Eloryn in the federal government: governing AI that acts, not just advises

Of all the places AI is about to land, the federal public service is one of the most consequential. The decisions made there — a benefit approved, an application flagged, a tax reassessed, a file routed — are not low-stakes. They touch people who often have no alternative and little leverage. So it matters a great deal that the technology arrives with its guardrails already attached.

Canada was, to its credit, early here. Years before the current wave, the Treasury Board put out a Directive on Automated Decision-Making, with an Algorithmic Impact Assessment to go with it — a structured way to score how risky an automated decision is and scale the safeguards to match. The Privacy Act sits underneath, and the broader national strategy now being shaped picks up where the stalled AI and Data Act left off. The intent has been there for a while.

The rules were written for advice. The systems are starting to act.

Most of that earlier thinking assumed a particular shape: a model produces a recommendation, and a human makes the call. That is still the safest pattern, and for high-impact decisions it should stay. But the frontier has moved. The interesting systems now don't just draft a recommendation — they can take the action: open the case, send the notice, update the record. The moment that happens, “a human reviews the output” stops describing what's going on, and the question becomes who, or what, was allowed to do that — and how anyone would know after the fact.

That gap — between a directive written on paper and a system that can act at machine speed — isn't closed by a better policy. It's closed in implementation, in the thin layer between the model and the action.

What has to hold, regardless of the model

• Identity — every action is tied to a specific authority and mandate, traceable up the chain, never anonymous.
• Permission — the system can do only what its mandate explicitly allows, scoped narrowly, by construction rather than by instruction.
• Oversight — a public servant can see what's about to happen, understand it, and stop it, with the time and standing to actually do so.
• Record — an audit trail that can't be quietly rewritten, so a decision can be inspected later by an auditor, a court, or an access-to-information request.
• A hard stop — when a decision exceeds its lane, the system halts and escalates rather than improvising.

Where Eloryn fits

This is, more or less exactly, what Eloryn is built to do. It's a governance layer I build in my own time — the project I care most about — and it sits between a capable model and the action it wants to take, and enforces those five things in the architecture, not in a paragraph of polite instructions the model is free to reinterpret. Its live demo governs a curated set of example federal departments, each held to the rules that actually apply to it: the Privacy Act, PIPEDA, and the impact-tiering logic the Directive already expects.

None of that is exotic, or anti-innovation. It's the same discipline the public service already applies to spending, to security clearances, to records management — extended to a new kind of actor that happens to move faster than any of them.

The public service doesn't need the flashiest AI. It needs AI it can stand behind in front of a committee.

That's the test I keep for this sector. Not “is the model impressive?” but “when someone asks why this decision was made, and by what authority, is there a real answer?” Get that right and government can adopt AI without flinching — because the parts that matter are the parts that were built to hold.