Is government ready for AI that acts, not just advises?
By SAS
SAS Asia Pacific’s Lead for Public Sector Consulting Ensley Tan shares why the gap between a personal co-pilot and an enterprise-grade agentic system isn’t a technical one, but one around accountability and governance.
-1781054092724.jpg)
For public sector leaders who have spent the last few years carefully piloting GenAI, the question is no longer just what AI can do, but what it can safely be allowed to do. Image: Canva
When SAS Asia Pacific’s Lead for Public Sector Consulting Ensley Tan speaks about the evolution of artificial intelligence (AI), he draws a sharp line between what it was and what it’s becoming.
Back in 2024, the conversation was centred on AI, particularly generative AI (GenAI), as a drafter, a summariser, and recommendation engine.
“The biggest shift is that it’s no longer just producing drafts or recommendations — it is increasingly able to act across tools, apps and work processes,” he says, referring to agentic AI.
For public sector leaders who have spent the last few years carefully piloting GenAI, it raises a far more consequential question.
It’s no longer just what AI can do, but what it can safely be allowed to do.
From co-pilot to enterprise
Tan recounts a recent engagement with a government agency for an audit function.
The agency had experimented with commercial GPT tools and reasonably thinks that AI-assisted auditing was achievable.
When they brought SAS to build a proper proof-of-concept, a critical gap emerged.
“What you can do on a personal co-pilot doesn’t always translate very well to when it has to be an auditable result,” he explains.
In a consumer tool, the AI reads a document, makes an inference, and completes a task. The process disappears when the chat window closes.
But in an enterprise audit context, “there needs to be explanation by the model as to what it saw, what its inference was, and what it decided to do.
“And all of that must be recorded and have a human in the loop to review it, to make sure there is ownership of the outcome.”
That ownership question is where agentic AI becomes genuinely complicated for government.
Human-in-the-loop, still there but different
Tan positions human-in-the-loop as the first line of defence for public trust in AI.
And while the principle still holds, the loop gets longer and less visible with agentic systems now executing multi-step tasks autonomously.
The risk, he says, is ending with what he calls “a defence of the gaps”.
This is when humans supervise only the narrow edge cases where AI is weakest, and treating that as robust control.
“We know from everyday digital systems that people quickly learn to click through warnings and confirmations when they are badly designed or appear too often,” he explains, highlighting that control usually exists on paper but not in practice.
He draws an analogy from financial services, where chief compliance officers are personally liable for lapses in anti-money laundering controls.
This makes accountability no longer an abstract concept, but an individual responsibility.
Where agentic AI is ready
Tan frames the usefulness and appropriateness of using agentic AI for tasks that are bounded, auditable, and reversible.
That means back-office work that is repetitive and rules-based, which entails moving information across systems, reformatting documents, handling structured workflows where the errors are recoverable.
“The best early use cases are where the agent is handling process friction, not public authority,” he says.
While traditional forms of automation require every step to be scripted in advance, agents are more flexible and can read documents, handle incomplete information and stitch together steps across systems in ways that are hard to fully script.
While this provides value for governments, this is also where governance becomes more complex.
“I would be much more cautious where decisions affect rights, entitlements, enforcement, or public trust,” he adds, highlighting areas involving grants, benefits, licensing, investigations, or anything that requires discretion, fairness, or explanation to citizens.
“If the cost of error is high, the need for human judgment is high,” he says.
Governing actions, not just outputs
Tan points to IMDA's updated Model AI Governance Framework for Agentic AI as a sign that the policy direction is moving correctly, which is from governing what AI recommends to governing what it does.
The framework focuses on bounding agent permissions, ensuring meaningful human accountability, and implementing controls across the entire lifecycle: before, during, and after execution.
He highlights that SAS’ approach mirrors this. What this means in practice is that an agent might propose a set of rules derived from a policy document, it would not be permitted to act on those rules directly in a live system.
Outputs are logged, traceable, and routed for human review, with enough contextual information surfaced to help reviewers decide efficiently.
“Governance is not just about checking the output at the end. It is about defining what the agent is allowed to do in the first place,” he says.
Additionally, Tan highlights that organisations that move too slowly risk playing catch-up, not just with others that have moved earlier but with bad actors using the tools.
For public agencies navigating the tension between governance and implementation, the message is not to wait until governance frameworks are perfect.
It is to start in bounded environments, as well as to design both human oversight and accountability as a requirement.
