Harnessing Artificial Intelligence in Social Security

To unlock the potential of AI for better and more cost-effective public services, a strong governance framework around AI is required. In other words, it is not enough to have specialised teams that adopt specific AI tools, but there need to be structures at both the national and organisational levels to govern AI in a way that ensures its use is effective and trustworthy.

Drawing on the EU AI Act and the OECD Framework for Trustworthy Artificial Intelligence in Government (OECD, 2025[1])), this chapter focuses on three pillars of successful public sector adoption: enablers, guardrails, and engagement. Enablers refer to the infrastructure, data, skills, and governance needed to support AI implementation. Guardrails cover the legal, ethical, and oversight measures that help manage risks and align AI use with public values. Engagement highlights the importance of involving staff, users, and stakeholders in designing and deploying AI systems. Further, these pillars contribute to creating an AI-enabled public administration that is productive, accountable, and responsive to the needs of people and businesses it serves.

These pillars are also especially critical in the social security sector, where AI systems are used within the context of decision-making related to benefits and service delivery. Social security organisations therefore need to build the enablers, guardrails, and engagement approaches within their organisations, but they will equally need to work with central government authorities, multilateral systems, and other sectors to ensure a coherent and impactful use of AI, while meeting regulatory requirements.

To help provide insight into the development of these governance frameworks across the EU and beyond, this chapter uses preliminary data captured for the AI elements 2025 OECD Digital Government Index (OECD, Forthcoming[2])). The data has been collected in 2025 and covers the 2023-24 period. The responses to the AI Annex included 22 EU countries and 18 non-EU countries. All countries are either OECD Member or Accession countries.1

This data, collected from countries at the national level, helps compare trends across countries. Where possible, additional examples have been included from the social security sector to help highlight the interplay between national and organisational approaches to create a shared governance framework for the effective and trustworthy use of AI.

Enablers are essential for the effective implementation of AI in government. They establish the conditions that allow AI to be designed and deployed effectively, responsibly, and with confidence by skilled public sector professionals. Key enablers are strong AI governance (including strategic approaches to AI and data), AI capabilities (including infrastructure, skills, and talent), and collaborations and partnerships. These all require both efforts at the national level from a central authority or co-ordinating body for AI, as well as at the organisational level within social security institutions to ensure that they are equipped with what they need to be effective in supporting the delivery of benefits. While this chapter focuses on the key governance and technical enablers, the important workforce-related enablers are covered in Chapter 3.

Prior analysis from this project (OECD, unpublished[3]) indicates that AI adoption remains in the early stages in the social security sector in France and Italy, with institutions engaging in testing, piloting, and experimentation to explore opportunities and manage risks. While progress is being made organically – driven by IT or statistics teams and supported through internal consultation – key enablers such as governance, infrastructure, data access, and digital skills are still evolving alongside the technology. However, there is a need for clearer, institution-wide AI strategies to consolidate the strategic direction taken with respect to AI, support infrastructure upgrades, improve data sharing, and scale up promising AI use cases. There is also a clear opportunity for the exploration of AI to be further enabled with greater collaboration at the national level and the better sharing of AI tools across institutions.

Strategy documents are fundamental to drive the implementation of AI, establish long-term goals, and plan investments. Complementing the national strategies, organisations in the social security sector could develop institutional or sectoral strategies to steer the adoption of AI, targeting their users’ specific needs. These strategies could provide the necessary weight to help overcome the key challenges around modernising infrastructure for additional computing capacity, improving the access to and sharing of data, and providing a clear mandate to scale the pilot projects.

Many national governments have a national AI strategy (91% among participating EU Members and 78% of participating non-EU Members, cf. Table 2.1). Any complementary strategy at the institutional level would need to be aligned with the overarching vision and framework of the national strategy to deliver a cohesive use of AI across the public sector to maximise its impact.

For example, Finland provides a strong example of strategic alignment between national and organisational-level AI efforts. Its national AI strategy supports public-sector innovation through funding, infrastructure, and workforce development. Further, Finnish institutions – like Kela and DigiFinland – described Finland as a “data-driven country”, with a data governance being designed for decades. At the same time, the national social security agency, Kela, has embedded AI and automation in its organisational strategy to improve service delivery and internal efficiency. By aligning national objectives with agency-level implementation, Finland ensures coherence across policy, investment, and execution—maximising the impact of AI to build more responsive, secure, and citizen-centred social security systems.

Depending on the governance systems and the degree of autonomy, a strategy might also be needed at the local level. For example, the city of Helsinki operates under a well-defined ethical AI framework that complements Finland’s national strategy by promoting transparency, fairness, and human oversight within its context of service delivery. Similarly, the Spanish region of Catalonia has an AI strategy that sets out local investment plans and stresses the need to consider the local language.

Strategic investment in AI initiatives – including dedicated funding and clear procurement guidance – is vital for the adoption and sustained implementation of AI in government. It enables agencies to develop high-quality solutions, attract talent, and build necessary infrastructure. Without dedicated funding for AI initiatives, efforts risk being fragmented, under-resourced, or poorly implemented. Targeted investments can accelerate innovation, reduce risks, and allow governments to deliver smarter, more efficient public services. Finally, clear procurement guidance can also help to ensure that AI tools are ethical, secure, and aligned with public values.

When looking at what is driving investment decisions on AI systems in the public sector, as shown in Table 2.2, 27% of EU Member countries report not having adopted any specific criteria, as opposed to 28% of non-EU member countries. This statistic highlights the need for EU Member countries to adopt a strategic approach to AI investment, which was again reflected in the earlier analysis of the social security institutions in France and Italy (OECD, unpublished[3]). While there were efforts underway towards longer-term planning, these were still in their initial phases as the existing investment focused on pilots using in-house capabilities and some exploration of what capabilities should be sourced from the private sector. No approach appeared to have strong co-ordination or oversight at the organisational or national level.

Public sector AI investment across EU Members is governed in a range of different ways, from decentralised frameworks to highly centralised oversight. For example, in Austria, individual ministries independently define their investment directives in line with the country’s central AI strategy. In contrast, Bulgaria centralises decision-making through the Ministry of Electronic Governance, which exercises financial and strategic control over all ICT and AI-related expenditures. In France, the Interministerial Directorate for Digital Affairs (DINUM) co-ordinates investments to ensure that decisions are both problem-driven—requiring clear, quantifiable benefits—and strategically aligned with national objectives outlined in its AI strategy. Hungary emphasises cost-efficiency and bureaucratic reduction, guided by political priorities and supported by its AI Coalition. While approaches vary, commonalities include increasing emphasis on demonstrable value, alignment with national digital strategies, and the integration of AI within broader public sector modernisation efforts.

