PolicyAI

UK council HR teams field thousands of policy queries a year. Most of them have a clear answer somewhere in the council's own policy library — but staff cannot find it, line managers cannot interpret it, and HR ends up acting as a search interface for documents the organisation already owns.

The two existing options both fail. Static policy intranets are hostile UX: keyword search over PDFs, no synthesis, no context. Generic AI assistants hallucinate policy: a chatbot trained on the public internet will confidently invent a sickness procedure that does not match the council's own.

PolicyAI is the third option. Retrieval-augmented generation grounds every answer in the council's actual published policy. The model never speaks outside the document set. Sensitive policy domains are gated. Every response cites the source.

PolicyAI is engineered for UK public sector data sovereignty and identity. Nothing runs outside the council's existing trust boundary.

Hosting

AWS Bedrock — eu-west-2 (London region). UK data residency throughout the request lifecycle.

Authentication

Entra ID single sign-on. No separate identity store. Group-based access control inherits from existing council directory.

Retrieval

Vector retrieval over the council's actual published HR policy library. Answers grounded in source documents with explicit citation.

Generation

Answers constrained to retrieved source content. Out-of-corpus questions return a clear "this is outside published policy" response, not a fabrication.

Audit

Query and response logging compatible with council records management and FOI obligations.

The architecture deliberately avoids two patterns common in the AI-product market: third-party SaaS platforms outside UK data residency, and prompt-engineered overlays on consumer LLMs that have no grounding in source documents. Neither is acceptable in a council HR context.

Not all HR policy is equal in sensitivity. PolicyAI separates the council's policy estate into three tiers, with different governance gates for each.

Tier 3 deployment is not optional or cosmetic. A formal Data Protection Impact Assessment is required before any Tier 3 domain is loaded into the model's retrieval corpus. The framework exists so that PolicyAI is defensible at the next external audit and at any subject access request — not just useful at the helpdesk.

Available as a packaged offer for councils with comparable HR policy estates. Each deployment is bespoke to the council's own policy library — there is no shared cross-council content, and no model trained on one council's policy ever serves another's queries.

The product roadmap covers fourteen council policy domains in total, with Tier 3 domains gated behind the DPIA process described above. Councils typically begin with Tier 1 deployment, then add Tier 2 and Tier 3 domains incrementally as governance approvals are secured.

PolicyAI is sold as a fixed-scope deployment, not as a SaaS subscription. The council owns the deployment, the policy corpus, and the governance.

Engagement model

Fixed-scope deployment of policy domains agreed at outset, with optional ongoing curation as the policy library evolves.

Pricing

Indicative range £3,000 to £18,000 over three years, scaled by domain scope and tier. Detailed quotation on request following a scoping call.

Procurement

Structured around UK local government procurement thresholds. Single-officer authorisation possible at the lower end of the range.

Data & IP

The council retains full ownership of its policy corpus, query logs, and resulting deployment. No cross-council data sharing.