What are the main governance opportunities and challenges for procurement digitalisation?

by Professor Albert Sanchez-Graells, University of Bristol Law School.

Approximately a third of public sector spending goes to procure third-party goods, services, and works. Procurement rules and policies seek to ensure that contract awards are free from corruption, conflicts of interest or anticompetitive practices, and that these vast sums of public funds generate value for money and support social, environmental, and innovative practices. There is always room for improvement, though. The adoption of digital technologies is seen as a strategic catalyst for procurement reform, to increase the effectiveness of procurement regulation. Digitalisation could reduce the administrative burden through automation, generate data insights to inform policies and boost efficiency in public spending, and serve as a living lab for GovTech experimentation.

However, the transformative potential presumed in digital technologies generates hype and excessive expectations on the true size and nature of the achievable improvements. It also tends to overshadow the required groundwork and preparatory investment. New digital governance risks and requirements are not always recognised or understood. The growing public sector digital capability gap raises further obstacles. Heightened expectations and a minimisation of the challenges can get on the way of successful reform. In ongoing research funded by the British Academy, I apply an innovative technology-centred methodology to assess the governance opportunities and challenges for procurement digitalisation. This blog post provides a summary of the main findings so far. I will also be discussing them with a stellar panel on 15 December 2022 (details and registration).

‘Policy irresistibility’ and hype in procurement digitalisation

Public procurement is at its core an information-based exercise. Public buyers seeking to procure goods, services or works from the market need to process large amounts of information to choose a responsible provider offering the best possible terms on quality, cost, experience, etc. That information is also increasingly complex, especially as public buyers seek to strengthen controls on eg the supply chain on which providers rely, and to assess the environmental and social costs and benefits associated with the public expenditure.

Theoretically, this information intensity and complexity makes procurement (as many other public sector activities) particularly well suited for the deployment of data-intensive digital technologies, such as robotic process automation or machine learning (a form of artificial intelligence, or AI). The need to ensure the integrity of that information also raises prospects for the implementation of eg distributed ledger technology (or blockchain), leading to the deployment of smart contracts. Digital technologies promise to bring solutions to the informational burden and thus augment decisionmakers’ ability to deal with complexity and uncertainty in procurement. The opportunities created by digital technologies could seem endless and the potential gains in the simplification of a part of the public sector generally associated with red tape and seen as an unavoidable cost could be rather significant.

However, my research shows that aspirations of digital transformation are usually built on a shallow assessment of the technologies and a lack of robust analysis of the required enabling factors (notably, data and digital skills). Such weak foundation can generate inflated policy agendas and makes them vulnerable to technological hype, despite technological immaturity and in the face of evidence of the difficulty of rolling out such transformation programmes—eg regarding the still ongoing wave of transition to electronic procurement (an earlier step in the process of digitalisation). This hype is fuelled not only by the direct mapping of the theoretical functionality of digital technologies onto the primary regulatory challenges in procurement governance (information intensity and complexity), but also by additional governance characteristics such as: multi-level governance, an increased emphasis on embedding innovation in procurement processes, and a continued gap in the digital capability of the public sector.

The allure of the potential benefits of deploying digital technologies ultimately generates ‘policy irresistibility’ that can capture decision-making by policymakers overly exposed to the promise of technological fixes to recalcitrant governance challenges. This can in turn result in excessive experimentation with digital technologies for procurement governance in the name of transformation. In addition to boosting the public sector’s in-house digital capabilities (more on this below), addressing these governance risks requires reassessing the true potential benefits of digital technologies.

A more realistic view of the technological opportunities

Indeed, to moderate those pressures and guide experimentation towards the successful deployment of digital solutions, decision-makers must reassess the potential of those technologies in the specific context of procurement governance. They must also consider which enabling factors need being put in place to harness the potential of the digital technologies—which primarily relate to an enabling big data architecture. Combined, the data requirements and the contextualised potential of the technologies will help decision-makers draw a more realistic feasibility boundary for digital procurement governance, which should inform their decisions and mitigate against ‘policy irresistibility’.

My analysis shows that there are significant and difficult to solve hurdles in generating an enabling (big) data architecture, especially for digital technologies that require multiple sources of information or data points regarding several phases of the procurement process. Some much-hyped technologies, such as blockchain and the related smart contracts have limited to no real application in procurement governance, or do not offer any advanced functionality capable of improving upon current information management approaches. Other technologies, such as methods of robotic process automation, are limited due to the reduced number of aspects of a procurement procedure that can be entirely formalised to automate them—or at least not at the cost of generating significant rigidities in the administration of the process and severely limiting the exercise of discretion. Deploying AI is particularly challenging due to specific duties applicable to the public sector (eg duty to ensure equal access to procurement opportunities, duty to provide reasons, duty to assure the provision of adequate and correct information or accept liability for undue legitimate expectations, etc) that make the deployment of private sector originated solutions (eg recommender systems or chatbots) either impossible or very difficult.

Overall, the realistic potential of most digital technologies primarily concerns the automation of tasks not involving data analysis or the exercise of procurement discretion, but rather relatively simple information cross-checks or exchanges. A feasibility boundary emerges whereby the adoption of digital technologies for procurement governance can make contributions in relation to its information intensity, but not easily in relation to its information complexity. In the absence of a significant expansion in the collection and curation of data, digital technologies can allow procurement governance to do ‘more of the same’ and/or to do it ‘more quickly’, but it cannot enable better procurement driven by data insights, except in relatively narrow settings. Such settings are characterised by procurement centralisation. Therefore, the deployment of digital technologies can be a further source of pressure towards procurement centralisation, which is not a neutral development in governance terms. I will explore this issue in a different part of my research.

