Corvin Digital Ltd builds AI assistants for UK public sector organisations using Microsoft Copilot Studio. This page sets out how we design, build, and deploy those systems responsibly โ what we commit to, how we handle data, and how we ensure human oversight of every solution we deliver.
Accountability
Terry Ives (Director) is the named accountable individual for every AI system Corvin Digital delivers. Clients receive a direct contact for any AI-related concern, responded to within 24 hours.
Data sovereignty
All solutions run inside the client's own Microsoft 365 tenant. Resident and staff data never leaves the client's controlled environment. We do not train or fine-tune AI models on client data without explicit written consent.
Human oversight
No AI system we build makes autonomous decisions affecting resident rights, benefits, or legal status. Every chatbot journey includes a clear escalation path to a human agent. AI outputs are reviewed before consequential actions are taken.
Fairness and testing
We test every AI agent against diverse user scenarios before go-live to identify inaccurate, biased, or harmful outputs. We provide clients with a test report and a review period before launch.
Risk assessment
Before deploying any AI system, we complete a documented risk assessment covering accuracy, GDPR compliance, potential for discriminatory outputs, security, and environmental considerations. Available to clients on request.
Transparency
We document all AI tools deployed โ their purpose, decision-making scope, and limitations. We support clients in meeting their obligations under the Algorithmic Transparency Recording Standard (ATRS) where required.
Incident response
Any AI-related incident โ incorrect output, data breach, or system failure โ is reported to the client within 2 hours of identification. We maintain a full incident log and provide root-cause analysis.
Procurement transparency
In line with PPN 017 (February 2025), we disclose any use of AI tools in preparing tender responses and confirm that no confidential procurement documents are used to train AI models.
UK GDPR and data protection
When delivering services that involve personal data, Corvin Digital acts as a data processor on behalf of the client (controller). We comply with UK GDPR and the Data Protection Act 2018. We support clients in completing Data Protection Impact Assessments (DPIAs) for AI deployments where required. We do not engage sub-processors without client notification.
Government AI guidance alignment
Our approach aligns with the UK Government's AI Playbook (February 2025), including its principles of Fairness, Accountability, Sustainability, and Transparency (FAST). We follow Cabinet Office guidance on responsible AI procurement and service delivery for public sector organisations.
Policy review
This policy is reviewed annually and updated to reflect changes in UK AI regulation, government guidance, and Crown Commercial Service framework requirements. Last reviewed: May 2026.
Questions about our AI governance
For procurement teams, DPOs, or council officers with questions about how we handle AI in a specific engagement:
[email protected]