Guidance

Digital Assurance Playbook

Published 1 April 2026

© Crown copyright 2026

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/digital-assurance-playbook/digital-assurance-playbook

1. Functional controls are changing

Functional controls are changing from 1 April 2026, in line with the Controls Report published by the Office for Value for Money alongside the 2025 budget announcement.

This playbook helps delivery professionals, digital assurers and other stakeholders across government understand how to get the most out of digital assurance. 

This playbook is designed to be used alongside other supporting technical and delivery guidance in government. 

For reference, the Controls report (Section 2. A reformed framework) outlines 5 key principles that underpin the RESET functional controls.

  • Decisions should be delegated to those closest to delivery;

  • the centre of government should be responsible for oversight of the biggest strategic risks and cross-cutting priorities;

  • functional expertise should be embedded in departments and their arm’s length bodies (ALBs) as needed;

  • approval of decisions should typically be done once and done well, by those accountable for those decisions;

  • trust, openness and collaboration should be the foundation of cross-government relationships.

2. Controls, approvals and assurance will interact differently

From 1 April 2026 controls, approvals and assurance will interact differently.

Controls

Controls (short for spend controls) were a framework in which organisations had to seek line-by-line central approval for spend commitments above spend control thresholds. After 1 April 2026, digital and technology spend controls are removed. In their place, HM Treasury mandates that all organisations maintain and share a pipeline of upcoming spend and are conducting appropriate functional assurance.

Approvals

The term Approvals refers to either the approval of business cases (such as a decision to progress from one phase of delivery to the next) or to lower-level approvals (such as a team’s permission to buy four licenses of a digital whiteboard product). After the changes, the Government Digital Service (GDS) will no longer be directly involved in either form of approval, except for initiatives spending above an organisation’s Delegated Authority Limit (DAL), or those determined as Novel, Contentious or Repercussive (NCR). Departments and organisations will more fully own and manage their own approvals processes.

Assurance

Assurance uses a set of criteria to make a snapshot assessment of risk and confidence.  Previously, the spend control outcome was dependent on a positive assurance outcome. After the changes, organisations will still make internal approvals dependent on assurance outcomes, but this will not be mandated from GDS. Organisation assurers will carry out the majority of assurance and GDS will support organisations with assuring risky and complex initiatives.

  Up to 31 March 2026 From 1 April 2026
Digital and Technology Spend Controls All spend that exceeds the spend control thresholds is subject to spend controls and central approval. Digital and technology spend controls are removed. In their place, HM Treasury mandates that all organisations maintain and share a pipeline of upcoming spend.
Central approvals Central approvals are dependent on assurance outcomes.  Central approval will no longer be needed except for spend that exceeds the DAL, or that HMT determines as being NCR.
Organisational approvals Organisational approval is dependent on central approval. For all other spend, organisations own and manage their own approvals journey.
Assurance Organisation assurers and GDS carry out assurance on all spend that exceeds the thresholds. Organisation assurers carry out assurance. GDS supports organisation assurance for complex and risky initiatives.

3. High level summary of the new assurance and approvals journey

  • Delivery professionals add their planned initiative to the pipeline at the earliest sensible time, as mandated by HM Treasury. Organisations have their own processes or checkpoints to define when this happens. 

  • Depending on the level of risk and spend, the initiative receives continuous support and challenge from the central digital assurance function in GDS and / or the organisation’s own digital assurers.

  • Initiatives that exceed the organisation’s DAL need separate approval from HM Treasury, either at desk level or from a Treasury Approval Process (TAP) panel. Both will include support and input from the relevant functions. 

  • Once live or steady state, the initiative’s performance will be monitored in the future, linking to the Digital Performance Framework.

4. How digital assurance makes digital delivery more likely to succeed

Digital assurance is conducted within organisations and at the digital centre of government.

Assurance provides an independent opportunity to check that government digital delivery is aligned to core government standards and that initiatives are set up for success and are on track to deliver their expected outcomes. 

Timely, early identification of initiatives and engagement with organisation assurance teams gives the greatest chance for assurance to have a positive impact on delivery outcomes.

4.1 Central assurance, operated by GDS, focuses on:

  • Shaping early strategic decisions in programmes and projects to set them up for success;

  • supporting organisational assurers with the most complex and risky initiatives;

  • tracking and benchmarking department-level performance metrics to support departmental leaders to make better strategic decisions.

