Back to Blog
Public Sector

Agentic AI for UK Government Procurement: Act 2023 Alignment

James Reed|April 26, 2026|10 min read

Key Takeaways

  • -The Procurement Act 2023 raises the bar on auditable, defensible supplier decisions in UK public sector procurement.
  • -Agentic AI makes the evidence trail a by-product of the decision, not a separate reporting exercise.
  • -G-Cloud and DASA are the practical routes for public buyers to procure UK-hosted agentic AI tooling.
  • -Security posture — SOC 2, Cyber Essentials Plus, ISO 27001, NHS DSPT — is a prerequisite, not a differentiator.

The Procurement Act 2023 changed the shape of the question a UK public sector buyer has to answer when they place an order. The older regime asked whether the process had been followed. The newer regime asks whether the decision was defensible, which is a harder question because it pushes the burden of proof onto the substance of the supplier selection rather than the ceremony around it. Agentic AI is relevant here for a specific reason: it produces the substance as a by-product of doing the work. This post explains how, with honest attention to the security and framework requirements public buyers have to hold in mind.

Public sector procurement in the UK has always been auditable in principle. Frameworks were followed, notices were published, contracts were awarded with written justification. What the Act does is tighten the relationship between the justification and the underlying reality. A statement that a supplier was selected on best value is now expected to be backed by evidence that the value was actually compared against the market at the time of decision. A statement that a supplier was not sanctioned is expected to be backed by evidence of when the check was run and what list it was run against. A statement that the carbon cost was considered is expected to be backed by a number, not an assertion.

This is where the architectural shape of the tooling matters. A system that runs sanctions checks, price comparisons, and carbon calculations manually, one screen at a time, produces a paper trail that is only as complete as the buyer remembered to make it. A system that runs those checks automatically, in parallel, as part of answering the buyer's question, produces a complete paper trail by default. The evidence is not an extra step at the end. It is the output of the step the buyer was already taking.

The Act also pushes on transparency. Contract award decisions above threshold are expected to be explainable in terms that a third party could follow. Agentic systems make this easier because the reasoning is explicit: each specialist agent returned a verdict, each verdict cited a source, the fusion layer combined them using documented weights, and the recommendation sits on top of that stack. A buyer asked to explain a decision six months later does not have to reconstruct their thinking. They have to open the record.

A practical point for public buyers is that the Act does not prescribe a tool. It describes an outcome: defensible decisions with evidence attached. Any tool that produces that outcome is admissible. The reason agentic AI is worth considering is not that the Act requires it, but that it is a shape of tool that produces the outcome naturally rather than through discipline. Disciplined spreadsheet use can produce an audit trail. Agentic systems produce one whether the buyer is disciplined or not, because the trail is the primary artefact.

G-Cloud is the most practical route for public buyers to access this class of tooling. The framework is designed for cloud software procurement, the catalogue is searchable, and the legal pre-work is largely done. A public buyer looking for agentic AI procurement tooling through G-Cloud should check for UK data residency, the presence of security certifications appropriate to the classification of data involved, and a clear description of the agent architecture rather than a generic AI label. WYRM Sentinel is being positioned for G-Cloud availability with those criteria in mind, because the framework is where the procurement actually happens.

DASA, the Defence and Security Accelerator, is the other route worth knowing about. DASA supports innovation procurement in defence and security contexts, and agentic AI for supply chain intelligence has a clear fit where the buyer needs to reason across sanctions, sensitive routing, and supplier integrity at pace. The DASA route is different in character from G-Cloud: it is competition-led rather than catalogue-led, and the deliverable is typically a proof of concept that is then scaled through a follow-on contract. For suppliers, DASA is an early-stage engagement route. For buyers, it is a way to trial tooling on a contained brief before committing to a framework purchase.

Security posture is a prerequisite for any serious engagement with UK public sector procurement, not a differentiator. The realistic baseline is Cyber Essentials Plus for the lighter touch engagements, ISO 27001 for the general enterprise tier, SOC 2 for international credibility, and NHS DSPT where the workload touches health data. These are not interchangeable and a supplier that waves a single certification at all four contexts is signalling that they have not read the room. The right approach is a trajectory: publish which certifications are held, which are in progress with a target date, and which apply to which product surface. WYRM Sentinel publishes this on its trust page and treats it as a living document rather than a marketing asset.

Data residency is a specific point worth separating from the general security conversation. UK public sector buyers increasingly ask not just whether the data is encrypted but where it physically sits and under whose jurisdiction it can be compelled. Agentic systems that route reasoning through foreign language-model providers without a UK processing option create a jurisdictional question the buyer may or may not be willing to answer. The cleaner architecture is UK-resident by default, with EU residency available on enterprise plans for buyers with European operations, and a documented processing path for the cases where an external model provider is invoked.

A concrete scenario helps ground this. A local authority procurement team is selecting a supplier for concrete for a framework of small-works projects. Concrete is not CBAM-in-scope in the same way cement is, but cement is a major input. The buyer needs to confirm the supplier is not sanctioned, that the price is defensible against market benchmarks, that the cement content has a documented embedded carbon profile, that the supplier is financially stable enough to carry a multi-year framework, and that the decision can be published in a transparency notice in a form the authority's legal team will sign off. Running that set of checks manually across ten candidate suppliers is a week of work. Running it through an agentic system, with the specialist agents invoked in parallel, takes under an hour and produces an evidence pack per supplier that the transparency notice can cite directly.

The question of what to do when the agentic system and the buyer disagree is worth addressing head-on. Public sector buyers are not expected to follow a recommendation blindly; they are expected to make a decision and own it. The value of the agentic system is that it makes the disagreement visible. If the system recommends supplier A on the composite score and the buyer selects supplier B for reasons that sit outside the scored dimensions — local economic considerations, social value weighting, a specific operational requirement — the record shows the machine recommendation, the human decision, and the stated reason. That is a stronger audit artefact than a selection with no machine counterpoint, because the reasoning is explicit rather than implied.

For a central government procurement function considering a pilot, the shape of a sensible engagement is a bounded category over a defined period. Pick a category where the current tooling is visibly straining: something with sanctions exposure, a volatile underlying commodity, or CBAM-in-scope goods. Run the existing process and the agentic process in parallel for a quarter. Compare the evidence packs side by side, measure the time to decision, and check whether the agentic record would have satisfied the internal audit on its own. That is a cheap experiment and it produces a defensible answer about whether to proceed to framework purchase.

WYRM Sentinel is built for this environment. The nine-agent architecture covers the dimensions a public buyer has to consider, the evidence trail is the primary deliverable, UK data residency is the default, and the security trajectory is published. The Procurement Act 2023 is not a marketing hook; it is a design constraint that the product respects. Public buyers evaluating agentic AI for procurement should hold any candidate tool to that standard, ask to see the evidence pack on a real question, and satisfy themselves that what they are buying produces the outcome the Act actually asks for. The short version is that the Act rewards systems that show their working, and agentic AI is a system that shows its working by construction.

All Posts