New and heightened governance challenges

From a governance perspective, ensuring adequate decision-making in procurement digitalisation requires that the potential benefits from the adoption of digital technologies within this feasibility boundary is assessed against new governance risks and requirements for their mitigation.

My research shows that procurement digitalisation generates new and heightened risks and legal obligations, including on data governance, algorithmic transparency, technological dependency, the management of technical debt, cybersecurity threats, and difficult trade-offs due to the uncertainty surrounding immature and still changing technologies within an also evolving regulatory framework. Even public buyers not seeking to directly adopt digital technologies are increasingly under duties to comply with eg data governance and cybersecurity obligations, as projects on open data are rolled out to facilitate procurement digitalisation more generally.

New and heightened digital governance risks are thus pervasive and inescapable. And the related legal obligations are mushrooming in jurisdictions such as the EU, where at least the following pieces of digital law are relevant: Open Data Directive; Data Governance Act; proposed Data Act; NIS 2 Directive on cybersecurity measures, including its interaction with the Cybersecurity Act, the proposed Directive on the resilience of critical entities and Cyber Resilience Act; as well as some aspects of the proposed EU AI Act. The growing complexity of this network of legislative instruments poses an additional governance and compliance challenge by itself.

Each of the digital governance risks is different and poses its own challenges, but the risks are also interrelated, and their accumulation generates important systemic issues. Understanding these risks requires advanced digital capabilities. The growing gap in public sector digital capabilities not only reduces the likelihood of identification and management of the relevant risks, but also generates additional governance risks (eg of over-dependency on external capabilities, such as those of consultants and outsourcing companies). This should place investment in boosting in-house digital capabilities at the top of policy priorities, not only in relation to procurement digitalisation, but more generally to support a broader transition to a new model of public digital governance.

Strengthening the oversight of risk taking in procurement digitalisation

Most of the above emerging obligations to identify and mitigate digital risks, and best practices of digital governance more generally, converge towards obligations to carry out risk assessments and to adopt strategies, policies and practices informed by them. However, my research shows that current rules and guidance are weakened by a lack of precision on the substantive requirements for those risk assessments.

An analysis of emerging regulatory approaches in the EU and the UK shows that the adoption of digital technologies by public buyers is largely unregulated and only subjected to voluntary measures, or to open-ended obligations in areas without clear standards—which reduces the prospect of effective mandatory enforcement. The emerging model of AI risk regulation in the EU and UK follows more general global trends and points at the consolidation of a (sub)model of risk-based digital procurement governance that strongly relies on self-regulation and self-assessment. This is the case also in the UK, despite a proliferation of guidance instruments, such as the Technology Code of Practice, the Digital and Data Playbook, the Guidelines on AI procurement, or Guidance on the use of AI in the public sector.

Given its limited digital capabilities, the public sector is not best placed to control or influence the process of self-regulation, which results in the outsourcing of crucial regulatory tasks to technology vendors and the consequent risk of regulatory capture and suboptimal design of commercially determined governance mechanisms. Even more digitally capable public buyers are not in an ideal position to scrutinise such decisions because of the unavoidable structural conflict of interest that results from their interest in the use of the technology.

Moreover, this ‘second party’ assurance model does not include adequate challenge mechanisms despite efforts to disclose (parts of) the relevant self-assessments through eg algorithmic transparency standards. Such disclosures are constrained by general problems with ‘comply or explain’ information-based governance mechanisms, with the emerging model showing design features that have proven problematic in other contexts (such as corporate governance and financial market regulation). Moreover, there is no clear mechanism to contest the decisions revealed by the (delayed) disclosures, including in the context of specific uses of the technological solutions.

My analysis also shows that a model of third-party assurance or certification, such as that emerging from the EU AI Act, would be affected by the same issues of outsourcing of regulatory decisions to private parties, and ultimately would largely replicate the shortcomings of the self-regulatory and self-assessed model. A certification model would thus only generate a marginal improvement over the emerging model—especially given the functional approach to the use of certification and labels in procurement.

Moving past these shortcomings requires assigning the approval of decisions whether to adopt digital technologies and the verification of the related impact assessments to an independent authority: the ‘AI in the Public Sector Authority’ (AIPSA). I will fully develop a proposal for such authority in coming months, in another part of my research project.


While procurement digitalisation can generate significant benefits, the path to enabling and risk-assessing the adoption of digital technologies for procurement governance is complex and full of new and heightened regulatory challenges. Emerging approaches in the EU and the UK are suboptimal and stronger governance mechanisms should be created. These would not only apply to the adoption of digital technologies by public buyers, but to the digitalisation of the entire public sector. The most urgent needs lie with developing effective strategies to sustainably boost public sector digital capability and with the development by an independent regulator of digital governance standards to put a stop to the quickly accelerating process of commercial determination through self-regulation and self-assessment. Failing to tackle these two primary challenges will make the public sector liable for the long-term costs and governance shortcomings of ‘digital transformation on a shoe string’.

Leave a Reply

Your email address will not be published. Required fields are marked *