By taking a strategic approach to investment in AI, there could also be opportunities to explore shared approaches to secure and sovereign solutions, as well as to facilitate resource pooling and shared expertise. In this way, a more strategic European investment could thereby support more sustainable and inclusive AI adoption across the EU, especially when its member states are facing budgetary constraints.

Dedicated funding for AI in government – either at the national or organisational level – ensures sustained investment in the infrastructure, in-house talent, and research necessary to develop and deploy trustworthy, high-impact AI systems aligned with public values. It can also enable strategic planning and co-ordination across departments, reducing fragmentation and enhancing the scalability and effectiveness of AI-driven public services. While funding at the national level can help to overcome budgetary pressures at the organisational levels and ensure more cohesive approaches across government, dedicating part of an organisation’s budget towards innovative solutions can be an effective way in exploring AI within the social security institutions.

The data in Table 2.3 shows that there is an almost equal and high rate of funding reported to be available for AI initiatives within participating EU and non-EU Members. However, it is worth highlighting that the majority of funding available across both sets of countries is also part of broader funding for digital and ICT proposals. While this can mean that AI is more integrated into general investment decisions on digital and ICT investments, competing for general funding can risk limiting the experimentation and development that is required at this early stage of AI adoption across public administrations.

Funding models for AI adoption in the public sector across the EU exhibit significant variation in structure and centralisation. For example, Austria relies on a decentralised approach, with each ministry managing its own AI-related budget. Portugal similarly integrates AI funding within broader digital transformation programs, aligning resources with strategic national objectives. France, by contrast, channels targeted investments through centralised mechanisms such as the Public Action Transformation Fund (FTAP), which supports interministerial initiatives like the ALLiaNCE incubator. At the organisational level, the City of Helsinki, in Finland, funds an “experimentation accelerator”, an in-house program to explore and develop AI pilots (see also Chapter 3).

Dedicated funding for AI would also propose an opportunity to complement the efforts around attracting and developing AI talent and skills (such as those discussed in Chapter 3). Complementary efforts to retain these newly developed competencies may also be important to ensure that the benefits of such investments are sustained over time.

Where organisations are not developing AI systems entirely in-house, procurement guidance is critical to ensure that acquired systems meet rigorous ethical, legal, and technical standards, particularly in sensitive or high-risk contexts. Internal support tools such as guidelines, standard clauses, or lists of suppliers, also enhance institutional capability to assess, manage, and monitor AI solutions, fostering transparency, accountability, and long-term public value. The data shows a growing emphasis on the role that procurement needs to play with 50% of the participating EU Members and 56% of non-EU Members supporting the procurement of AI in the public sector.

However, there are diverse procurement approaches. For example, Lithuania emphasises innovation-driven procurement through legal frameworks, pre-commercial procurement models, and centralised procurement support. France has a structured procurement strategy, prioritising secure, sovereign, and mature AI solutions, and will launch a national call to identify generative AI tools for rapid public deployment to support this. Sweden provides national guidance on responsible AI procurement, including specific recommendations for generative AI. While Czechia and Hungary are in transitional phases, updating strategies and preparing institutional support mechanisms to align with the requirements of the EU AI Act (see Guardrails section for more on this).

Depending on the national context, these procurement approaches may be appropriate for use within social security institutions to streamline the procurement process, achieve value for money, and achieve more innovative procurement processes. Where these central arrangements do not exist within a national context, it may be necessary for organisations to consider equipping procurement teams with a level of AI literacy necessary to navigate the procurement of AI systems, as well as to make use of shared resources like the EU’s AI model contractual clauses.2

Scalable infrastructure ensures AI solutions can access computing power when needs grow with demand, to enable faster development, better decision-making, and by extension, more efficient public services.

At the organisational level, many social security institutions are weighing between on-premises, cloud, and shared computing infrastructure and data centres. On-premises infrastructure can offer greater control over sensitive data and may support strict compliance needs but can also be more costly to maintain and less scalable. Cloud solutions can offer more flexibility, easier access to advanced computing power, and potential cost savings, though they may raise concerns around data sovereignty and vendor lock-in. Shared infrastructure across various actors can also be a way to reduce duplication, and lower costs across agencies, but require strong governance, co-ordination, and controls in place to align data privacy and security. Considering infrastructure and data, Table 2.5 provides an overview of the key components that are being used to support the integration of AI in the public sector – either as the main infrastructure solution or as part of a hybrid model that combines them.

Examples from across the EU reflect varying national priorities in security, interoperability, and digital sovereignty. At the national level, France encourages trusted cloud adoption through its State Cloud Strategy, prioritising SaaS solutions certified by SecNumCloud. Belgium and Slovenia offer centralised government cloud platforms to streamline service delivery. Ireland provides cloud procurement guidance to ensure secure and efficient adoption across agencies. Italy explores cloud applications case by case within its public sector innovation framework. In Austria, the IT services of social insurance institutions, ITSV, run their AI model on-premises, using application containers for additional security. A similar choice has been made by Kela in Finland, running their AI platform on-premises. Kela’s platform also runs on application containers, using free and open-source software, for security, stability, and easy replication. These efforts reflect a collective and strategic shift toward sovereign compute capacity to ensure secure and scalable AI systems.

Access to high-quality, accurate, and relevant data is fundamental to the effective and trustworthy use of AI in the public sector. AI systems rely on data to learn, make predictions, and support decision-making; and any flaw or bias in the data used to train an AI model will impact its outcomes. In the social security sector, this is particularly critical, as AI tools may influence decisions on benefit eligibility, fraud detection, or personalised service delivery. These are all areas where the choice of data to include in the model can lead to serious, even harmful consequences for individuals.

Data governance frameworks enable a coherent vision for data usage and sharing, ensuring a clear strategy for data usage, handling, and sharing across all levels of government. At the same time, data governance can help public sector organisations handle data responsibly, by safeguarding privacy and data security, and fulfilling regulatory requirements, thus creating a foundation for trustworthy AI systems.

