Esper · AI Readiness Assessment

Is Your Policy Data Ready for AI?

State CIOs are moving fast — deploying AI into frontline service delivery, standing up AI governance frameworks, and building the data infrastructure that makes it all work. The question that doesn't always get answered before a pilot goes live: is the policy content underneath those tools actually ready to be trusted?

If that content is fragmented, unversioned, or living across SharePoint sites and shared drives, AI doesn't fix the problem — it scales it, and puts the agency's name on every wrong answer.

Your progress
0 / 15
01
Single source of truth
The foundation of everything else. Policies scattered across SharePoint, shared drives, and email chains aren't a storage problem — they're an AI liability.
0 / 3
There is one authoritative version of each policy or rule that everyone in the agency uses — not competing copies living in different systems and inboxes.
Staff know, without asking a colleague, where the current version lives and how to find it.
Superseded and draft versions are clearly separated from what's in effect, so they cannot be mistaken for current guidance by staff — or by an AI tool reading your corpus.
02
Currency and version control
What's "live" should be obvious — to people and to machines.
0 / 3
Every policy carries a clear effective date and status — current, superseded, draft, or expired.
When a policy changes, the prior version is preserved — not overwritten or deleted.
You can answer, for any rule, "what changed and when" without reconstructing it from memory or tracking down the person who used to manage it.
03
Audit trail and traceability
When an AI answer is challenged — by a citizen, a journalist, or a court — you need to show your work. Right now, can you?
0 / 3
You can trace who changed a policy, when, and why for any document in your corpus.
If an AI tool cites a policy, you could point back to the exact source version it relied on.
Your change history would hold up under a FOIA request or an audit — without a scramble.
04
Structure and accessibility
AI cannot reliably use content it cannot parse — and citizens cannot use content they cannot reach.
0 / 3
Policies are stored in structured, machine-readable formats — not scanned PDFs or image files.
Content is organized consistently — titles, categories, metadata — rather than by whatever convention each author happened to choose.
Published policies are publicly accessible and meet digital accessibility standards — so all citizens, and the AI tools serving them, can actually use them.
05
Governance and accountability
Leading states are building AI governance frameworks, mandatory responsible AI training, and data classification standards. The policy data underneath those frameworks has to be ready to match.
0 / 3
It is clear who owns AI use for your agency's policy content — and who answers when it is wrong.
You have a process to review and approve policy content before it feeds an AI system — not after a problem surfaces publicly.
Your agency's AI governance approach treats policy data readiness as a prerequisite — not something to clean up after a problem surfaces.

Score yourself

0 / 15
Start checking boxes above
Your result appears here as you work through each section.
13–15 · Strong foundation
Your policy data is positioned to support AI deployment responsibly. The work now is maintaining rigor as your corpus grows and AI use expands across the agency.
8–12 · Real progress, real exposure
Meaningful strengths — but the gaps are exactly where AI will fail you: bad guidance to citizens, compliance vulnerabilities, and FOIA exposure you cannot reconstruct. Close them before you scale any tool that touches public-facing decisions.
0–7 · Address this before you deploy
AI built on this foundation carries significant risk: wrong answers to citizens, regulatory gaps, and legal liability the agency owns — not the vendor, not the model. The good news: this is a known, solvable problem, and it's worth solving first.

Why this matters now

AI is the number-one priority for state CIOs in 2026 — the first time it has topped NASCIO's list, ending cybersecurity's twelve-year run. The state government IT leaders being recognized this year aren't just modernizing infrastructure. They're standing up enterprise AI governance frameworks, launching mandatory responsible AI training, building data classification standards, and deploying AI into frontline citizen services.

That ambition is exactly right. But every one of those initiatives is only as reliable as the policy data underneath it. Agencies can build the governance framework, run the pilot, and deploy the tool — and still get it wrong if the underlying corpus is fragmented, unversioned, and unauditable.

The federal AI governance framework has explicitly preserved state accountability for how agencies govern their own AI deployments. That responsibility — and the liability that comes with it — sits with every CIO, general counsel, and agency director who signs off on an AI initiative. The vendor doesn't own the wrong answer. The agency does.

Esper has spent nearly a decade inside government policy and rulemaking environments — digitizing policy corpora, building version-controlled workflows, and helping state agencies in Montana, Kansas, Washington and more created the structured, auditable policy foundation that responsible AI requires.

Want to see what closing these gaps looks like for an agency like yours?

We work with state agencies at every stage — from legacy migration to full policy lifecycle management. See how agencies in Montana, Kansas, Washington and more built a structured, auditable policy foundation before AI made it urgent.

Schedule a briefing call with our team
Esper  ·  Government runs on policy. We make it work.