4.2 Organisation assurance, managed within departments, focuses on:

  • Making sure that initiatives follow digital standards to make services better and cheaper to run;

  • stopping duplicative delivery within organisations;

  • making sure that initiatives are aligned to organisation strategies;

  • making sure that initiatives are on track to deliver their intended outcomes.

Organisations should have a defined and established approach to assurance of digital, data and technology spend and activity, which should be applied proportionately to the risk and value of the activity, and integrated with the organisation’s overall assurance framework. Assurance should align to cross-government strategy and standards, including centrally provided requirements mandating specific assurance activities.

Typically, assurance should be on at least three separate and defined levels, including:

  • by, or on behalf of, the operational management team that owns and manages risk

  • by, or on behalf of, senior management, independent of operational management, using specialist expertise to oversee management of the risk, and to ensure the first line of defence is properly designed and operating as intended

  • by independent bodies to provide senior management with an objective view on the effectiveness of governance, risk management and internal controls, including the effectiveness of the previous lines of defence

5. How digital assurance works from the perspective of delivery professionals

5.1 High level summary

  • Assurance must be undertaken before any procurement or discovery phase activities are undertaken.

  • Delivery professionals add their planned initiative to the pipeline at the earliest sensible time, as mandated by HM Treasury. Organisations have their own processes or checkpoints to define when this happens. 

  • Depending on the level of risk and spend, the initiative receives continuous support and challenge from the central digital assurance function in GDS and / or the organisation’s own digital assurers.

  • Initiatives that exceed the organisation’s DAL need separate approval from HM Treasury, either at desk level or from a TAP panel. Both will include support and input from the relevant functions. 

  • Once live or steady state, the initiative’s performance will be monitored in the future, linking to the Digital Performance Framework.

5.2 Add your initiative to the pipeline

All initiatives with a digital and data component must be recorded on the pipeline at the earliest sensible time. Organisations have their own processes and checkpoints to define when this happens, which you can find by searching ‘Digital and Technology Assurance’ on your organisation’s intranet or by reaching out directly to your organisation’s digital assurance function.

The pipeline is managed through an online service called Government Assurance Services, which replaces the previous service known as Get Approval To Spend (GATS).

Access Government Assurance Services

5.3 Receive support and challenge from assurers

Delivery professionals are responsible for their decisions and the success of their initiatives, and digital functional assurance helps them succeed. 

After you have shared details about your initiative on the pipeline, functional assurers in your organisation and / or GDS may reach out to you to explore challenges and risks to delivery and suggest ways to resolve them. 

The level of scrutiny and support depends on the risks inherent in the initiative.

Assurers will base their scrutiny and questions on codified best practice. You can set up your initiative for long-term success and legal compliance by familiarising yourself with government digital and technology standards.

5.4 For high value or NCR spend, the service will guide you toward a separate approval from HM Treasury

Initiatives that need more funds than your organisation’s DAL, or that HM Treasury identifies as NCR need separate approval from HM Treasury, either at desk level or from a TAP panel. If your initiative meets these criteria, GDS assurers will reach out to you to provide the support you need to navigate the HM Treasury approval step.

5.5 Once live or steady state, the initiative’s performance will be monitored

Once the initiative moves into live service, we will record performance metrics, linking to the Digital Performance Framework.

This functionality will not be available in the pipeline service immediately, but will be integrated in the future.

6. How to add or edit an idea, project or contract on the pipeline

This advice applies to delivery professionals and assurance colleagues wanting to add something to the pipeline. 

Adding initiatives to the pipeline is mandated by HM Treasury. Initiatives that are in the pipeline are visible to organisational and central assurers, enabling you to access support and letting your organisation’s leadership make more informed decisions. Adding to the pipeline aligns with the overarching government strategy toward greater transparency and accountability 

6.1 What to add to the pipeline

The pipeline is a list of your organisation’s current and future initiatives that are already incurring or may incur spend.

You should add:

  • Programmes
  • Projects
  • Contracts 
  • Ideas that may one day develop into fully fledged programmes, projects or contracts.

Spend or potential spend that exceeds the following thresholds must be added to the pipeline. Note that your organisation may have established different thresholds for adding things to the pipeline, appropriate to them.

Your spend is related to You should add to the central pipeline if spend amount exceeds:
Cryptographic products £0
All other digital and technology delivery £5,000,000

Ideas or early stage initiatives should be included on the pipeline once you know about them. They may not yet have any spend value attached to them.

