Why Public Affairs Teams Need a Practical AI Risk Framework

By Paul Shotton, Advocacy Strategy

As AI use becomes routine in public affairs, the question is shifting from whether to use it to when it is safe to rely on it. Most teams have settled, often informally, on a rough rule of thumb based on the output: internal work is fine, client-facing or external work needs more care, a summary is low stakes, a recommendation is high stakes. It is a reasonable instinct, and the type of output does matter. But on its own it is not enough, and relying on it can give a false sense of safety.

The reason is that the same task can be low risk or high risk depending entirely on how it is set up. Summarising a single short, clean document is a very different proposition from summarising a stack of inconsistent PDFs or a tangled email chain, even though both are “just summaries”. The risk does not live only in the output. It lives in the whole setup — the task, the data, the context, the tool, the prompt, the review process, and what happens if the answer is wrong.

Output type matters, but it is only one factor

It is worth being precise about why output type is insufficient. Two pieces of work can share the same output category and carry completely different risk. An internal note summarising a clean, well-structured briefing is low risk. An internal note synthesising twelve overlapping documents of varying quality, some of them out of date, is not — even though both are internal, and both are summaries. The label tells you how the output will be used; it tells you almost nothing about how likely it is to be wrong.

Know what AI does well — and less well

A sensible risk framework rests on an honest view of where AI is strong and where it is weak. Current models are genuinely good at certain things: summarising, structuring messy material, comparing documents, drafting, and generating options to react to. These are real strengths, and public affairs work is full of opportunities to use them. But the same tools are weaker, and riskier, on the judgement-heavy parts of the work — reading the politics of a situation, assessing how a particular stakeholder will react, giving sensitive advice, making client recommendations, or interpreting reputational risk. These depend on context, relationships, and tacit knowledge that the model does not have. Matching the task to what AI actually does well is the first line of risk management.

A simple five-part risk framework

Rather than a single rule, it helps to assess a handful of dimensions together. The US National Institute of Standards and Technology, in its AI Risk Management Framework, makes a similar point at the level of institutions: risk has to be understood in context, across the whole system, not judged by the output alone. Translated into something a public affairs professional can use in the moment, that becomes five practical questions.

1. Task risk. What is AI being asked to do? Drafting and structuring sit at the lower-risk end; political judgement and recommendations at the higher.

2. Data risk. What information is being entered? Public, non-sensitive material is one thing; confidential, personal, or client data is another, and may be off-limits entirely.

3. Context risk. Is the source material complete, current, and usable? Clean, well-structured inputs are reliable; partial, outdated, or messy ones invite confident-sounding errors.

4. Output risk. How will the output be used, and what happens if it is wrong? A throwaway internal summary and a recommendation that informs a client decision sit at opposite ends.

5. Tool risk. Is the tool approved and suitable for this task and this data? The right model, properly configured, matters as much as the prompt.

Taken together, these questions do something the output-only rule cannot: they tell you not just whether to be careful, but why, and how much.

From assessment to decision

The point of the framework is to lead to a decision. Having weighed those five dimensions, a user should be able to place a piece of work into one of a few practical categories. Some outputs can be reused with light editing — low task risk, clean data, limited consequences. Others must be checked and reworked before they go anywhere. Some should be treated only as thinking support — useful for generating ideas or structure, but never quoted or relied upon directly. And a few should be escalated, because the combination of sensitivity, weak data, and high consequences puts them beyond what an individual should sign off alone. A framework that ends in one of these four decisions is far more useful than a policy that simply tells people to “verify outputs”.

Reducing risk through better practice

Much of the risk in AI use is not fixed; it can be designed down. Better prompts that specify the task and its limits produce more reliable results. Choosing the right model or tool for the job matters. Breaking a complex task into steps, rather than asking for everything at once, reduces error. It helps to ask the model to distinguish clearly between fact, assumption, and recommendation, and to ask it to say explicitly when information is missing rather than filling the gap. And the format of the source material matters more than people expect — converting a poorly structured PDF or a sprawling email chain into clean, well-organised text, such as Markdown, often does more for the quality of the output than any change to the prompt. Good practice does not eliminate risk, but it moves a task meaningfully down the scale.

Operational risk is not the only kind

There is a second kind of risk worth separating out. The framework above is about operational risk — the chance that an output is wrong and causes harm. But for organisations with responsible-use or ESG commitments, the environmental and resource cost of AI also matters. It is best treated not as a reason to avoid AI, but as a proportionality lens: is this particular use necessary and proportionate to the value it creates? Running a heavy model to draft a sentence you could have written yourself is hard to justify; using AI to do genuinely valuable analytical work is a different calculation. Keeping operational risk and ESG impact distinct stops either from being used as a lazy answer to the other.

What a good policy actually does

This is ultimately why a one-line instruction to “be careful” or “always verify” is not enough. It puts the entire burden on the individual without giving them anything to reason with. A good AI policy does the harder work: it helps people understand when caution is needed, why the risk is higher in one situation than another, and what to do about it — proceed, check, use only as support, or escalate. It turns a vague sense of unease into a set of decisions people can actually make.

Not just the output

Responsible AI use, then, is not mainly a question about the output. It is a question about the whole setup — the task, the data, the tool, the context, the prompt, the review process, and the consequences if the answer is wrong. A team that learns to read those signals will use AI more confidently, and more safely, than one working from a single rule about whether something is internal or external.

The most useful question is not “is this output internal or client-facing?” but “what would it cost us if this were wrong, and have we set it up so that it probably isn't?” A team that can answer that, task by task, has something more valuable than any tool: the judgement to know when to trust the answer.