The UK Government Digital Service (GDS) published official guidance on 13 March 2026 establishing a 10-principle framework for the responsible adoption of AI coding assistants (AICAs) across His Majesty's Government. The document, titled "AI Insights: AI Coding Assistants for Developers in HMG," applies the UK Government's existing AI Playbook principles to the specific context of developer tooling, explicitly referencing products including GitHub Copilot, OpenAI Codex, StarCoder2, and foundation models such as Meta's Llama and OpenAI's GPT-4. GDS notes that AICAs predate the current generative AI wave — GitHub Copilot launched in July 2021 — and that the market has since diversified to include offerings from all major hyperscalers as well as open-source alternatives developed by communities like BigCode, to which NVIDIA has contributed the StarCoder2 model.
The guidance sets out several concrete operational requirements. Civil servants and government developers are directed to use only enterprise-level AICA contracts, a condition that carries significant IP implications: enterprise tiers typically include indemnity clauses protecting users from legal challenges arising from inadvertent use of proprietary training data, and either warrant that suggestions are licence-free or surface provenance metadata for developer review. The guidance also identifies "licence poisoning" as a specific risk — the mechanism by which copyleft licences such as GPL v3, if embedded in AI-suggested code, can legally require the entire surrounding codebase to adopt the same terms, a governance concern that <a href="/news/2026-03-14-redox-os-adopts-no-llm-contribution-policy-amid-growing-oss-ai-governance-debate">open source communities are directly confronting</a>. Additional mandates include <a href="/news/2026-03-14-cloak-encrypted-secret-sharing-ai-agents">strict separation of secrets and credentials from development environments</a>, peer review of all AI-assisted commits, and deployment of vulnerability scanning tools alongside any AICA.
The document is unambiguous on accountability: GDS positions the developer as solely responsible for any code produced with AI assistance, drawing an analogy to existing tools like IntelliSense and Stack Overflow. GDS also frames inaction as its own risk category, warning that prohibiting or delaying AICA adoption threatens developer productivity, reduces staff satisfaction, and creates shadow IT exposure as developers turn to unsanctioned tools regardless. That pragmatic stance is backed by the 2023 Stack Overflow Developer Survey finding that 80% of respondents were already using AICAs in private projects.
The guidance stops short of addressing who holds copyright in AI-generated government code under the UK Copyright, Designs and Patents Act 1988 — a statute that could theoretically vest Crown copyright in such output. That gap between existing law and the practical governance framework GDS otherwise provides is the document's most consequential omission, and one left for departments to resolve on their own. GDS states the guidance is intended for use by both public and private sector organisations.