Skip to content

UK Defence AI Playbook

Status: In flight (Plan 99). WI-0 through WI-4 mostly shipped; WI-5 marketing landing pending Plan 98 Phase 2.

Scope

The UK Ministry of Defence published the Defence AI Playbook in February 2024 as a practitioner-facing companion to the Defence AI Strategy (June 2022). The Playbook is not a statute — it is the operating guidance MoD expects suppliers, integrators, and internal teams to follow when building or procuring AI for defence applications.

Secruna's pack maps Playbook principles onto a rule book that AI inventory items can be evaluated against, with the same matcher schema used by the EU AI Act and RICS packs.

What's in the pack

Six rules in rule_book/v1/uk-defence-ai-playbook/ covering the operational areas the Playbook calls out:

  1. Decision support — AI-assisted human decision making in command and control contexts.
  2. Intelligence processing — AI applied to intelligence collection, processing, and dissemination.
  3. Logistics — predictive — predictive maintenance and supply chain forecasting.
  4. Personnel systems — HR, recruitment, training, and welfare systems that use AI on personnel data.
  5. Cyber defence — AI applied to defensive cyber operations.
  6. Supplier chain propagation — flag where a supplier's AI system enters the chain and propagate the relevant Playbook obligations to that supplier's contract.

Categories

Each rule resolves to one of five categories, ordered by required intervention strength:

  1. requires_tevv — the AI system needs documented Test, Evaluation, Verification, and Validation evidence before deployment.
  2. requires_human_oversight — the AI system can deploy but only with documented human-in-the-loop checks.
  3. requires_safe_responsible_review — the system needs a "Safe and Responsible AI" review per the Playbook's S&R framework.
  4. requires_audit_trail — lower-risk AI uses where the obligation is logging and auditability rather than prior review.
  5. out_of_scope — AI uses the Playbook explicitly excludes (e.g. autonomous weapon systems are governed elsewhere).

The taxonomy enum lives in the category column on rule entries and is enforced at load time; see Plan 96 WI-3 for the equivalent EU + RICS enum work.

Reference

UK Ministry of Defence, Defence AI Playbook (February 2024).

Plan references

  • Plan 99 WI-0 — UK Defence AI Playbook foundation: loader registration, migration 0031. Shipped.
  • Plan 99 WI-1 — Six rule YAMLs. Shipped (PR #110).
  • Plan 99 WI-2 through WI-4 — Per-rule customer-facing copy, matcher refinements, eval fixtures. Mostly shipped.
  • Plan 99 WI-5 — Marketing landing page at /use-cases/uk-defence-ai-playbook. Pending Plan 98 Phase 2 (the homepage rewrite that creates the landing-page template the framework pages share).

What's next

The pack is operational against test fixtures; the customer-facing disclosure surface (analogous to the RICS AI Use Disclosure Statement) is being designed alongside the RLB customer pilot (Plan 102).

Analysis

Scope

The UK Ministry of Defence Defence AI Playbook (February 2024) is operational guidance, not statute. It applies to MoD itself, the service branches (Army, Royal Navy, Royal Air Force, Strategic Command), and the defence supply chain — primary contractors, sub-contractors, and integrators delivering AI-containing systems into defence. Geographic scope is UK MoD operational reach, but because the supply chain is global the obligations propagate to non-UK suppliers who land kit in UK defence contracts. In scope: decision support, intelligence processing, predictive logistics, personnel and HR AI, defensive cyber AI, and AI inside delivered systems whose outputs influence MoD operational decisions. Out of scope (governed elsewhere): autonomous weapon systems (Lethal Autonomous Weapon Systems policy, separate doctrine); AI inside allied-supplied kit governed by allied frameworks; offensive cyber AI (separate restricted programmes). The Playbook complements Defence Standard 05-138 (cyber security overlay) and the UK Defence AI Strategy (June 2022, strategic context).

Key obligations

  1. TEVV — Test, Evaluation, Verification, and Validation evidence must exist before deployment for AI in safety-significant or operationally-significant roles.
  2. Human oversight — documented human-in-the-loop or human-on-the-loop arrangements proportional to the system's risk and operational context.
  3. Safe and Responsible AI review — a structured review under the Playbook's S&R framework for systems crossing defined risk thresholds.
  4. Audit trail — for lower-risk AI uses, logging and auditability are the primary obligation; the system must produce evidence of its decisions on request.
  5. Supplier chain propagation — primary contractors must propagate Playbook obligations down the supply chain; an AI-containing component arriving from a supplier carries the relevant obligations to that supplier's contract.
  6. Personnel data protection — AI systems applied to personnel data (recruitment, training, welfare) carry additional data-protection and equality obligations on top of the Playbook.
  7. Out-of-scope flagging — autonomous weapon systems and excluded categories must be explicitly flagged as out_of_scope so the Playbook process is not misapplied.

Our coverage approach

The six rules in rule_book/v1/uk-defence-ai-playbook/ map to the operational areas the Playbook calls out. Each rule resolves to one of five Plan 96 WI-3 categories ordered by intervention strength: requires_tevv, requires_human_oversight, requires_safe_responsible_review, requires_audit_trail, and out_of_scope. The TEVV obligation maps onto a verdict that prompts the operator to attach TEVV evidence (test plan, results, acceptance criteria) before the verdict can clear. Human oversight maps to the dashboard HITL queue with reviewer assignment. The S&R review obligation routes the verdict to a named reviewer with a documented sign-off step (the same magic-link 4-eyes primitive the platform uses for impersonation, Plan 71). Audit trail obligations are satisfied by the platform-wide audit log entries on every state change. Supplier chain propagation is encoded in the sixth rule which fires when an inventory item declares a supplier-origin artifact; the verdict copy points the customer at contractual clauses that propagate the Playbook downstream.

Gaps

Customer-facing disclosure surface — the analogue to the RICS AI Use Disclosure Statement, sized for defence contexts, is in design alongside the RLB pilot (Plan 102) and not yet shipped. The Defence AI Statement export exists in skeleton form but the content layout has not been counsel-reviewed. Marketing landing page at /use-cases/uk-defence-ai-playbook (Plan 99 WI-5) is pending Plan 98 Phase 2 (the homepage rewrite that creates the landing-page template all framework pages share). Integration with 05-138 — Plan 100 will land cyber-security overlay rules that share inventory entries with the Playbook pack; the cross-framework verdict view is scheduled but not yet live. TEVV evidence templates — the Playbook does not prescribe a specific TEVV format; we surface the obligation but do not yet ship a template, which is on the Plan 80 evidence-pack-templates backlog. Counsel review of the Defence AI Statement template is pending the UK defence-law specialist counsel hire (see Hiring).

Customer impact

The Defence AI Playbook is operating guidance, so the enforcement mechanism is contractual rather than regulatory. A defence supplier who fails to demonstrate Playbook compliance faces three concrete consequences. Procurement gates: MoD contracting authorities increasingly write Playbook compliance into invitations to tender; inability to evidence compliance fails the bid at the responsible-AI gate before the technical evaluation begins. Contract clauses: existing contracts with suppliers delivering AI-containing systems typically reference the Playbook by name; failure can trigger contractual remedies up to and including termination. Reputational and political exposure: defence procurement is parliamentarily scrutinised, and an AI-related incident on a Playbook-non-compliant system carries political consequences for the department and reputational consequences for the supplier well beyond the contract itself. The supplier-chain propagation obligation amplifies the exposure: a tier-2 supplier's failure becomes the prime contractor's problem.