Individual Statements of Work (SoW) do not need to be added to the pipeline, provided the overarching owning programme, project or contract has been added.

The £5 million (whole life cost) threshold is for adding initiatives to the pipeline. Robust assurance should be undertaken within your organisation against a defined and established approach. This approach must be applied proportionately to the risk and value of the activity, and integrated with the organisation’s overall assurance framework. 

6.2 How to add initiatives to the pipeline

Organisations may have their own guidance for when initiatives should be added to the pipeline. You can find these by searching your intranet for ‘Digital and Technology Assurance’.

The pipeline is managed through an online service called Government Assurance Services, which replaces the previous service known as Get Approval To Spend (GATS).

Access Government Assurance Services

Once you have an account, the service will provide you with the information you need to add initiatives to the pipeline. Anyone with a government email address can create an account.

If you have any questions, reach out to your organisation’s internal digital assurance team. You should be able to find their contact details on your organisation’s intranet by searching ‘Digital and Technology Assurance’.

7. How digital assurance works from the perspective of organisation assurers

7.1 Creating or updating an organisation’s assurance process to align with RESET principles

Digital and technology assurance is changing from 1 April 2026. 

By or near to this time, internal assurance processes should strive to align with the new principles: 

  • Decisions should be delegated to those closest to delivery;

  • the centre of government should be responsible for oversight of the biggest strategic risks and cross-cutting priorities;

  • functional expertise should be embedded in departments and their ALBs as needed;

  • approval of decisions should typically be done once and done well, by those accountable for those decisions;

  • trust, openness and collaboration should be the foundation of cross-government relationships.

It is the responsibility of departments and organisations to redesign their own processes and ways of working in line with the above-listed principles of the RESET functional controls. Exact processes for assurance and approval will not be mandated from the centre and should be adapted to the context and maturity of the organisation.

7.2 High level expectations

Within the first three months of implementation from April, we expect every department and organisation to:

  • Explore how and when to request that delivery teams add initiatives to the pipeline; 

  • consider if process steps can be removed and how approval processes should operate to grant delivery teams more accountability;

  • consider how to reshape internal assurance activity based on the new principles;

  • create or update an intranet page which accurately describes the internal digital assurance and approval journey, which is findable using the phrase ‘Digital and Technology Assurance’;

  • be ready to add initiatives related to the roadmap for a modern digital government which sets out the plan to build a modern digital government and likely commitment areas for Spending Review 2027.

7.3 Detailed expectations for organisations

They have explored how and when to request that delivery teams add initiatives to the pipeline 

We would recommend that the digital assurance team explore this question first. As functional spend controls are removed, delivery teams may perceive that this also removes the need to seek out organisational digital and technology assurance. By having a clear process for when initiatives are meant to be added to the pipeline, you increase the odds of compliance and your ability to assure the activities.

With the removal of the functional spend controls, the need for robust digital and technology assurance is even more critical, to help make sure that successful outcomes are achieved. 

Consider if process steps can be removed and whether they can be integrated into other existing processes, to reduce burdens on delivery teams

7.4 Responsibility division

From 1 April 2026 the division of responsibilities between delivery teams, organisational assurance teams and GDS changes.

Responsibility of the delivery team

  • Uploading basic information onto the pipeline

  • Making informed decisions based on government digital standards

  • Navigating internal approval processes

Responsibility of department or organisation digital assurance

  • Designing new internal assurance and approvals processes that align with RESET functional principles

  • Supporting and challenging delivery teams to make informed decisions, focusing in particular on helping teams

  • Make sure that initiatives follow digital standards to make services better and cheaper to run

  • Stop duplicative delivery

  • Make sure that initiatives are aligned to organisation strategies

  • Make sure that initiatives are on track to deliver their predicted outcomes

  • Supporting teams through the organisation approval process

  • Invite GDS to provide further support or challenge where needed

Responsibility of GDS

  • Supporting and challenging high-risk, novel and complex initiatives across government

  • Maintaining and updating standards

  • Tracking and benchmarking department-level performance metrics to support departmental leaders to make better strategic decisions

  • Supporting and challenging the programmes and projects that exceed the DAL through joint functional reviews

GDS will support organisational assurers with high risk, novel and complex initiatives.

