GenAI in the public sector: two interesting default prohibitions (Ireland and the Netherlands)

Nadia Piet & Archival Images of AI + AIxDESIGN / https://betterimagesofai.org / https://creativecommons.org/licenses/by/4.0/. A red-toned illustration shows a man's head surrounded by swirling AI icons, with small, mischievous witch-like figures flying around him. The man's expression appears disoriented and fatigued, symbolizing the mental overload caused by the overwhelming flood of AI tools and news. The witches represent the chaotic, cackling nature of rapid AI developments, adding to the sense of dizziness and confusion.

We are getting so used to the hype around generative AI (GenAI) that it may seem like we are on the verge of it being used for all purposes, everywhere, all the time. There is significant pressure on public sector organisations, in particular, not to miss the opportunity to reap its (expected, presumed) benefits.

However, GenAI comes with many challenges and risks, especially when we talk about free to use, generally available GenAI models. This is not sufficiently understood or recognised and most of the conversations I have on GenAI use with public sector leaders and procurement officials tend to quickly reach an awkward moment where I pop the bubble by stressing those risks and ranting about why I think GenAI should not just be used as is offered off the shelf (or at all, for public sector activities that need to comply with strict requirements of good administration and factuality).

In the context of public sector AI adoption, the widespread availability of these tools poses a significant governance challenge and I think we are just a bad decision away from a potentially very significant scandal / problem. The challenge comes from many directions, but especially through the embedding (or slipstreaming) of AI tools into existing systems and software packages (AI creep) and access by civil servants and public sector employees through free to use platforms (shadow AI).

Given this, I have been glad to see that two recent pieces of guidance on public sector AI use have clearly formulated the default position that non-contracted / generally available GenAI should not be used in the public sector and that exceptional use should follow a careful assessment and many interventions to ensure compliance with rightly demanding standards and benchmarks.

The Irish Guidelines for the Responsible Use of AI in the Public Service (updated 12 May 2025), building on an earlier 2023 recommendation of the Irish National Cyber Security Centre recommend “that access is restricted by default to GenAI tools and platforms and allowed only as an exception based on an appropriate approved business case and needs. It is also recommended that its use by any staff should not be permitted until such time as Departments have conducted the relevant risk assessments, have appropriate usage policies in place and staff awareness on safe usage has been implemented” (p 39).

In very similar terms, but perhaps based on a different set of concerns, the Dutch Ministry of Infrastructure and Water Management’s AI Impact Assessment Guidance (updated 31 Dec 2024) has also stated that the provisional position for central government organisations is that GenAI use is in principle not permitted: “The provisional position on the use of generative AI in central government organisations currently sets strict requirements for the use of LLMS in central government: “Non-contracted generative AI applications, such as ChatGPT, Bard and Midjourney, do not generally comply demonstrably with the relevant privacy and copyright legislation. Because of this, their use by (or on behalf of) central government organisations is in principle not permitted in those cases where there is a risk of the law being broken unless the provider and the user demonstrably comply with relevant laws and regulations.”” (p 41).

I think that these are good examples of responsible default positions. Of course, monitoring and enforcement a general prohibition like this will be difficult and more needs to be done to ensure that organisations put in place governance and technical measures to seek to minimise the risks arising from unauthorised use. This is also a helpful default because it will force organisations that purposefully want to explore GenAI adoption to go through the necessary processes of impact assessment and careful and structured consideration, as well as place a focus on the adoption (whether via procurement or not) of GenAI solutions that have appropriate safeguards and are adequately tailored and fine-tuned to the specific use case (if that is possible, which remains to be seen).

Bordering the irresponsible: Commission's Q&A on third country access to EU procurement post-Kolin/Qingdao

Hanna Barakat & Archival Images of AI + AIxDESIGN / https://betterimagesofai.org / https://creativecommons.org/licenses/by/4.0/. The image depicts a series of stone-like hands, fractured and cracked, reaching out in various directions from a chaotic mass of tangled wires. Some hands display broken fingers, while archival tags on others suggest anonymity and erasure. The juxtaposition of human forms and technological wires evokes themes of labor, exploitation, and the often unseen physical work behind the tech industry.

In the aftermath of the CJEU’s Judgments in Kolin (C-652/22, EU:C:2024:910) and Qingdao (C-266/22, EU:C:2025:178), there was much anticipation about a guidance document being prepared by the European Commission to address some of the many, complex, consequential issues left open by the Court (see comment here).