As shown in Figure 2.2, the six elements composing the OECD Model Framework on Data Governance in the Public Sector (OECD, 2019[4]) all impact how data can be used for AI. Ensuring data can be an enabler for AI adoption requires updating the data strategy to align it with broader AI goals, providing high-quality structured data, building interoperability solutions, fostering data sharing.

Across EU and non-EU Member countries, data governance frameworks and data integration tools are used to support the integration of AI in government at the national level. Nonetheless, the adoption of those instruments is not yet widespread, showing the need for further progress.

AI model fairness can be improved by ensuring training data does not reproduce structural inequalities in society. Moreover, this must be balanced with robust safeguards for data privacy and security. Social security data often includes sensitive personal information, and any use of it for AI must comply with strict legal and ethical standards. This includes clear protocols for using data for training AI models, data handling, anonymisation, and access controls to maintain public trust and protect citizens’ rights while ensuring algorithmic transparency, enabling innovation and improved service delivery. Figure 2.2 shows some of the key components of data governance used to support the integration of AI across participating EU and non-EU Member countries.

Updating data policy to align with broader AI goals requires embedding AI considerations into the data value chain. For example, data collection should ensure data is representative and would not introduce bias to any AI model trained on it. This convergence ensures data governance can be a foundational layer of AI governance.

Leadership plays a role in aligning data and AI strategies, ensuring that reuse of data for trustworthy AI is part of a shared vision. In France, the convergence of data and AI policy is led by the General Administrator for Data, Algorithms, and Source Codes. This new role replaces the Chief Data Officer, ensuring a strong mandate and co-ordination for the intersection of data and AI.

Coherent implementation of data policy is consolidated in Lithuania with a state-managed data space, underpinned by strong legal and data protection standards. In the EU, the Data Governance Act and the Data Act provide a unified framework for data access, sharing, and reuse. Collectively, these models help to facilitate the sharing and use of data by create on environment that is secure, interoperable, and transparent.

Data governance bodies should also be aligned with those overseeing AI implementation. For instance, data stewardship roles should be integrated into AI project teams, and AI ethics boards should include data governance experts. This alignment ensures that decisions about data access, quality, and reuse are made with a full understanding of their implications for AI outcomes.

High-quality data is a prerequisite for AI training and use. Different dimensions of data quality have different impacts depending on the type of model applied to the data (Mohammed et al., 2025[5]). For this reason, in many countries, engaging with stakeholders that capture and handle data is a key part of the national data strategy. On top of this, the data chosen to train the model should be relevant for the intended outcome. As a consequence, data quality does not only depend on technical standards or formats, but on qualitative considerations that will have an impact on the model outputs.

To address the practical aspects of data quality, guidelines and standards have been developed, especially in the field of open data. In Ireland, the Open Data Publishing Guidelines drafted by the Open Data Unit, Department of Public Expenditure and Reform (Lee, 2021[6]) encourage publishers to use international standards to improve interoperability across datasets, for example using ISO 639 language codes or NUTS geographical classification. Italy’s digital agency, AgID, recommends compliance with four data quality characteristics: accuracy (syntactic and semantic), consistency, completeness, timeliness (AgID, 2023[7]).

Finally, the national statistical office of Finland has drafted a Data Quality Framework to help users assess the reusability of public administration datasets, and to help data producers improve the quality of data. The framework is part of Finland’s strategy for AI in public administration. The criteria of the framework are organised in three categories: how well information describes reality (correctedness, accuracy, consistency, currentness, completeness), how the information is described (traceability, understandability), and how the information can be used (portability, user rights, punctuality) (Statistics Finland, 2022[8]).

Semantic consistency is key for AI system to interpret data correctly across various sources. This involves following metadata standards, adopting open and interoperable formats, and using shared vocabularies and ontologies to describe data elements, as mentioned in the OECD Recommendation on Enhancing Access to and Sharing of Data (OECD, 2017[9]). Initiatives such as schema.data.gouv.fr in France or schema.gov.it in Italy illustrate how governments can promote semantic alignment by providing standardised schemas for data sharing and publication, ultimately improving interoperability and reuse of data.

Nonetheless, while data quality guidelines are rigorous, their implementation remains largely voluntary. According to the 2023 OECD OURdata Index, less than half of high-value datasets published by countries include complete metadata or are accessible via APIs, two essential conditions for discoverability and reuse in AI systems. This shows that even for the most critical datasets, gaps in quality and technical accessibility continue to limit their potential for advanced applications. (OECD, 2023[10]). As social security institutions look at how the available data could be used to identify and resolve cases of non-take-up, their efforts will be limited if the datasets are not accessible or discoverable.

Data integration and interoperability frameworks are key enablers of AI in government because they allow public sector organisations to share and reuse data securely and efficiently. These models rely on standardised protocols and common data structures to ensure compatibility across systems. Interoperability frameworks also define rules for data exchange, including authentication, authorisation, and logging, which is essential when handling sensitive information.

Interoperability platforms often include API gateways and data catalogues. For example, the Catalan Interoperability Model provides a governance and technical framework for data exchange across the Government of Catalonia and local authorities. Through the Via Oberta service, administrations can access a Catalogue of Interoperable Data and Documents, provided they adhere to the Framework Agreement on Interoperability (CMI). This model also connects to Spain’s national interoperability platform, the Plataforma de Intermediación de Datos.

Similar approaches exist in other countries. In Finland, the X-Road-based data exchange layer managed by the Digital and Population Data Services Agency enables secure, standardised data transfers between organisations. Connecting to the platform requires strict technical and administrative compliance, including interface contracts and security protocols. Available services are listed in a public API catalogue, ensuring transparency and discoverability. Italy’s Piattaforma Digitale Nazionale Dati (PDND) follows a similar logic, acting as a national interoperability hub that enforces standard APIs and metadata schemas to promote data sharing across administrations.

AI systems can make predictions about data similar to that on which they were trained (OECD, 2022[11]). Resources to train AI models, such as public datasets, are therefore key enablers of AI in government because they provide the foundational data needed to develop accurate, relevant, and effective AI systems. Access to high-quality, representative datasets ensures that AI systems are better aligned with public sector needs and can deliver informed outcomes.

