The AI procurement receipt: what did your organisation really buy?
A plain-English briefing for checking the hidden terms behind AI tools before a pilot quietly becomes infrastructure.
AI tools become harder to govern when a small purchase or pilot quietly reroutes work, evidence, permissions, repair routes and infrastructure dependency.
Before an AI product becomes default, ask what job was bought, what data enters, what evidence travels, where people can challenge it and what cost or lock-in grows.
AI adoption often looks like a software purchase. In practice, it can be a new route for judgement, evidence, cost and responsibility.
That is the part ordinary users rarely see. A team buys a meeting assistant, a school trials a marking helper, a council adds a triage bot, a newsroom plugs in a research layer, or a manager approves an inbox copilot. The invoice says product name and seat count. The real receipt should say what work moved, what data flows through it, who can challenge the output, and what happens when the pilot becomes normal.
That calls for an AI procurement receipt: a small plain-English checklist for asking what the organisation actually bought, not just what the vendor sold.
Why this matters now
Four signals make procurement a public-literacy issue, not only an IT-team issue:
- AI is already an ordinary organisational purchase. Stanford HAI’s 2025 AI Index reports that 78% of organisations said they used AI in 2024, up from 55% in 2023. Once adoption is normal, the important question shifts from “will AI arrive?” to “which workflow did we just buy into?”
- The change is happening at task level. Anthropic’s Economic Index found AI touching at least a quarter of tasks in 36% of occupations. Procurement teams may approve a tool, but the practical change lands as a draft, score, route, summary, shortlist or escalation inside somebody’s day.
- Public-sector rules are catching up with deployment reality. NIST’s AI Risk Management Framework stresses mapping, measuring, managing and governing AI risks across the system lifecycle. The EU AI Act points high-risk use toward documentation, oversight and post-market monitoring. Plain version: the receipt has to survive after the demo.
- The infrastructure bill is no longer abstract. The IEA projects data-centre electricity demand could rise from about 460 TWh in 2022 to around 945 TWh by 2030. Buying an AI feature also rents compute, data pipes, model updates and platform control.
The boiling-frog risk is that a “small trial” becomes part of the operating system before anyone has written down what was transferred.
The everyday analogy
Think of buying a home appliance.
The shiny box is only the start. You also want the energy label, warranty, repair route, spare-parts situation, installation rules and what happens if it fails during a normal day. Nobody sensible buys a boiler because the showroom demo looked warm.
AI procurement needs the same habit. The demo shows the neat answer. The receipt should show the workflow, evidence, permissions, cost meter and repair route.
The five-line procurement receipt
Use this receipt before an AI product moves from pilot to default:
| Receipt line | Plain-English test | Reader question |
|---|---|---|
| Job bought | Which task is being rerouted? | Drafting, summarising, scoring, ranking, triage, search, code, translation, feedback or customer response? |
| Data doorway | What information can enter the system? | Personal data, documents, inboxes, calls, student work, case notes, code, browser activity or supplier records? |
| Evidence output | What proof travels with the answer? | Source links, confidence limits, model/version label, prompt trail, benchmark date, reviewer note or nothing visible? |
| Stop and repair route | How can people pause, challenge or correct it? | Human checkpoint, appeal lane, rollback, audit log, deleted record, amended summary or named owner? |
| Cost and dependency meter | What grows if the tool becomes normal? | Seats, API calls, cloud spend, data-centre demand, vendor lock-in, training burden or governance workload? |
This does not mean every organisation needs a 90-page AI policy before trying anything. It means a five-line receipt should exist before a shortcut becomes the expected route.
Where it lands tomorrow
- In workplaces: ask whether an AI meeting note becomes the official record, and who corrects it after the call.
- In schools: ask whether a marking or feedback tool records the rubric, source work and teacher checkpoint.
- In support queues: ask whether triage tags and suggested replies show the evidence used and the escalation route.
- In hiring: ask whether a shortlist tool records which criteria, data and human review shaped the candidate path.
- In public services: ask whether citizens can see, challenge and repair an AI-assisted summary before it affects the case file.
The useful habit is simple: do not read the AI invoice like a software bill. Read it like a responsibility transfer.
Boiling Frogs lens: whenever an organisation buys, pilots or renews an AI tool, ask for the procurement receipt: job bought, data doorway, evidence output, stop-and-repair route, and cost/dependency meter.
Sources: Stanford HAI 2025 AI Index, Anthropic Economic Index, NIST AI Risk Management Framework, EU AI Act regulatory framework, IEA Energy and AI.