The Q&A-type guidance document was published by the Commission late last week. The document has already been the object of analysis and deserved criticism, eg by Marko Turudić and Pedro Telles. They both comment on most aspects of the document in detail, and make good points.

In this post, I focus on two issues arising from the document and link them to first principles of procurement, as well as the broader layers of regulation beyond the EU.

two Extremely problematic assertions

In the Q&A document, the Commission makes two extremely problematic assertions. First, on the level of transparency to be afforded to decisions on participation and, if applicable, differential treatment of third country operators. Second, on the ‘severability’ of EU, national (and international) principles-based requirements.

Transparency requirements

The Q&A document states as follows:

Contracting authorities may indicate in advance in the tender documents their decision to accept or not participation of non-covered third country economic operators and, if they admit them, the arrangements applicable to their tenders.

They may also decide not to make this known in advance. In the absence of any reference to this matter in the contract notice / tender specifications, the contracting authority / entity still has the possibility to accept or to reject a tender from an economic operator from a non-covered country at any moment during the procurement process (answer to Q5.3, emphasis added).

‘Severability’ of legal principles by their ‘origin’

The Q&A document also states that:

Economic operators from non-covered countries do not enjoy any rights deriving from EU public procurement law, including requirements for transparency and proportionality enshrined in EU law and transposed into the national legal order. It is open to competent national authorities to identify other national provisions (not transposing EU public procurement law) on which such economic operators might rely (answer to Q6.2).

And that, in ensuring compliance with the principle of the rule of law ‘Contracting authorities/ entities may base themselves on national legislation that does not transpose EU law’ (answer to Q6.4) and, further, that ‘any possible issue of compliance with the ECHR would concern national law only and would be unrelated to any instance of implementation of EU law by a Member State’ (answer to Q6.5, emphasis added).

Overall position

Combined, this sets out the combined position that (i) contracting authorities can make decisions based on undisclosed criteria at any point in the procurement process and that (ii) any transparency, etc requirements in relation to those criteria or those decisions can only stem from domestic legislation not transposing EU public procurement law / unrelated to any instance of implementation of EU law.

The CJEU benchmark

A first issue is that, in my view, the Commission’s assertions only partially follow from the Kolin and Qingdao judgments. It is thus worth recalling what the CJEU said. In Kolin, the Court established that:

‘While it is conceivable that the arrangements for treatment of such operators should comply with certain requirements, such as transparency or proportionality, an action by one of those operators seeking to complain that the contracting entity has infringed such requirements can be examined only in the light of national law and not of EU law’ (C-652/22, para 66).

In Qingdao, the Court stated that:

‘While it is conceivable that those treatment arrangements should comply with certain principles and requirements, such as the principle of protection of legitimate expectations and of legal certainty, an action raising a complaint that the contracting authority has infringed those principles can be examined only in the light of national law and not of EU law’ (C-266/22, para 66).

an alternative (less questionable?) interpretation

As we can see, the CJEU did not establish any hard boundary on the relationship between the national and EU law rules containing reference to the principles of protection of legitimate expectations and of legal certainty, or (the requirements) of transparency and proportionality. The CJEU said that the principles as enshrined in EU law could not be relied on. An alternative, domestic source would be needed. The CJEU was (almost) clear in accepting that (it is conceivable that) arrangements for the treatment of third country economic operators had to comply with transparency, proportionality etc requirement, but not as a matter of EU law.

A modestly and sensibly creative interpretation of the CJEU judgments would thus seek not to exclude protection afforded by homonymous principles and requirements, whether they are enshrined in the exact same domestic rules or not, as long as the applicability of the principles had a justification in a legal source other than EU law. This is not the same as demanding that an entirely separate (formulation of the) principle (to the same effect) exists. It simply requires that there is an alternative source of the requirement to abide by the given principle or requirement.

And there are at least two such general sources. First, the United Nations’ Convention Against Corruption (UNCAC) offers one such source in requiring that ‘Each State Party …, in accordance with the fundamental principles of its legal system, take[s] the necessary steps to establish appropriate systems of procurement, based on transparency, competition and objective criteria in decision-making, that are effective, inter alia, in preventing corruption’, with a requirement for such systems to explicitly address issues of transparency, establishment in advance of conditions for participation, and access to an effective system of domestic review’ (Art 9.1). Second, the ECHR provides the right to fair trial (Art 6).