For this reason, training the model with real data is the best way to ensure its accuracy. The best way to do this is within the organisation, with teams that have the specific skills and knowledge about the data, and without risk of providing confidential information to third parties. For example, Austria’s ITSV has developed a product to process healthcare invoices regardless of the format. The AI model powering the product has been trained by workers that used to process invoices manually. Routinely, the software asks users to fill data manually instead of pre-filling it with AI, in order to compare the two results and test the accuracy. Germany’s ADEST has also been trained with the same type of data it analyses in the deployment environment, while manual corrections of predictions by employees are also constantly improving the model.

In Portugal, the beneficiary relationship model with Social Security (Visão 360 and E-clic) is automated, allowing users to request information and clarifications, submit complaints, track the status of requests, and consult previous interactions with Social Security. Currently, answers to requests mentioned above are handled by workers, but the machine is learning with workers in a process of AI the types of responses it can provide automatically in the near future, using the actual reference.

Its Integrated Social Security Risk Management Platform also uses AI as a central part of its strategy for preventing and controlling fraud and irregularities within the system. Through AI-powered machine learning, the system cross-references multiple internal and external data sources, builds risk profiles of beneficiaries and companies, evaluates behavioral indicators, identifies and detects risk patterns/suspicious anomalies, and assigns a risk level. Based on the risk level, appropriate actions are proposed to be done by the services. It acts preventively and predictively. Finally, Portugal’s Social Security Rights Simulator also uses AI to predict future scenarios and social benefits rights based on a citizen's history and specific conditions.

Further, training models on open data is critical to ensure AI transparency. Many EU countries do maintain national open data portals to provide foundational resources for AI training and model development, and national portals are centralised on the European one data.europa.eu. For example, France’s ALLiaNCE initiative also curates high-quality, domain-specific datasets to support public sector AI development. These efforts demonstrate a shared commitment to enabling trustworthy, accurate, and effective AI systems trained on the right data.

The routine and continual testing of AI products at a small scale can help identify issues early on and involve end users in the design, ensuring a successful transition to the deployment stage. For this reason, the OECD AI Principles recommend that governments “consider using experimentation to provide a controlled environment in which AI systems can be tested and scaled-up” (OECD, 2021[12]). In Catalonia, AOC tested the automation of energy poverty reports in three municipalities before scaling up the solution. The German Bundesagentur für Arbeit also involved future users in the development of ADEST, with a representative group of employment agencies across the country running a pilot. Finally, in Finland, Kela’s AI projects are exploratory: instead of seeking to guarantee the outcomes or return on investment (ROI) of these projects, the organisation instead has shifted its mindset towards achieving a ‘return on learning’. This means that each project – regardless of its successful implementation – has value to provide to the organisation, either as lessons to be learnt for future projects or technical component that can be built on or re-used in other projects.

Guardrails are key policy tools that engage with the risk of AI to support its responsible and trustworthy use of AI in government. They include both binding and non-binding measures – such as laws, regulations, standards, oversight bodies, and transparency processes – that help manage risks and ensure AI aligns with legal, ethical, and social values. In the social security sector, guardrails are especially important for protecting users' rights and maintaining public trust. When combined with the right enablers, they help create a safe and accountable environment for the development and deployment of AI across the public sector.

In France and Italy’s social security sector, there is a strong commitment to using AI responsibly and within national and EU legal frameworks. Early efforts – such as ethics charters, audit mechanisms, and structured AI frameworks – are promising, but many guardrails currently remain under development. As AI systems evolve and potentially enter high-risk classifications under the EU AI Act, institutions will need to strengthen safeguards around transparency, bias, and oversight, adapting centrally developed guardrails to the specific context of social security. Alongside the enablers discussed in the previous section, these guardrails will be key to ensuring ethical, trustworthy, and user-centred use of AI.

In addition to legislation, Table 2.6 shows that – while countries are starting to implement the guardrails to ensure the safe and trustworthy use of AI in the public sector – there is still a need for countries to significantly uplift their efforts towards oversight, transparency and accountability in the use of AI.

Legislation around AI in government is essential to ensure that AI systems are used responsibly, ethically, and in alignment with public interest. As governments increasingly adopt AI to improve services, streamline operations, and enhance decision-making, it is vital to establish clear legal frameworks that address issues of accountability, transparency, fairness, and data protection. Legislation also helps set standards for procurement, deployment, and oversight, ensuring that AI systems support democratic values and human rights. It enables governments to lead by example, promoting innovation while safeguarding people from potential risks and misuse of emerging technologies.

The European Union’s AI Act is one of the first comprehensive legislative frameworks for AI. It categorises AI systems by risk level—unacceptable, high, limited, and minimal—and imposes strict requirements on high-risk systems, especially in areas like law enforcement, critical infrastructure, and recruitment. The Act emphasises transparency, human oversight, and accountability, including mandatory documentation, conformity assessments, and registration for high-risk AI. By enforcing these standards, the EU aims to balance innovation with fundamental rights protection, offering a model for responsible AI governance globally.

While AI systems can enhance the delivery of social security, they can also risk posing harm without the right governance, controls, and oversight in place. Social security is therefore one of the specific areas that are highlighted as high-risk under the Act, especially where AI systems are:

“...intended to be used by public authorities or on behalf of public authorities to evaluate the eligibility of natural persons for essential public assistance benefits and services, including healthcare services, as well as to grant, reduce, revoke, or reclaim such benefits and services.”

AI Act, Annex III.5.a (European Union, 2024[13])

This only applies where the AI systems replace or significantly influence the outcome of decision-making on benefits, which could harm the wellbeing and rights of beneficiaries. Article 6.3 clarifies that this does not include other use cases where the AI system is intended to perform a narrow procedural task; improve the result of a previously completed human activity; detect decision-making patterns or deviations from prior decision-making patterns; and is not meant to replace or influence the previously completed human assessment without proper human review; or perform a preparatory task to an assessment relevant for the purposes of the previously-listed use cases from Annex III (European Union, 2024[13]).

Across Europe, countries are already working on implementing the governance required to ensure that their development and use of AI systems is compliant with the obligations of the EU AI Act. For example, Kela – Finland’s social security institution – operates as both a developer and a provider of AI systems, which means that all the Act’s obligations are relevant to them. As such, the institution has implemented a process to evaluate its AI systems that requires its teams to consider the classification, role of Kela, and any additional regulatory considerations when there is a use case that is:

• a new AI system being designed;

• an AI system that is being procured (either standalone or integrated into another solution);

• adding or changing the AI integrated into another solution;

• affected by change in the data the system uses;

• affected by changes in regulation; or

• affected by changes to the model on which the system is based.

