Governance in the whole system
Estimated read time: 7 minutes
Governance can’t stay remote
When delivery speeds up and teams become more fluid, governance cannot remain static or remote. In the public sector, ‘governance’ isn’t a technicality – it’s how democratic accountability, legal compliance, and ethical oversight show up in practice. So it needs to evolve in step with AI-assisted delivery to cover the whole system of service delivery, end-to-end and top-to-bottom: from code quality and day-to-day delivery all the way up to ministerial intent and public legitimacy.
Fast, AI-enabled delivery won’t succeed if approvals, audits, funding decisions, and policy alignment still operate on six-month or annual cadences. And the challenge is no longer only “teams can ship faster”. It’s that more of the team can now ship safely. When policy, ops, analysis and content can all express intent as runnable code, governance has to sit inside multidisciplinary work: continuous, not episodic.
From sign-off to a trail
So we need to move away from governance as periodic gatekeeping towards governance as ongoing collaboration – not as a softer version of assurance, but as a more practical one. Agile already pushed us in this direction, but AI assistance makes it unavoidable. When teams can iterate in hours, a distant sign-off becomes both bottleneck and risk: you can ship multiple iterations before the next governance set-piece. The only workable pattern is for those functions to be represented within or alongside the team from the start.
This is also the most pragmatic way to protect senior accountability in an AI-assisted world. When the cadence speeds up, the old model doesn’t produce certainty; it produces theatre – confidence manufactured through paperwork while the real risk sits in what nobody has looked at. Continuous governance gives leaders something better than reassurance: a live view of exposure, evidence, and risk. It replaces “sign-off as a moment” with “confidence as a trail”.
Governance moves left
In practice, that means the whole system is present in the room – physical or virtual – where decisions are made. This is multidisciplinary work in its fullest sense: delivery and legitimacy, side by side. Policy, legal, security, finance and operations don’t hover outside the team as occasional sign-offs; they work alongside delivery, continuously. When the team is shaping an improvement, the policy lead can clarify the intent (“what Parliament intended here is X”) and help turn it into testable criteria. And when an AI-generated change touches personal data, privacy and security concerns can be flagged – and mitigated – before anything goes live. Done well, this doesn’t slow teams down; it removes rework and waiting – and if your team already enjoys these ways of working, AI assistance simply lets you go further, faster.
But governance also has to “move left” into the machinery. If more people can produce deployable code, then quality can’t depend on individual heroics or after-the-fact review. Guardrails have to live in defaults: the platform, the pipeline, the component library, access controls, feature flags, and patterns for prompting and testing. In other words: governance becomes something you do through the system, not something you attend in a meeting. There’s a close cousin here in terms of AI safety too: if responsibility isn’t built into the work, it doesn’t exist, it just turns up later as harm.
Conditions for telling the truth
The leadership task in a high-speed medium is not to demand launch. It is to create the conditions where teams can tell the truth. That means rewarding the call that something isn’t ready. It means asking for evidence, not theatre. It means funding capability, not squeezing headcount. And it means treating “no” and “not yet” as part of responsible pace, not obstruction.
Policy as something you can run
Whole-system governance also recognises the political context. Public sector products do not exist in a vacuum; they operate in a landscape of ministers, policies, and public opinion. In a rapid development environment, teams can pivot quickly to emerging ministerial priorities or urgent user needs – but doing so responsibly requires tight coupling with the policy-making side, who should also be working with these tools. Governance here is not just “compliance” but alignment: ensuring the service reflects legitimate policy goals and that policymakers understand the trade-offs and evidence coming back from the service.
And the opportunity is bigger than faster implementation. If we can prototype services at pace, we can also prototype policy: building simulations and decision engines with levers you can pull, assumptions you can inspect, and models you can adjust – instead of trying to compress complexity into twenty slides. That opens up a different kind of conversation between policy and delivery: not “here is the deck”, but “here is the engine – here are the choices, here is what we think happens, do you want to explore it and leave your feedback?” This is the time to deliver on the promise of rules as code.
Political leadership needs to be kept informed and that cadence should increase. They may not want daily updates on prototypes, but they will benefit from engaging with Show and Tells, and seeing what the team has tested, what has been learned, and what the models assume. In turn, political decisions – like changing an eligibility rule – can be modelled and then implemented and trialled in near-real-time. But that requires trust from governance bodies that speed won’t create chaos or injustice, and confidence that the modelling is transparent, testable, and grounded in evidence. Building trust has always been a critical part of the job. The non-negotiable question now is whether we are setting a higher bar for trustworthiness as we go faster.
Shared fluency, shared legitimacy
Another pillar of whole-system governance is shared digital fluency. When policy, legal, finance, and other partners are intertwined with delivery, it helps enormously if they have a working grasp of digital concepts and AI capabilities. And it works the other way too: delivery teams need fluency in risk, law, operational reality, and public value. This is a cultural exchange: the AI-assisted future works best when everyone has some of each other’s literacy. Training and cross-pollination matter – short rotations, shadowing, joint reviews, shared exposure to data and decisions – so that when people come together to govern a fast-moving project, they can speak a common language.
Governance in a vibe-coded world stops being a separate layer that periodically scrutinises the work, and becomes part of how the work is done every day. It’s governance as an activity rather than an event: automated checks in delivery pipelines; multidisciplinary workshops that set guardrails and success criteria; and transparency about what’s being built and learned. Whole-system governance means speed doesn’t cut corners, because the people responsible for those corners are in the room when decisions are made, not invited in afterwards.
The paradox is that smart governance doesn’t slow delivery; it enables it. Clear guardrails, explicit thresholds for scaling, and honest evidence give teams permission to move quickly without becoming reckless. That is how we keep speed honest – and why governance has to live inside the work, not outside it. It’s delivery and oversight working hand in hand, so speed serves legitimacy, and legitimacy serves better, safer outcomes for the public.