Such an approach would have allowed some space for Member States to continue complying with basic requirements of administrative law and procurement regulation while the mess created by the Kolin and Qingdao judgments gets sorted out through EU procurement legislation. Any arguments that such course of action would detract from the effet utile of EU law would seem destined to fail, given that the CJEU had already accepted that participation by third country operators was possible and that equal treatment was also possible—just not as a matter of EU law. The Kolin/Qingdao could have been bracketed as an issue of competence and the true effectiveness of the case law been pushed to the reform of the directives in a much less disruptive manner.

Conversely, the Commission’s extreme interpretation seeks to wipe out such space for manoeuvre in requiring that the source of law demanding certainty, protection of legitimate expectations, transparency or proportionality has nothing to do and is entirely unrelated with the transposition of EU law. This is an impossible threshold to cross, as there will be no jurisdiction that has a set of procurement legislation to implement EU law, another one to comply with UNCAC, another one to comply with the ECHR, etc.

In fact, as EU procurement law is itself adjusted to those international standards and requirements, the transposition of the EU directives has been the mechanism to ensure compliance with all these layers of procurement regulation. This is a situation that is simply impossible to unbundle. Suggesting otherwise verges on the irresponsible, as it places contracting authorities in a position to breach a wide array of international and domestic rules, as well as creating significant corruption risks.

Corruption risks

Setting issue of legal interpretation aside for a moment, perhaps the most problematic part of the Q&A document is the second paragraph of the answer to question 5.3, where the Commission indicates that contracting authorities may ‘decide not to make [their decision to accept or not participation of non-covered third country economic operators and, if they admit them, the arrangements applicable to their tenders] known in advance. In the absence of any reference to this matter in the contract notice / tender specifications, the contracting authority / entity still has the possibility to accept or to reject a tender from an economic operator from a non-covered country at any moment during the procurement process‘. Crucially, the European Commission forgot to open (or close) the sentence with the all important caveat that this is (at best) the position solely for the purposes of EU law.

In my view, there is no question that a contracting authority that decided to operate in this manner would be in breach of UNCAC and a variety of constitutional level provisions (regardless of the specific EU jurisdiction we want to focus on).

And, more importantly, a contracting authority that decided to behave in this manner would be exposing itself to potentially significant corruption risks. Lack of transparency and not formulating the criteria to be applied in procurement decision-making at the point of launching the procedure not only reserves the contracting authority unlimited discretion and thus triggers the risk of arbitrariness in decision-making. More problematically, it exposes key decision-makers to pressure and to risks of corruption — either by the ‘covered’ entities seeking to persuade it to exclude the tender/s by the third country operator/s, or by the latter seeking the opposite, or both.

the bigger picture

Ultimately, the Kolin/Qingdao saga and this Q&A show that we are at risk of losing sight of the bigger picture. Procurement rules are not only, or even primarily, about trade liberalisation. They are essential tools of good governance and a source of discipline and integrity in the expenditure of public funds. Given their importance, multiple layers of procurement regulation are overlaid and, while they vary in their details, they all share the same core principles and fundamentals. Seeking to deviate from these, or to limit them to one and only one of those layers of regulation can simply not work.

It should also be clear that, as a matter of bigger picture, the inconvenience that sometimes comes from complying with the rule of law and other constitutional-level guarantees should possibly create constraints and difficulties in the implementation and rollout of EU (common) policy, as it does at national level. The Kolin/Qingdao saga and this Q&A can only be read as a prioritisation of the common commercial policy over good administration and rule of law considerations. It does not paint a pretty picture and it does not signal a particularly strong commitment to one of the fundamental values of the Union, to be frank.

The bigger picture is too that the CJEU had (at least) two ways of addressing these issues. One would be to impose a full ban on participation by non-covered third country operators. The other would be to have been more accepting of the limitations of ‘policy-making by judgment’ and to have openly stated that, once a third country operator has not been excluded, legal protections follow. By setting such shaky foundations as the Kolin/Qingdao case law, the CJEU enables the European Commission to make unhelpful interventions such as this one. The other part of the bigger picture is, as well, that the European Commission is willing to take exactly zero risks and that, in this extreme risk aversion, it can come to exacerbate problems arising from the case law.

Lucky dip from a mixed bag? Summary results of the consultation on the evaluation of EU Procurement rules

Janet Turra & Cambridge Diversity Fund / https://betterimagesofai.org / https://creativecommons.org/licenses/by/4.0/. The image features a silver meat grinder. Going into the grinder at the top are various culturally symbolic, historical, and fun icons – such as emojis, old statutes, a computer, newspapers, an aeroplane. At the other end of the meat grinder, coming out is a sea of blue and grey icons representing chat bot responses like 'Let me know if this aligns with your vision' in a grey chat bot message symbol.