To support teams in understanding the obligation of the Act and what it means for their AI use cases, Kela also recommends the teams to use a compliance checker tool.

Ethical frameworks are critical for guiding the responsible use of AI in government, ensuring that systems are fair, transparent, accountable, and respect human rights. Without clear standards, AI risks causing harm through bias, discrimination, or misuse of personal data – particularly within the social security sector. Ethical frameworks therefore act as guardrails, helping public agencies make informed, value-driven decisions while building public trust. They also ensure compliance with laws and support consistent practices across sectors. However, to truly guide the responsible use of AI in government, these guidelines and principles would need to be embedded not only in a wider governance ecosystem, but also in professional practices and daily routines of public sector employees (Fjeld et al., 2020[14]), which is also explored further in Chapter 3 as part of building an AI-ready workforce.

For example, in Italy, AgID has developed a series of guidelines for the adoption of AI in public administration (AGID, 2025[15]). The guidelines state that public administrations may adopt codes of ethics and conducts, on a voluntary basis, to assist them in implementing standards. Austria provides a structured guide on AI ethics and governance, integrating the EU AI Act into its regulatory framework. Lithuania has established clear principles for AI in the public sector, focusing on transparency, openness, and public participation. Sweden has developed guidelines specifically on generative AI, covering areas such as data protection, ethics, and labour law. France’s ALLiaNCE ethics hub offers structured guidance based on transparency, fairness, and human oversight. Slovenia ensures accessibility of AI commitments to all public sector employees. Portugal integrates AI ethics into public administration modernisation efforts. Ireland aligns with EU and OECD principles, offering structured guidelines for responsible AI use. While some countries focus on regulatory oversight, others encourage better transparency, accessibility and ethical use through a principle-based approach. This is the case with the Government of Canada, which has established a series of principles for the use of AI in government, including a guide on the use of GenAI (Treasury Board of Canada Secretariat, 2025[16]).

As discussed in Chapter 1, one example of ethical standards in the social security sector is the German federal employment agency’s (BA) AI vision, with its seven guiding principles (see Box 1.3) that form part of its ethical framework and standards for AI, setting the expectation that AI systems should focus on people, autonomy and control, security, reliability, data protection, transparency, and fairness. The BA’s AI guiding principles are connected to the internal guideline for data ethics, that extends beyond AI implementation.

Focusing more on the responsible use of data, Finland’s Kela has adopted a tool developed by the University of Utrecht (2025[17]) – the Data Ethics Decision Aid – to guide its employees through an ethical assessment of AI systems based on:

• Collaborative team evaluation: through structured discussions in the solution development team.

• Multidisciplinary approach: including with technical experts, legal advisors, and business representatives. Ideally, customers or end-users will participate as well.

• Guided self-assessment: through which teams must reach conclusions through informed dialogue rather than predetermined answers.

• Documented outcomes: in a final report with recommended next steps and assigned responsibilities.

These two examples from the social security sector therefore highlight the need to set both the guiding principles for employees to follow, but also on how to consider how these principles are embedded into processes so that the remain front-of-mind and something that is practiced in their work every day.

Compliance audits are vital for ensuring that AI initiatives in government follow laws, ethical standards, and best practices. They help identify risks such as bias, data misuse, or lack of transparency, and ensure accountability throughout the AI lifecycle. Regular audits act as guardrails by verifying that systems operate as intended, uphold public values, and do not inflict harm. They also build trust, improve system performance, and support continuous improvement. By holding agencies accountable, compliance audits help ensure AI is used responsibly, legally, and ethically — making them a key safeguard for trustworthy AI in the public sector. However, perhaps indicating the early stages of deployment of AI systems in the social security sector, the practice of regular audits is very low.

Amongst those that do, Hungary has implemented a structured audit framework, with the Hungarian Competition Authority (GVH) and the AI Act mandating regular assessments of AI systems, transparency measures, and liability frameworks. High-risk AI systems undergo independent evaluations, and institutions like Eötvös Lóránd University (ELTE) provide training for public sector employees on how to conduct these audits. Ireland integrates AI audits into its standard government oversight mechanisms, with internal audits complemented by reviews from the Comptroller & Auditor General. Finally, France’s ALLiaNCE investment committee conducts periodic reviews of AI projects but focuses on impact indicators and ethical alignment rather than formal audits at the time of drafting this report.

These regular audits are important particularly in the social security sector, as without strong human oversight, there is a risk of errors and the denial of benefits to eligible beneficiaries. For example, in Serbia, a semi-automated process was implemented to assess eligibility for the Social Card and reduce the administrative burden on applicants to provide extensive documentation. However, the algorithmic decision-making was often using inaccurate or incorrectly classified data, which affected access to social protection – particularly vulnerable groups. Social workers did not have sufficient training or literacy to understand how to use the system, which meant that decisions were often deferred wholly to the automated process, rather than to use it as an aid to support their own assessment (Amnesty International, 2023[18]). In examples such as these, regular audits would help to identify breakdowns in processes or gaps in human oversight.

Independent oversight by external bodies or experts is crucial to ensure objectivity, transparency, and accountability in government AI initiatives – both with independent audits and self-auditing as part of organisational monitoring and oversight. It provides a neutral check on potential risks like bias, misuse, or lack of fairness, which internal teams may overlook. External reviewers can offer diverse perspectives, validate compliance with ethical and legal standards, and enhance public trust. This oversight acts as a key guardrail by preventing conflicts of interest, encouraging responsible innovation, and ensuring that AI serves the public interest. Ultimately, it helps maintain integrity and accountability in the use of AI across the public sector.

Across the EU, countries have adopted different approaches to independent oversight of AI in government, using a combination of external bodies and experts to ensure compliance and ethical governance. France will designate multiple authorities – like the CNIL (Commission nationale de l’informatique et des libertés), DINUM (Direction interministérielle du numérique), and ARCOM (Autorité de régulation de la communication audiovisuelle et numérique) for example – to safeguard fundamental rights under the EU AI Act, ensuring AI systems align with ethical and regulatory standards. Hungary’s AI Coalition, formed by the Ministry of Innovation and Technology, includes government institutions, academics, and industry experts to oversee AI development and implementation. Ireland has established a distributed model, assigning sectoral regulators to enforce the EU AI Act, with additional authorities designated for comprehensive oversight. These approaches are adapted to their national contexts but all aim to balance innovation with accountability and safety when it comes to the use of AI in the public sector.