  • For initiatives above organisation DALs: GDS will support the initiative through the HM Treasury approval process, whether via a desk level review or via the TAP panel.

  • For initiatives below organisation DALs: we will work with organisation assurers to identify those that need GDS support.

  • If organisation assurers need to, they can flag initiatives with GDS directly to get assurance support. 

When considering a future assurance and approvals process, remember the overarching RESET principles. In general, delivery teams should have more accountability. In some organisations, there is sufficient maturity that teams can be trusted to make decisions independently, while in others more support, challenge or firm approval points are still needed. Consider when and where process steps are not value-adding and remove them or integrate them into other processes to reduce overall burdens.

We do not expect your new processes to be fixed and final by 1 April 2026, but you should consider the level of support, challenge or approvals needed and take steps to begin to embed them.

Good practice example:

The assurance team in Ministry of Justice Digital have begun to change their process based on RESET principles. To do so, they’ve mapped key issues in the current approach and explored what becomes possible now that there are less specific spend control requirements. They’ve landed on a process with an early gateway that needs teams to provide an overarching brief, a more in-depth second gateway and a third gateway that operates continuously.

7.5 Consider how to reshape internal assurance activity based on the new principles

GDS will be assuring fewer activities post 1 April 2026 and functional spend controls will be removed for most spend. This shifts some risks and responsibilities closer to delivery teams and their organisations. How departments and organisations conduct assurance will therefore likely need to change, with more decisions delegated to delivery teams and assurance teams taking on more of an advisory, challenging and supporting role. 

We do not expect your new processes to be fixed and final by 1 April 2026, but you should consider how you will assure and support activities going forward, and take steps to begin to try them. 

7.6 Create or update an intranet page which accurately describes the internal digital assurance and approval journey, which is findable using the phrase ‘Digital and Technology Assurance’.

We expect departments and organisations to have more divergent assurance and approvals processes and activities after 1 April 2026, depending on the level of maturity and risk appetite. As such, organisation assurance teams own intranet presence becomes relatively more important. The playbook will explicitly ask the department assurance team to look for content using the search phrase ‘Digital and Technology Assurance’.

We expect you to have set up and / or updated an intranet page soon after 1 April 2026 and to add content to it as and when you finalise your processes and support offer.

We understand that not all arm’s length bodies (ALBs) are able to access supporting department intranet content. 

As a starting point to assess whether the pipeline process is working in your organisation, we will in particular be looking at whether the pipeline reflects initiatives related to the roadmap for digital government. The pipeline will further prove its value if it starts giving an early forward look of commitment areas for Spending Review 2027. Consider how your team might play a role in encouraging relevant delivery teams and owners to add these initiatives onto the pipeline.

7.8 How to set up a pipeline process

This advice applies to digital assurance professionals setting up an organisation’s process for adding initiatives to the pipeline.

On 1 April 2026, functional spend controls were removed, giving departments and organisations more autonomy and accountability to deliver. 

In place of controls, organisations are instead expected to comply more strongly with the requirement to maintain a robust process for capturing future initiatives. The pipeline helps the centre, and organisational assurers, to:

  • Identify initiatives where early support might be needed, providing expert advice to make sure all options are considered and the initiative is set up for success;

  • plan resourcing and capability requirements;

  • improve digital delivery planning and transparency for your leadership team;

  • plan earlier for extensions, renewals and new delivery requirements. 

We will deliver a pipeline service to manage this journey. 

Responsibility division

The Assurance team is responsible for defining a process that works in your context and communicating it with organisational stakeholders. 

The Chief Digital and Information Officer is ultimately accountable to HM Treasury that the organisation, as a whole, complies with the requirement to maintain a pipeline that is viewable by assurers in GDS and HM Treasury.

7.9 The pipeline captures above-threshold initiatives and ideas

The pipeline is a list of your current and future initiatives that may incur spend. This includes:

  • Programmes
  • Projects
  • Contracts 
  • Ideas that may one day develop into fully fledged programmes, projects or contracts.

Initiatives with spend or potential spend that exceeds the following thresholds should be added to the pipeline:

Your spend is related to You should add to the central pipeline if spend amount exceeds:
Cryptographic products £0
All other digital and technology delivery £5,000,000 (whole life cost)

Ideas or early stage initiatives should be included on the pipeline once you know about them. They may not yet have any spend value attached to them.