The European Commission has published a Factual Summary report on the public consultation on Evaluation of the Public Procurement Directives (the Summary). While we await for the Commission’s fuller analysis of the responses to the consultation (which officials have publicly acknowledged to be processing with AI tools, at least in part) after the summer, it is worth taking a look at the numbers on their face value.

And even before that, it is worth reflecting on the value of a consultation that largely seeks input on the ‘lived experience’ of procurement but sidesteps the critical issue that respondents will provide views based on the specific implementation of the EU rules in their jurisdiction. Barring ‘pure copy-paste’ approaches (such as the good old UK approach), this already creates a significant methodological and analytical hurdle because the underlying reasons for any views expressed cannot without more be attributed to the EU directives—but are rather by necessity mediated by domestic implementation decisions, as well as by domestic procurement culture, legal context and technical infrastructure. The latter is perhaps the easier to grasp. Questions around e-procurement will elicit very different responses depending on the level of functionality, reliability, and sophistication (costs, etc) of e-procurement systems put in place in each of the Member States. Given the broad variation in that regard, it is hard to meaningfully extrapolate the feedback and attribute it to the minimalistic rules on e-procurement in the directives. The same applies across the piece.

Moreover, even setting that aside and taking the statistical summary as provided by the Commission, it is hard to know what to make of it. In short, in my view, the picture that emerges is very much a mixed bag. This further supports the emerging (?) view that the priority should not be the reform of the legal framework, but rather the much more complicated (and expensive) but potentially more impactful work on ensuring procurement practice maximizes use of the flexibility within the existing framework (as discussed in the recent conference held at the University of Copenhagen by Professor Carina Risvig Hamer — see the key conclusions here). Here is why.

(small) majority and (large) minority views

Let’s take a few headline figures and statements:

  • 49% of respondents believe that the Directives did not make the public procurement system flexible enough and 54% think that they did not establish simpler rules for the public procurement system.

  • most of respondents (48%) think that the rules aiming at increasing procedural flexibility (e. g. the choice of available procedures, time limits for submitting offers, contract modifications) are no longer relevant and adequate.

  • the same percentage of respondents (48%) consider the Directives’ rules on transparency (e.g. EU-wide publication via Tenders Electronic Daily 'TED') to be still relevant and adequate.

  • most respondents (53%) believe that the Directives ensure the equal treatment of bidders from other EU countries in all stages of the process and the objective evaluation of tenders.

  • almost half of respondents (49%) consider that the rules on eProcurement are still relevant and adequate to facilitate market access.

  • there is some agreement that the Directives’ rules that aim for environmentally friendly procurement (e.g. quality assurance standards and environmental management standards) and for socially responsible procurement (e.g. reserved contracts, requirements on accessibility for people with disabilities and design for all users) are still relevant and adequate. 39% and 43% of respondents say so, respectively.

  • Most respondents (39%) believe that the objectives of the three Public Procurement Directives are coherent with each other. However, EU legislation relating to public procurement (e.g. sectoral rules such as the Net Zero Industry Act or Clean Vehicles Directive) are not thought to be coherent with the Directives by the largest part of respondents (37% vs 11% who think that sectoral files are coherent).

  • Most respondents (49%) disagree that the Directives are fit for purpose to contribute to the EU’s strategic autonomy (including the security of EU supply chains). 42% think that the Directives are not fit for purpose in urgent situations. 44% consider that they are not fit for purpose in case of major supply shortages (e.g. supply-chain disruptions during a health, energy or security crisis). 38% think that the Directives do not ensure that security considerations are properly addressed by the contracting authorities.

The figures above, even if phrased in terms of majority of respondents, hardly show a clear majority view on any of those issues. At best, the majoritarian view reaches a figure just above the 50% threshold and, in most instances, the majoritarian view is in reality a large minority view (and sometimes not even that large at all). Constructing the figures to reflect ‘truly’ majority views to potentially influence the direction of reform proposals would require ‘appropriating’ the neutral space (which hovers between 15-28%, depending on the issue in the list above). This raises some questions on methodology itself (should neutral answers be allowed at all?), as well as on ways of treating data that stems from a non-representative and tiny sample (given the figures around number of public buyers, companies tendering for public contracts, and other stakeholders across the EU).