Transparency measures are essential to ensure accountability and public trust in government use of AI, especially the disclosure of the use of AI or of AI-generated content, use of data, and how AI tools have been developed. They help users understand when and how AI is being used, allowing for informed engagement and scrutiny. Without transparency, Decision made or supported by AI may appear secretive or unaccountable, risking misuse or loss of public confidence. Clear disclosure promotes responsible use, highlights limitations, and enables oversight. This should therefore also include documented evidence of the performance and findings of the audits highlighted in the previous section.

As a key guardrail, transparency ensures that AI supports open, fair, and democratic governance, reinforcing the principle that government technologies should always serve and be answerable to the public. While the rate of adoption is still low, the data indicates that countries are equally focused on this, with 41% of participating EU Members and 28% of participating non-EU Members with transparency measures in place.

For example, Hungary mandates transparency through its implementation of the AI Act’s requirements, requiring regular audits, liability frameworks, and independent assessments for high-risk AI systems. Ireland integrates AI transparency within the GDPR framework, ensuring compliance with data protection laws and requiring clear disclosure of AI-generated content. Sweden’s Förtroendemodellen serves as a self-assessment tool to maintain openness in public administration, ensuring AI applications adhere to ethical and regulatory standards. France encourages public agents to disclose AI usage, particularly in communications and official documents intended for stakeholders. Finally, Finland is developing an AI labelling concept to enhance transparency, alongside established AI guidelines.

Without transparency on how AI functions data is being used, there is a risk of undermining the efforts by the social security sector to use AI for good. For example, in the United Kingdom, an AI system was implemented to screen and prioritise large volumes of correspondence received by the Department of Work and Pensions. Serious concerns were raised over a lack of public consultation and transparency over the use of the system, but also over the measures that the Department was taking to protect sensitive personal information contained in the correspondence (Amnesty International, 2025[19]; Booth, 2025[20])

Accountability frameworks are crucial to ensure that government agencies take responsibility for the outcomes of AI systems, including errors, misuse, or harm. They define who is answerable for decisions made or influenced by AI, ensuring there is recourse when things go wrong. Without accountability, it is difficult to correct mistakes, learn from failures, or maintain public trust – particularly when made public. These frameworks act as guardrails by setting clear roles, responsibilities, and consequences, encouraging careful design, oversight, and ethical use of AI. Ultimately, they help ensure that AI in the public sector remains transparent, fair, and aligned with public interest. Despite this, the data shows very low levels of these in place, with only 23% of participating EU Members and 17% of participating non-EU Members with these frameworks in place.

For example, France’s ‘Paris Charter on AI in the Public Interest’3 emphasises safeguards against AI-related harms, ensuring compliance with international human rights law and promoting transparency. The country’s ‘evaluation grid’ for AI proposals also emphasises clear roles and responsibilities, the ability to deactivate AI tools, and human oversight at all times. Hungary’s AI strategy integrates accountability through the AI Coalition, which includes government institutions, academics, and industry experts to oversee AI development and prevent misuse. Ireland has launched an “AI Standards and Assurance Roadmap”, aligning with the EU AI Act to ensure responsible AI deployment. Additionally, the country has designated nine national authorities to safeguard fundamental rights, reinforcing accountability through independent oversight.

Particularly in the social security sector, there is a risk of diminishing public trust and causing harm where this accountability is not in place. For example, an algorithmic risk classification model was implemented in the Netherlands to detect fraudulent claims for childcare benefits, which created risk profiles higher chances of fraud for applicants based on factors like nationality and simple errors (e.g. missing signature on a document). The system was also to be funded by the funds reclaimed from fraudulent claims, which allegedly incentivised the authorities to processes as many instances of supped fraud as possible. As a result, tens of thousands of parents and caregivers lost their benefits, which led to a scandal that led to the Dutch Cabinet to be dissolved in 2021 (Amnesty International, 2021[21]). A strong accountability framework would help to ensure that issues such as these are avoided in future by ensuring that the proper checks and balances are in place prior to a systems implementation, but also that the accountability for such decisions is clear when issues do arise.

Data security principles are a fundamental guardrail for the responsible deployment of AI in the public sector, ensuring that the integrity, confidentiality, and availability of sensitive information are preserved. Government agencies often manage vast datasets containing personal, financial, and national security information, and its misuse or unauthorised access could have profound consequences.

Data security has various component beyond technical implementation, including risk management protocols, risk assessments, and compliance with relevant laws. However, this is an area where it appears that the EU needs to focus its efforts, as only 32% of participating EU Members reported having specific standards or protocols in place, as opposed to the 33% of participating non-Members who did report having these in place. This might also be an indication that the Members rely exclusively on the EU’s General Data Protection Regulation (GDPR) to set the approach to data security and privacy in their national contexts. This is clear in France, which prioritises GDPR compliance, data minimisation, and the use of SecNumCloud-certified infrastructure to ensure secure AI deployment. Ireland similarly aligns its AI policies with EU and OECD principles, embedding privacy-by-design frameworks and robust data governance mechanisms. While more specific to AI, Sweden’s guidelines for generative AI emphasise responsible AI use in public administration, covering areas such as data protection, ethics, and compliance.

Meaningful engagement with diverse stakeholders is critical to the responsible use of AI in the social security sector. This could include user research (including surveys, interviews, focus groups and user journey mapping), user testing (including usability, simulation testing, A/B testing and feedback mechanisms), and other user engagement mechanisms like participatory design workshops and public consultations on the use of AI.

As AI technologies increasingly influence decisions that affect people’s lives, involving users, affected communities, experts, civil society, and other public bodies helps ensure systems are transparent, fair, and aligned with societal values. Early engagement fosters trust, enhances legitimacy, and enables a deeper understanding of potential risks, particularly for vulnerable groups. It also supports better policy design by incorporating a wide range of perspectives, helping to identify challenges, prevent bias, and ensure AI systems in social security are inclusive, accountable, and human-centred.