Individual Statements of Work (SoW) do not need to be added to the pipeline, provided the overarching owning programme, project or contract has been added.

The £5 million (whole life cost) threshold is for adding initiatives to the pipeline. Robust assurance should be undertaken within your organisation against a defined and established approach. This approach must be applied proportionately to the risk and value of the activity, and integrated with the organisation’s overall assurance framework. 

7.10 Setting up a pipeline process

Organisation assurers will need to define how and when initiatives are added onto the pipeline.

Each department and organisation has different internal approval processes. The right model to establish and maintain a pipeline varies depending on how the organisation manages and tracks initiatives.

Consider the following principles as you develop your process:

  • Initiatives should be added at the earliest sensible opportunity;

  • adding to the pipeline should as far as possible be a part of existing internal governance and approvals processes, rather than a separate process;

  • the assurance team defines which roles or individuals carry out the task of adding initiatives to the pipeline - this could be delivery professionals, assurance professionals or individuals involved in the organisation’s internal approvals processes.

Good practice example: 

The digital assurance team in HMRC have mapped the approval process for digital projects and programmes and identified that the Design Committee might be a sensible place to capture initiatives. The Design Committee discusses projects and programmes that may not even have a Strategic Outline Case, and happens before the Investment Committee. They are now engaging with the owner for the Design committee to work out how best to capture the ideas discussed in the Design Committee and who is best placed to do so.

7.11 Using APIs and templates to upload your pipeline

We are exploring whether there is a need from departments and organisations to create an integrated pipeline from departments into the central service. If a business need exists, we will publish the standard for the API and templates when these have been further defined.

8. What kinds of things should we be testing for against digital assurance?

Digital assurance helps organisations to make sure of successful delivery outcomes. The act of undertaking digital assurance can be complicated and is very much dependent upon the initiative being delivered.

This section of the Playbook highlights some of the digital delivery areas that should be tested during digital assurance for most kinds of delivery.

The list is not exhaustive. As digital assurance professionals and their partners in delivery teams, you understand the context of your organisations, and are well placed to understand how best to progress assurance and the areas to focus on.

The following list goes deeper into selected critical areas and covers some not yet covered in the digital functional standard. The intention is to refresh the digital functional standards and this list iteratively after 1 April 2026.

8.1 Meeting outcomes

An outcome is the desired result or change that an initiative aims to achieve. There could be multiple outcomes for a single initiative. Outcomes effectively answer ‘why’ is the initiative being delivered.

You should check that initiative outcomes are understood, clearly defined and realistic. The pipeline service will also ask that initiative outcomes are recorded. This helps to identify whether there may be overlap or collaboration opportunities with other initiatives pursuing similar outcomes.

The timeline and scope of impact for those outcomes will help quantify the criticality and the level of support you may need.

8.2 Alignment with strategic objectives

You should check that initiatives are aligned to your organisation’s objectives and the government’s digital strategy

Initiatives should show clear links to both organisation and wider government strategies.

8.3 Avoiding duplication

You should check as far as possible that duplicative delivery has been avoided for initiatives. As the digital pipeline service develops, this will help you to identify potentially duplicative delivery within your organisation.

You should also test if there are opportunities for learning from previous, similar initiatives and reduce duplication of effort in your organisation and across government.

By sharing your initiative on the digital pipeline, GDS will be better able to help you identify other initiatives that you can benefit from across government.   

8.4 Alignment with standards

You should - and in some cases must - follow digital delivery standards to comply with the law, reduce risks and increase the likelihood of successful digital delivery. 

If the initiative is not following any specific, relevant cross-government standard, then you should test the justification behind this decision. If required, you should flag these instances with GDS colleagues.

8.5 Service Manual

If a new service is being developed you should be checking that it is aligned to the principles contained within the government’s Service Manual.

This includes checking that delivery remains on the right track through the Service Assessment process

Note that the Service Manual delivery principles are relevant to both external / public facing and internal / business facing services.

8.6 Cyber security

You should check that initiatives are following your organisation’s Secure by Design approach. 

Initiatives should be engaging early with your organisation’s security professionals and factoring in appropriate cyber security considerations as early as practicable.

8.7 Legacy debt

Organisation legacy debt continues to be a core challenge for government digital, as highlighted in the State of digital government review.  

You should check that digital and technology initiatives are seeking to tackle existing legacy debt and / or will not themselves introduce future legacy challenges. An example of this might be to use evergreen / always updated software products. 

