Amber Sinha is a contributing editor at Tech Policy Press.

European Commission President Ursula von der Leyen urged European companies last month to embrace artificial intelligence. Her statement coincided with the announcement of the Apply AI Strategy and plans to create a network of AI-powered medical screening centers to improve diagnosis and medicine development. This is a big year for the EU’s public procurement of AI-based technologies, with the European Commission committing €1.3 billion between 2025 and 2027.

The commitments include acquiring generative AI applications, including in the health and care sectors, facilitating the new EU Digital Identity Wallet architecture and the European Trust Infrastructure, and transforming the public sector by developing efficient, high-quality, interoperable digital public services. While critical analysis of the use of AI in the provision of public services has been ongoing for much of the last decade, most commentary has focused on clear conflicts with fundamental rights and democratic values. However, core principles of public administration can serve as useful guides for regulating how governments make decisions about AI-related public spending.

AI adoption as a failure of public procurement

When AI systems are used by public actors, they typically require a government or public body to make procurement decisions. The move towards the datafied state over the past two decades has also been accompanied by a gradual change in the nature of public-private partnerships. The digitization and datafication of public functions have led to a more involved private sector in governance than ever before.

Traditionally, the state procurement process has been understood within the context of outsourcing parts of state functions for the sake of efficiency, and public-private partnerships have increasingly been seen as an innovative tool to address the lack of dynamism in public service delivery. These models were intended to operate within the strict frame of public administration, with administrative law principles of transparency and accountability designed to ensure that they meet state objectives. However, with the expansion of the public-private partnership model, the question of appropriate roles for state and private parties has become more fluid. The datafied state involves the creation of systems that are technically complex to build and require significant investment.

Several factors make outsourcing of these functions, at least to a limited extent, an attractive option. Delegating them to specialized external bodies may increase the state’s efficiency in providing public services, as the expertise and operations for such systems are highly specialized and therefore benefit from partnerships among different actors. Perhaps the biggest advantage of using private services is that it eliminates the need for large upfront government investment. Costs are borne by the private investor and typically spread over the contract period.

The degree of private firm involvement varies, depending on the capacity of the state, private sector expertise and profitability. Among other things, private actors can be involved in (1) designing and building the technical infrastructure, (2) financing initial and ongoing capital investments, and (3) providing key services in operating and maintaining the systems throughout their lifecycle.

There is a natural tension when private firms invest in innovation with the expectation of generating profit, while states are meant to act in the public interest. The modern administrative state was designed to navigate these tensions. Ideally, a consultative process is needed to define what constitutes a public good outcome. These goals should be debated and decided by the legislative and executive branches and established as basic mission requirements of government agencies.

Further, they should involve significant public consultation and consider the views of different stakeholders. The growth of public-private partnerships has also been accompanied by executive aggrandizement and the centralization of power within the executive. This trend limits accountability measures and undermines efforts to determine appropriate policy goals.

How vendors disrupt the procurement process

For public procurement to function in an accountable manner, the state must clearly identify problem statements based on a consultative process, conduct feasibility studies on the various ways the problems can be addressed, and clearly design a vendor’s scope of work to align with policy goals. This vision of public-private partnership positions the state as the driver of the agenda, clearly delegating specific functions to private parties while maintaining accountability. However, in the datafied state, this power dynamic has reversed itself.

The key problem has been inflexibility, caused by dependence on a few select solution providers. Given the scale of these technical projects and the influence of large industry actors, only a handful of vendors are eligible to provide these services under tightly defined requests for proposals.

Take the example of digital identity systems, which are central to the vision of a datafied state in many countries. Some key vendors include Thales, Gemalto, IDEMIA, In-Groupe, Security Identity Alliance, MOSIP and Civipol. Together, these companies represent a particular vision of digital identity, one designed to promote datafication and enable access to data by various private actors. This vision does not necessarily align with privacy-preserving digital identity standards or solutions that have evolved over the past decade and a half.

The usual state objectives for digital identity include the provision of legal identity, delivery of welfare, creation of civil registers, prevention of identity fraud, and addressing national security. These objectives can be achieved through versions of digital identity that are privacy-preserving in both policy and technological design. However, over the last two decades, there has been a global proliferation of identity systems that have not adopted these solutions, and these systems are often exclusionary and enable surveillance.

The adoption of these practices by way of onboarding companies interested in datafied solutions at the expense of privacy and inclusion should be seen as a failure of state procurement practices. It reflects a reversal of the traditional power dynamic between the state and private parties in a public-private partnership, where vendors now drive the agenda, define the vision of digital and datafication systems, and set policy goals aligned with their own profit motives, rather than public interest.

The inherent failure lies with states that are unable to demand higher standards from their vendors. At one level, this stems from the unwillingness of administrative authorities to exercise discretion by critically assessing the problem statement. By blindly relying on the technical expertise of the vendors, the executive neglects its administrative responsibilities.

At another level, as mentioned earlier, this failure results from executive aggrandizement, and the consolidation of power by the executive, which comes at the expense of the legislature and other independent bodies’ ability to hold it accountable through discourse, debate and oversight. Danaher and others have noted that a lack of competence among politicians and bureaucrats remains a key barrier to effective procurement practices.

Lessons for the EU and the AI race

The current frenzy around AI spending by the European Commission is driven by broad narratives about an urgent need for greater European competitiveness, digital sovereignty and strategic autonomy. These may be legitimate policy objectives for the Commission to pursue, but the leap from identifying these goals to treating AI as the primary solution for these problems has resulted in expansive top-down agendas for public procurement. This policy approach treats a technological paradigm, in this case, AI, as an end in itself, rather than applying administrative discretion to the problem at hand. It is the policy equivalent of putting the cart before the horse.

The EU institutions are bound under Article 296 Treaty on the Functioning of the European Union (formerly Article 253 Treaty establishing the European Community) to state the reasons on which their actions are based. However, their actions are often not held to a strict standard of administrative discretion, one that would ensure decisions by administrators are backed by evidence and coherence.

As with the buy-in by several Global South countries to untested digital identity solutions a decade ago, these failures of procurement often begin with technology vendors convincing policymakers that emerging technologies (then identity solutions, now digital public infrastructure and AI) offer efficiencies, accuracy and unprecedented transformative value for state agendas. With top-down mandates for AI procurement, these patterns are now being repeated in the European Commission’s approach to AI adoption.

These technological solutions are marketed as critical to national ambitions for technological competitiveness. In the current geopolitical moment, vendors find it especially easy to capitalize on external threats faced by the EU and its quest for greater strategic autonomy, positioning their solutions as not only transformative but also essential, often without much evidence. The eventual result can only be that public projects are designed to retrofit the high-level AI-first agenda rather than allowing specific needs assessments to inform their design.