In France and Italy’s social security sector, AI engagement efforts have largely focused on internal users, with promising practices such as pilot testing, user surveys, and training. The social security institutions in both countries have each taken steps to involve staff in evaluating and shaping AI tools. However, engagement across the full AI lifecycle—particularly with external users and affected communities—remains limited. As AI pilots expand, there is an opportunity to formalise more inclusive engagement practices, supported by a clear communication strategy. Broader consultation with civil society, experts, and other government bodies could also help address issues like non-take-up and inform scalable, user-centred solutions.

However, this is not unique to the social security sector in these countries. Table 2.7 shows that engagement with different actors in the development of AI policies and use cases of AI in the public sector is generally low everywhere. A more consistent approach is therefore needed to engage users at all stages of the design and development of AI systems to build trust and ensure that the systems are effective.

Engaging with other public sector organisations is important to ensure a co-ordinated, consistent, and effective approach to developing AI enablers and guardrails. It promotes the sharing of knowledge, resources and best practices, helping to avoid duplication and fragmented efforts. Collaboration ensures that standards, policies, and ethical frameworks are aligned across agencies, making AI systems more interoperable and trustworthy, which is key to sharing and integrating data that could enable AI systems to be used in more targeted ways to address the issue of non-take-up. It also strengthens collective capacity and fosters a culture of responsible innovation. By working together, governments can build stronger, more effective and cohesive AI. As such, public sector organisations have the highest rate of engagement with 82% of participating EU Members and 89%all participating non-Members reporting to engage with these actors.

EU Members, in particular, have adopted a range of approaches to engaging public sector organisations in the development and deployment of AI. Lithuania’s GovTech Lab is a structured, innovation-driven model, using sandbox environments and co-creation programmes that is used to engage multiple public bodies in testing AI solutions. Finland and Sweden favour more agency-driven approaches, with networks guiding sectoral exploration of AI. France involves ministries directly into AI development through the ALLiaNCE incubator, co-ordinated by DINUM, while Slovenia employs a broad, inter-ministerial governance framework under the Ministry of Digital Transformation to foster systemic co-ordination. These practices illustrate a shared recognition of the need for active public sector involvement in AI governance but vary in structure—from centralised co-ordination to bottom-up innovation ecosystems—depending on institutional context and strategic maturity.

Engaging civil servants is essential when developing and implementing AI enablers and guardrails because they will typically have high rates of using, managing and being impacted by AI systems. Their insights help ensure that AI tools are practical, user-friendly, and aligned with real public service needs – especially from being in the frontline delivery of social protection. Involving them early builds understanding, trust, and ownership, reducing resistance and promoting responsible use. It also helps identify risks, gaps, and training needs. By including civil servants in the process, governments can design more effective and user-friendly AI systems that truly support public sector goals, as well as the checkpoints necessary to ensure that its use is ethical. As such, the data shows that the rate of engagement with these actors is high, with 55% of participating EU Members and 78% of participating non-EU Members engaging civil servants in the development of AI policies and use cases.

For example, France’s ALLiaNCE programme has a user-centred approach that embeds civil servants as ‘intrapreneurs’ who co-design and test AI solutions, supported by tools such as La Suite Numérique. Austria’s AI Policy Forum enables inter-ministerial collaboration, creating a platform for dialogue and shared implementation of AI initiatives, including alignment with the EU AI Act. Finland provides structured, multilingual guidance to civil servants on generative AI, ensuring clarity and consistency across the public administration. Finally, Ireland and Portugal apply practical engagement through pilot projects and participatory governance processes. Collectively, these practices underscore the importance of equipping civil servants with both strategic insight and operational tools for AI. An example of these tools is the strong investment in training and software licensing ‘Copilot-IA’ provided by Social Security in Portugal, so that workers can take advantage and adapt these tools to their daily work, in order to perform their tasks faster and more efficiently.

Engaging end users is crucial when developing AI enablers and guardrails to ensure the systems meet real needs, are easy to use, and function fairly and effectively. End users can provide valuable feedback on potential risks, usability issues, and unintended impacts. Their involvement helps build trust, improves system design, and ensures AI tools support—not hinder—public service delivery. Including their perspectives also promotes transparency and accountability. Ultimately, engaging end users leads to more practical, inclusive, and responsible AI systems that better serve the public and align with shared values. Despite this, the rate of engagement with users is amongst the lowest, with 36% of participating EU Members and 56% of participating non-Members engaging them in the design and development of AI systems – though this could be an indicator also that the majority of current AI use cases in the public sector are still in pilot stages and may still be focused on internal testing processes for now. However, it should be noted that it is key to engage users at every stage to ensure AI systems meet their needs and expectations, including during the identification, design, development, testing, and monitoring of solutions.

Amongst those who do have practices in place to engage service users, Germany’s BA involves users from the preliminary stages of the development of ADEST. The AI models have been trained by in-house specialists, and internal documentation on how the system has been trained has been made available. The pilot solution went through a series of iterative tests with several local employment agencies across the country, and continuous feedback was gathered during the initial phase of the project. To enhance transparency within the organisation, the AI team collected data on the perception and understanding of ADEST, to identify how to better support users.

France also incorporates user feedback through interviews and iterative design processes during early project phases to ensure solutions meet real-world needs. Portugal engages users through participatory platforms like Participa.gov.pt, enabling public input on national AI initiatives. These models highlight the growing recognition that public trust and usability are critical to the successful use of AI.

Engaging the broader ecosystem—including the private sector and civil society—is vital to developing effective AI enablers and guardrails in government. These stakeholders offer diverse expertise, innovation, and perspectives that help identify risks, address ethical concerns, and ensure responsible use. The private sector contributes technical knowledge and tools, while civil society ensures that public values, rights, and inclusivity are prioritised. Collaboration fosters transparency, accountability, and public trust. By involving the broader ecosystem, governments can create more balanced, forward-looking AI policies and systems that reflect societal needs and promote safe, ethical, and effective use of AI in the public sector. Despite this, the data shows lower levels of engagement with these actors, with 64% of participating EU Members and 56% of non-Members reporting to involve these sectors in the process.

