State agencies are in a race. For the first time ever, artificial intelligence is the number one priority for state CIOs — NASCIO’s 2026 Top 10 put AI ahead of cybersecurity, ending a twelve-year reign at the top. Agencies are past the experimentation phase. AI is moving into frontline service delivery: chatbots answering questions about public programs, assistants helping staff interpret rules, agents beginning to handle multi-step tasks that used to require a person.

That’s the right ambition. But there’s a quiet assumption buried inside most government AI plans, and it’s the one that breaks deployments: the belief that the hard part is the technology.

It isn’t. The hard part is the data the technology reads.

The bottleneck isn’t the model

Across state and local government, policy and regulatory content lives in a sprawl of places — SharePoint sites, shared drives, email chains, homegrown systems, and the institutional memory of whoever has been there longest. Multiple versions of the same rule coexist. Superseded guidance sits alongside current guidance with nothing to distinguish them. Effective dates are implied, not stated.

An AI tool deployed on top of that doesn’t sort it out. It reads everything as equally true. It will confidently surface a rule that was rescinded two years ago, or blend two conflicting versions into a single authoritative-sounding answer. The model is working exactly as designed. The data set it up to fail.

What separates agencies that get AI right from agencies that don’t isn’t the model they pick. It’s whether their underlying policy corpus is clean, current, version-controlled, and auditable.

What happens when AI reads the wrong policy

This isn’t hypothetical. New York City’s MyCity chatbot, built to help small business owners, told users that employers could take workers’ tips and that landlords could turn away tenants using housing vouchers. Both were flatly illegal under existing law. The tool stayed online even after the errors were reported, because the underlying problem — what the system was drawing from — wasn’t something a patch could fix.

The liability question is just as clear. When a customer relied on wrong information an Air Canada chatbot gave about the airline’s own bereavement policy, a tribunal held the airline responsible. The chatbot’s answer was the company’s answer. The same logic applies, with higher stakes, to government: when an AI agent cites a superseded policy or a conflicting version, the agency owns the consequence — not the vendor, not the model.

For a government, those consequences compound: bad guidance to citizens, compliance gaps, FOIA exposure when the record can’t be reconstructed, and real legal liability. AI doesn’t create the reliability problem. It makes it impossible to ignore.

Why this lands on agencies now

There’s a second reason the data-readiness question is urgent in 2026, and it has to do with who is accountable.

The federal government has moved to preempt a wave of state AI laws, arguing against a patchwork of rules. But the federal AI governance framework that followed explicitly preserved one area for the states: government procurement and use of AI. In other words, the rules an agency follows when it deploys AI on its own systems remain the agency’s responsibility. The accountability for getting it right hasn’t been centralized away. It’s sitting on the desk of every CIO, general counsel, and chief of staff who signs off on an AI initiative.

That’s the backdrop to NASCIO’s number-one ranking. The AI priority isn’t framed around novelty — it’s framed around governance, data quality, ethical use, and risk. State technology leaders are increasingly evaluated on exposure and citizen outcomes, not system uptime. And every one of those outcomes traces back to something an agency already controls: how its policies are documented, maintained, and published.

What “AI-ready policy data” actually looks like

Readiness isn’t abstract. It comes down to four things AI can’t function safely without:

A single source of truth. One authoritative version of each policy, not competing copies scattered across systems. If two versions exist, AI will eventually surface the wrong one.

Currency and version control. Every policy carries a clear status and effective date. When a rule changes, the prior version is preserved, and you can answer “what changed, and when” without reconstructing it from memory.

An audit trail. You can trace who changed a policy, when, and why — and if an AI tool cites a rule, you can point to the exact source version it relied on. That’s what holds up under a FOIA request, an audit, or a court.

Structure and accessibility. Content stored in machine-readable formats, organized consistently, and meeting accessibility standards — so both AI tools and the citizens they serve can actually use it. (Accessibility notably also climbed onto NASCIO’s 2026 list as ADA Title II deadlines approach.)

Most agencies have some of this. Almost none have all of it. The gaps are precisely where AI will expose the agency.

Built for this problem from the start

This is the work Esper has done for nearly a decade. We’ve spent that time embedded inside government policy and rulemaking environments — digitizing policy corpora, mapping workflows, migrating legacy documents, and watching up close the specific ways regulatory data breaks down across state executive branch agencies.

That experience means the questions agencies are about to ask — How do we know what’s current? How do we prove what changed? How do we make this safe to put in front of the public? — are questions we’ve answered many times over, with agencies like Washington ESD, Iowa’s rulemaking agencies, Montana’s Secretary of State, and Washington DOH. The data-reliability problem AI is surfacing has been the underlying problem all along. AI just made it visible, and urgent.

Start with a clear-eyed look at your data

Before the next AI pilot, the most valuable thing an agency can do is look honestly at the foundation it’s building on. Is there one version of the truth? Can you prove what changed? Would your policy corpus hold up the first time an AI answer is challenged?

Work through our AI-Readiness Checklist to see where your policy data stands across the five dimensions that matter most. It’s the fastest way to find the gaps before AI does.

Because the agencies that win the race won’t be the ones with the best model. They’ll be the ones whose policy data was ready for it.