You should avoid new technology that will depend on existing legacy systems or projects that will take resources away from needed legacy remediation work.

8.8 Cloud First approaches

You should check that wherever possible, Cloud First delivery principles are being followed.

Cloud delivery is a central tenet of modern digital delivery and should be the default delivery method for most use cases.

8.9 Using data effectively

You should check that the required data regulations have been followed for initiatives. 

The principles for securing data are particularly important for initiatives using personal data or those which handle bulk data.

8.10 Initiatives using artificial intelligence

For initiatives using artificial intelligence (AI) technologies, you should check that the principles within the Artificial Intelligence Playbook for the UK government are being followed. 

These include lawful and ethical use of AI, using AI securely and understanding the technology and its limitations.

8.11 Meeting the Algorithmic Transparency Reporting Standard

For initiatives using algorithmic tools, including AI related, you should check that Algorithmic Transparency Reporting Standards (ATRS) are being followed. 

Reporting against the ATRS helps to make sure that government use of algorithmic tools is transparent and accountable. 

8.12 Digital and technology resources

Some initiatives will include support elements, including external resources / contractors. For these initiatives you should check the validity of the need and that the proposed resources are appropriate to meet that need. You should also check that new external resource onboarding does not negatively impact the organisation’s intent to meet government workforce targets of 1 in 10 civil servants in digital and data related roles.

8.13 Accessibility

Legally, public sector websites and apps must meet accessibility standards. Suppliers to government have a legal duty to make their technology and services accessible to all, especially people with disabilities. You should check that the accessibility regulations and standards are being met for the initiative being assured.

9. RESET implementation from 1 April 2026

9.1 What will happen from 1 April?

1 April 2026 is the implementation date for RESET principles. These include the resetting of functional spend controls and the raising of organisation Delegated Authority Limits (DALs). For the digital function:

  • Digital Assurance Playbook published: this replaces the existing digital and technology spend controls version 6 guidance.

  • Digital pipeline service live: the pipeline service is live, so new digital and technology initiatives can be recorded.

  • Note that there is a new reporting threshold for initiatives to be added to the pipeline; it’s £5 million whole life spend.

  • You can access the pipeline service from the same URL as previously used for the Get Approval To Spend (GATS) service

9.2 What about ‘in flight’ initiatives?

We appreciate that delivery doesn’t stop to allow for RESET implementation.

  • For all initiatives needing approval after 1 April: these are to be managed under RESET principles. Initiatives below the new organisation DALs can be covered by organisation assurance, initiatives above DALs will be picked up by the appropriate HMT approval, whether at desk level or via the TAP.

  • What if I submit something on ‘current GATS’ up to 31 March? For any initiatives that are added (and those already in the service with outstanding conditions), you will still be able to access them after 1 April 2026.

10. High-level future journey in product

From 1 April 2026, and beyond, organisation assurers and delivery teams are expected to record initiatives on the pipeline service.

Access the Government Assurance Services

At the highest level, the journey will look like:

  • Delivery professionals add their planned initiative on the pipeline at the earliest sensible time, as mandated by HM Treasury. Organisations have their own processes or checkpoints to define when this happens. 

  • As organisational assurers, you will help define this process based on what makes sense in your organisation. 

  • Anyone in government will still be able to create an account to record new initiatives.

  • Organisational assurers are notified whenever new initiatives are created in the organisation, to help early support.

  • There is no long list of questions, only high-level information is recorded on the pipeline. 

  • If the total spend is listed as above DAL, this raises a flag centrally which causes central assurance to get more deeply involved, to confirm that central approval is needed and to support the initiative through the HM Treasury approval process. This could be conducted at desk level or via a joint functional TAP panel.

  • If below DAL, the default assumption is that an initiative is assured within the organisation.

  • GDS will work with organisation assurers to identify any initiatives on the pipeline that would benefit from central support.

  • The organisational assurers can raise a flag to request further support from central assurance.

  • Assurance activity, approvals and conditions can still be captured on the service, to help organisation assurers to continue to use the central pipeline as a source of truth to manage their overall assurance activity. 

  • The service will continue to be developed from April 2026 to manage funding journeys, the Digital Performance Framework and more, depending on delivery team and assurer feedback.