However, there are examples in the EU of countries engaging the broader AI ecosystem—comprising the private sector, civil society, and research institutions—to foster innovation, accountability, and trust in public sector AI. Belgium’s AI4Belgium functions as a comprehensive multi-stakeholder ecosystem, facilitating ongoing collaboration between public authorities, industry, civil society, and international partners. In Sweden, the National AI Commission offers a structured, consultative platform that brings together diverse stakeholders to inform national strategy. France integrates startups, research institutions, and open-source contributors into AI development, supporting both technical progress and ethical oversight. Czechia and Hungary promote ecosystem engagement through strategic advisory bodies and cross-sectoral co-ordination mechanisms. Finally, Ireland encourages collaboration through applied experimentation and multi-actor engagement in its AI proof-of-concept projects. Collectively, these approaches highlight the importance of ecosystem participation in ensuring that public sector AI is innovative, inclusive, and aligned with societal values.

Engaging with cross-border actors—such as other governments, multilateral organisations, and international expert bodies—is also essential for fostering responsible, interoperable, and secure use of AI in the public sector. Collaborative engagement enables the alignment of regulatory approaches, the exchange of technical tools and policy best practices, and the development of shared governance frameworks. It also facilitates access to international research networks, capacity-building initiatives, and joint infrastructure investments. In a rapidly evolving technological landscape, cross-border co-operation strengthens resilience, mitigates fragmentation, and supports the development of trustworthy AI systems that are consistent with democratic values and international legal standards. However, these actors receive the lowest overall rate of engagement, with 32% of participating EU Members and 39% of participating non-EU Members engaging beyond their borders on the development of AI policies and use cases.

However, many opportunities exist across the EU for this kind of engagement. For example, the European High Performance Computing Joint Undertaking (EuroHPC JU) is a joint initiative between the EU, European countries, and private partners, to develop supercomputing infrastructure and support research. EuroHPC JU will give universities and SMEs access to powerful infrastructure for algorithmic development, at a low cost. Additionally, EU funding mechanisms – like the Digital Europe Programme, for example – is aiming to bring together consortia of EU Member countries to work together on the development of shared AI solutions (European Commission, 2025[22]). Finally, networks like the European Social Insurance Platform help to bring social security institutions together to share experiences, develop shared approaches, and to identify opportunities for collaboration.

[15] AGID (2025), Intelligenza artificiale, https://www.agid.gov.it/it/ambiti-intervento/intelligenza-artificiale.

[7] AgID (2023), Linee Guida recanti regole tecniche per l’apertura dei dati e il riutilizzo dell’informazione del settore pubblico, https://www.agid.gov.it/sites/default/files/repository_files/lg-open-data_v.1.0_1.pdf (accessed on 24 June 2025).

[19] Amnesty International (2025), Too much technology, not enough empathy, https://www.amnesty.org/en/documents/eur45/9478/2025/en/ (accessed on 17 September 2025).

[18] Amnesty International (2023), Serbia: Trapped by automation: Poverty and discrimination in Serbia’s welfare state, https://www.amnesty.org/en/documents/eur70/7443/2023/en/.

[21] Amnesty International (2021), Xenophobic machines: Discrimination through unregulated use of algorithms in the Dutch childcare benefits scandal, https://www.amnesty.org/en/documents/eur35/4686/2021/en/.

[20] Booth, R. (2025), ‘Serious concerns’ about DWP’s use of AI to read correspondence from benefit claimants, https://www.theguardian.com/society/2025/jan/27/dwp-ai-whitemail-benefit-claimants-applicants.

[22] European Commission (2025), Digital Europe Programme - Call for proposals, https://ec.europa.eu/info/funding-tenders/opportunities/docs/2021-2027/digital/wp-call/2025/call-fiche_digital-2025-ai-08_en.pdf.

[13] European Union (2024), Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 an, http://data.europa.eu/eli/reg/2024/1689/oj.

[14] Fjeld, J. et al. (2020), “Principled Artificial Intelligence: Mapping Consensus in Ethical and Rights-Based Approaches to Principles for AI”, SSRN Electronic Journal, https://doi.org/10.2139/ssrn.3518482.

[6] Lee, D. (2021), data.gov.ie Open Data Publishing Guidelines, https://data.gov.ie/guidelines/index.html (accessed on 24 June 2025).

[5] Mohammed, S. et al. (2025), “The effects of data quality on machine learning performance on tabular data”, Information Systems, Vol. 132, p. 102549, https://doi.org/10.1016/j.is.2025.102549.

[1] OECD (2025), Governing with Artificial Intelligence: The State of Play and Way Forward in Core Government Functions, OECD Publishing, Paris, https://doi.org/10.1787/795de142-en.

[10] OECD (2023), “2023 OECD Open, Useful and Re-usable data (OURdata) Index: Results and key findings”, OECD Public Governance Policy Papers, No. 43, OECD Publishing, Paris, https://doi.org/10.1787/a37f51c3-en.

[11] OECD (2022), “OECD Framework for the Classification of AI systems”, OECD Digital Economy Papers, No. 323, OECD Publishing, Paris, https://doi.org/10.1787/cb6d9eca-en.

[12] OECD (2021), “State of implementation of the OECD AI Principles: Insights from national AI policies”, OECD Digital Economy Papers, No. 311, OECD Publishing, Paris, https://doi.org/10.1787/1cd40c44-en.

[4] OECD (2019), The Path to Becoming a Data-Driven Public Sector, OECD Digital Government Studies, OECD Publishing, Paris, https://doi.org/10.1787/059814a7-en.

[9] OECD (2017), Recommendation of the Council on Enhancing Access to and Sharing of Data.

[2] OECD (Forthcoming), “2025 OECD Digital Government Index”, OECD Publishing, Paris.

[3] OECD (unpublished), Gap Analysis Report - Using AI to tackle the non-take-up of social benefits in France and Italy.

[8] Statistics Finland (2022), The National Data Quality Criteria and Indicators, https://stat.fi/media/uploads/org/tilastokeskus/tiedonlaatu/data_quality_criteria_and_indicators.pdf (accessed on 24 June 2025).

[16] Treasury Board of Canada Secretariat (2025), Microsoft Copilot for Work (Web Browser Chat Based Application) Policy Implementation Notice, https://www.canada.ca/en/government/system/digital-government/policies-standards/microsoft-copilot-for-work-policy-implementation-notice.html.

[17] Universiteit Utrecht (2025), De Ethische Data Assistent (DEDA), https://deda.dataschool.nl/.