‘Consultation assessment by numbers’ is clearly not going to work. This should push our hopes to the qualitative analysis of the responses, which however raises no smaller questions on the relevance and reliability of the insights provided by this approach to public consultation. Moreover, it can be concerning that the qualitative analysis is being supported by AI tools, as this creates all sort of risks — from technical issues (such as confabulation and the simple making up of ‘insights’) to methodological issues (especially, if the AI is seeking to extract trends, which then largely replicates the problem of ‘assessment by numbers’). It would be very important for the Commission to publish a methodological annex in the future report explaining how AI was used, so that we can have a good sense of whether the qualitative analysis is robust or (use)less.

expert (?) views

To put it mildly, some trends in the Summary run directly against expert insights on the operation (and shortcomings) of the Directives.

This is perhaps most starkly shown in the responses around transparency. There is to my mind no question whatsoever that the expert community considers that there is insufficient procurement transparency and that the TED system is unfit to enable for the collection, publication and facilitation of re-use of procurement data in ways that lead to helpful data insights and, potentially, AI deployment. However, 48% of respondents have said otherwise. What to make of this? What is the point of asking this sort of question in an open consultation? Will this be used as a justification (aham, excuse) not to decidedly revisit the issue of procurement data in a way that promotes the development of an adequate data infrastructure fit for current policy challenges, as the expert community keeps advocating for?

Similarly, though 53% of respondents consider there is no issue of equal treatment of non-domestic bidders, what is the evidence for that? Given how relatively little cross-border tendering there is, on what grounds is this view formed? If the answers are based on a point of principle, what weight (if any) should be given to this set of answers? How does this square up with expert insights (and the Court of Justice’s occasional reminder) that fragmentation of requirements can create de facto unequal treatment (eg where domestic tenderers are more familiar with requirements arising from a broad array of administrative law provisions)?

Jarringly, the outcome of the consultation on the trends in competition for public contracts reflect that: ‘No significant conclusion could be drawn on whether competition had increased, remained the same or decreased over the last 8 years: 25% of respondents think that it decreased, 21% that it remained the same, and 25% that it increased’. However, from the European Court of Auditors’ report, we know that (by available metrics) competition has been on a constant reduction over the last decade. What was the point of asking this question and what to make of this outcome?

sectoral bias

Moreover, the qualitative analysis will require taking into account the specific position (and agenda) of respondents. Clearly, for example, the (declared) perception of aspects of the procurement system will be massively different depending on which side of the policy table respondents sit at.

This is most starkly shown around strategic procurement, where the public/private sector split is clear: ‘Public authorities agree that the Directives have encouraged contracting authorities to buy works, goods and services which are environmentally friendly (56%), socially responsible (55%), and innovative (45%). However, all other respondent groups are less positive. For instance, companies/businesses disagree that the Directives have encouraged contracting authorities to buy works, goods and services which are environmentally friendly (46%), socially responsible (50%), and innovative (54%).’ However, more importantly, and even with problems in the data, we know that uptake of green, social and innovation procurement is woefully low. Again, the European Court of Auditors has clearly documented this. What was the point of asking this question and, more importantly, how will this sort of outcome help inform policy going forward?

What next?

It will be interesting to see what comes out of the fuller analysis of the responses to the public consultation. However, it seems to me that this piece of information gathering will result in a relatively wide variety of views and thus likely have very little meaningful value in informing the direction of travel for the formulation of a proposal for revised rules. More importantly, I think this exercise shows the limited value in trying to obtain this sort of general views on high level questions around issues that are by definition complex, multi-layered, and in some cases politically contested.

As the conclusions to the Copenhagen conference show, there was broad general agreement (in that context) that three elements need to be at the core of the process of review of the EU rules: digitalisation, a clarification of the purpose/s of EU procurement rules, and practical simplification of legal requirements. Given the push to reform, we can hope that the Commission will take a path along those lines going forward. However, the Commission’s own statement of priorities included digitalisation, simplification and EU preference/strategic procurement. That is in itself showing a potentially big clash in approaches and the likely impossibility of achieving a set of goals that cut across each other.

Moreover, I think it is not too late to stop and reconsider whether we are falling in a legocentric trap. During the conference, ‘an element raised several times … was whether it was the procurement rules or the procurement practices that needed to change?’. I think there is a lot value in considering this in detail. We should not delude ourselves thinking that just because something is written in the procurement Directive, reality follows… It would also be helpful to consider whether it is possible to take a staged approach and truly prioritise efforts, so that we can move forward in relation to a single priority (which in my view should be digitalisation) before attempting the more complex and contested aspects of a reform.