approved sources. And when an answer cannot be found, the system must be able to say so.
This is not a limitation. It is a requirement for trust.
6. Case study. Turning a document graveyard into an active asset
We recently applied this framework in a highly regulated, global organisation facing the same structural challenges as large government departments.
Our client had more than 20 years of legacy policy, thousands of conflicting documents and a workforce that had lost confidence in finding the definitive version of the truth.
The solution
We did not simply deploy an AI tool. We built a governed data pipeline that connected fragmented document estates to a secure knowledge agent embedded directly into the organisation’s existing workflow through a Microsoft Teams app – an always-on assistant that understands their organisational context, retrieves approved internal documents, surfaces the exact policy sections that matter and references the source for every answer.
Rather than sending people to hunt through document libraries, trusted organisational knowledge is brought directly to where teams already work. Decisions are supported in real time, with full traceability and confidence that guidance is current, approved and auditable.
Delivered securely within the organisation’s own cloud and network, KnowledgeAgent turned the organisation’s policies from static content into a live delivery capability.
The outcome
The result was a step change in decision confidence.
- Assurance gates have become predictable because work was effectively compliant by design.
- The organisation has recovered thousands of hours of lost productivity and avoided costly rework cycles.
The same structural problem exists across public services. The same operating model applies.
7. The SRO’s AI checklist. How to spot innovation theatre
As an economic buyer, you should be sceptical of AI initiatives that lead with features rather than outcomes. The test is not whether something looks impressive in a demo. The test is whether it materially improves decision-making, compliance and delivery confidence.
Hold your teams to three commercial standards:
Is it grounded in your truth?
If the AI cannot show the exact policy source it is relying on, down to the paragraph and version, it is a risk, not an asset.
Does it fit into existing workflows?
If it requires people to switch tools or open a new portal, adoption will be limited. It needs to live where work already happens.
Is it solving a search problem or a decision problem?
If it only makes documents easier to find, the return will be marginal. If it supports real-time, policy-aligned decisions, it becomes a strategic lever.
8. Strategic shift. From documents to decisions
For senior leaders, the reframing is fundamental. Stop asking how AI can help people find policy faster. Start asking how it can help people apply policy earlier.
The real opportunity for AI in the public sector is to close the gap between written policy and the decisions made under pressure. When that gap disappears, departments do not just become more efficient, they become more accountable.
Compliance stops being something checked at the end of a project. It becomes a built-in capability that allows organisations to move faster, with less risk and full auditability.
From policy to performance
If your organisation is serious about moving from passive assurance to active compliance, the operating model has to change.
KnowledgeAgent is how Catapult turns policy into a live delivery capability. It embeds authoritative guidance directly into the tools your teams already use, providing real-time, evidence-backed answers at the point decisions are made.
The result is fewer governance surprises, faster delivery, stronger assurance and higher confidence for SROs and delivery leaders.
If you want to learn more about how KnowledgeAgent works in practice and how it can be applied safely and securely in your environment, download the case study.