11. Glossary of terms

This glossary of terms captures frequently used words and phrases in the digital assurance playbook to provide commonly understood definitions.

11.1 Approval

The act, accountability and responsibility for obtaining approval to commit spend against a digital and technology initiative. In the context of digital and technology assurance, approval can either be given by:

  • HM Treasury, if the initiative is spending above your organisation’s DAL or has been deemed by HM Treasury as being novel, contentious or repercussive.
  • Organisation investment board (or equivalent) for all other digital and technology delivery. 

11.2 Assurance

The act, accountability and responsibility for undertaking a robust, independent checking function against digital and technology delivery. Assurance should help to make sure that the right initiatives are delivered in the right way. Assurance can be carried out by:

  • Organisation assurance teams, with the support of multi-disciplinary functional experts, for initiatives approved by a joint functional Treasury Approval Process (TAP).
  • Organisation assurance teams, with the support of Government Digital Service, for initiatives identified as high risk during pipeline reviews.
  • Organisation assurance teams for all other digital and technology delivery.

11.3 Central assurer

A member of the Government Digital Service digital functional assurance team. Responsible for supporting organisational assurers with high risk initiatives and those above DAL

11.4 Delegated Authority Limit (DAL)

Set by HM Treasury, the threshold of spend below which organisations can independently approve. 

11.5 Desk based review

The desk based review would be the normal approach for HM Treasury approval for initiatives above DAL. This means that a TAP panel (see later entry) would not be required for approval, rather the decision can be made at ‘desk level’, with support and input from relevant functions. 

11.6 Get Approval To Spend (GATS)

The legacy service used to record departments spend and pipeline data.

11.7 Government Assurance Services

The collection of services used to manage government assurance, including registering initiatives on the pipeline.

11.8 Initiative

A generic term for any digital, data and technology related thing. This could be a project, programme, product, service or an early idea. It could be something that has funding attached or not.

11.9 Novel, Contentious, Repercussive 

Public expenditure requiring HM Treasury approval due to their unusual nature, potential to cause public debate or wide-ranging financial implications.

  • Novel: those initiatives of which the organisation has no experience or are outside its normal course of business. This could include the use of Artificial Intelligence technology in an organisation that has no internal expertise in implementing.

  • Contentious: those initiatives that might cause debate or criticism by Parliament, the public or the media. This could include awarding a new contract to a supplier that has recently experienced some negative national press interest. 

  • Repercussive: those initiatives likely to set a precedent or cause pressure for the wider public sector to take a similar approach and hence have wider financial implications. This could include implementing a particular licensing approach with a popular product that sets a precedent for government.

11.10 Organisation assurer

A member of an organisation’s digital assurance team, with accountability for digital functional assurance for that organisation.

11.11 Performance framework

The framework to capture performance metrics from organisations, giving a view of digital health.

11.12 Pipeline

A collection of data providing a delivery focused forward and current look of digital and technology related initiatives.

11.13 Treasury Approval Process (TAP)

A mechanism by which initiatives above organisation DALs or deemed novel, contentious or repercussive can be approved by HM Treasury. The actual approval decision is given by the Chief Secretary to the Treasury (CST). This is normally effected through a TAP panel, specific to the initiative and supported by the appropriate functional areas. Government Digital Service will support teams in taking initiatives through the TAP panel, as needed.

11.14 Whole Life Cost

The £5 million pipeline reporting threshold is for the whole life cost. This is the cumulative cost of an initiative throughout its entire lifecycle, including any initial capital costs and ongoing operational expenses. 

The whole life cost figure is exclusive of VAT and also ‘optimism bias’ or equivalent.

Some example scenarios:

  • For initiatives with a supporting Business Case, the whole life cost will be determined by that Business Case. You may have a Business Case covering five years of spend. The whole life cost in this instance would be the whole five years of spend.

  • You may not have a related Business Case, perhaps for a service being delivered. In this example you would use the appropriate spending envelope allocated to the service. This may have been committed as part of the Spending Review, or perhaps as part of your organisation’s Business Planning.

12. Government digital and technology standards

These standards and code of practice are codified best practice and updated regularly.

You should - and in some cases must - follow these standards to comply with the law, reduce risks and increase the likelihood of successful digital delivery. Organisational and central assurers can help you understand them in depth.

13. Government digital delivery strategy content

These strategies, reviews and playbooks outline the overarching strategic direction for digital delivery in government. 

Back to top