Designing institutional trust in AI for the Abu Dhabi Government
Turned a compliance requirement into the product's strongest adoption driver.
Client
Launched
Team
Product · Engineering · AIML team · Policy · Leadership · Vendors
Role
Scale
The numbers that matters
The Problem
Government employees were already using AI. Just not safely.
GovGPT didn't enter an empty market. Post-training research across Abu Dhabi government entities including ADEK, DMT, and SSA revealed that 81% of employees were already operating inside a mature multi-tool AI ecosystem: ChatGPT, Microsoft Copilot, Gemini. The workarounds were specific. Employees copy-pasting sanitized content into external LLMs. Manually searching policy PDFs for answers an AI could surface in seconds. Relying on fragmented knowledge repositories nobody maintained.
The unofficial AI behavior was real. The governance wasn't.
The business challenge wasn't introducing AI to government employees. It was replacing risky, ungoverned AI use with a sovereign, auditable alternative at the scale of 80,000+ employees across 40+ entities while competing against tools employees already found faster and more capable.
Hard Contraints
• All data, models, and processing had to remain inside UAE sovereign infrastructure no exceptions
• Permission-aware retrieval across 40+ entities with different access levels and compliance requirements
• Full Arabic/English bilingual parity not localization, native interaction design from day one
• No regional precedent: no government in the Middle East had shipped this at this scale
My Role
I owned UX strategy and design across the full platform AI interaction models, trust and transparency architecture, tool information structure, bilingual UX, onboarding, and the design system patterns that made the experience consistent at scale. I worked directly with product, engineering, policy, and executive stakeholders to translate governance requirements into design decisions, and design decisions into adoption outcomes.
Late in the project, leadership brought in Capgemini Frog to execute a UI reskin new visual language, updated component aesthetic while preserving the existing UX architecture. The interaction models, trust patterns, tool states, citation mechanisms, and contextual guidance I had designed remained intact throughout. Having an external design studio inherit and build on the UX architecture without restructuring it was its own form of validation: the system held under external scrutiny.
The Reframe
The brief said: build a secure AI assistant. The real problem: give employees AI they could defend.
"The barrier wasn't access to AI. Employees already had AI. The barrier was confidence in using it inside formal government workflows."
Why This Was Hard
Sovereign AI invalidates every assumption consumer AI design is built on.
Sovereign Government AI
Explicit tool boundaries knowledge domains cannot mix
vs. Consumer AI : Unified, seamless assistant
Sovereign Government AI
Every output requires traceable attribution
vs. Consumer AI : Fluent, uncited responses
Sovereign Government AI
Accountability over speed always
vs. Consumer AI : Speed over explainability
Sovereign Government AI
Full Arabic RTL parity core interaction requirement, not a feature
vs. Consumer AI : Single language context
Sovereign Government AI
Trust must be visible in every interaction
Sovereign Government AI
Permission-aware, auditable retrieval
vs. Consumer AI : Open-ended flexibility
The central tension: the more seamless the AI felt, the less visible the governance model became. But the more
visible the governance, the heavier the experience felt and the more it compared unfavorably to the consumer AI fluency employees expected.
57% of research respondents switched to other AI tools multiple times within two weeks of onboarding not from distrust, but because consumer AI had set a fluency and speed benchmark that felt like the default. Every design decision required the same calibration: does this build enough institutional trust to keep employees here for the work that matters?
Process & Collaboration
This wasn't a linear design process. It was a governance alignment problem that required design to lead.
GovGPT was being defined, governed, and built simultaneously. Product direction was evolving. AI requirements shifted as sovereign infrastructure capabilities were clarified. Stakeholder expectations across product, engineering, policy, legal, and executive leadership were rarely aligned, and the absence of a shared product definition early on was the biggest design risk. Different stakeholders had fundamentally different mental models of what GovGPT was: a chatbot, an enterprise search tool, a productivity suite, a compliance platform.
I ran a series of cross-functional discovery workshops product definition sessions with leadership, workflow mapping and journey mapping exercises with operational users, and service blueprinting with engineering and governance stakeholders specifically to surface those conflicting mental models and force a single shared definition before interaction design began. The output wasn't a diagram. It was a set of agreed constraints: what GovGPT would do, what it explicitly wouldn't do, and which tradeoffs were non-negotiable from a governance perspective. That foundation made every downstream design decision faster and more defensible.
Research : Continuous, not Ad hoc
Research ran across three distinct phases, each with a different purpose:
Foundational : workflow mapping and stakeholder interviews across specialist, manager, and leadership roles to understand existing AI behavior, accountability pressure points, and where the ChatGPT workaround pattern originated. This is where the trust-vs-capability reframe was first identified.
Evaluative : usability testing and concept validation on interaction patterns, onboarding flows, and tool-state logic. This is where the blended interface failed on source comprehension and the contextual guidance pattern was developed and validated against real government workflows.
Behavioral : post-training adoption analysis across ADEK, DMT, and SSA cohorts. This is where the first-week dropout pattern became visible, the 57% tool-switching behavior was measured, and the onboarding redesign was justified with evidence rather than instinct.
Research wasn't a phase. It was the mechanism that kept design decisions grounded when product direction was shifting and governance requirements were evolving. Every major trust pattern citations, tool states, source visibility, contextual guidance was validated through research before it shipped.
Governance Reality
Multi-tier approval cycles, evolving AI infrastructure constraints, and shifting product direction created real operational friction. Some interaction patterns were designed, tested, and revised when sovereign AI requirements changed what was technically feasible. I established structured review checkpoints and centralized feedback documentation to reduce the revision cost so when requirements shifted, the reasoning behind existing decisions was already recorded, and the impact of any change could be assessed cleanly.
One structural miss: governance alignment sessions were called reactively rather than built into the sprint cadence from day one. Regular cross-functional checkpoints from week one would have reduced rework when requirements shifted mid-build. At this scale of institutional complexity, alignment is a design deliverable, not a precondition for design.
Process & Decisions
Three decisions that defined the platform each tested, challenged, and validated before it shipped.
GovGPT interaction patterns couldn't be borrowed from enterprise UX convention. A standard enterprise dashboard assumes stable data, known permissions, and linear workflows. A sovereign AI assistant operates across dynamic knowledge domains, variable access levels, bilingual interaction contexts, and shifting AI capabilities. Every pattern was prototyped, validated with real government workflows, and stress-tested against governance requirements before it was committed to.
Decision 1 : Explicit tool states over a unified AI layer
Early in the project, there was pressure from product and leadership to build a single seamless interface: one input, intelligent routing, ChatGPT-level fluency. The adoption argument was straightforward reduce friction, drive usage.
I pushed back, with evidence. Usability testing showed employees couldn't tell when the AI was drawing from official government repositories versus public web results inside a blended interface. In a consumer product, invisible routing is good design. In government work, it's a liability an employee presenting AI-generated policy analysis to senior leadership needs to know the source was the official knowledge base, not a public summary that sounded authoritative.
I drove the decision to build explicit tool states: Gov Knowledge, Web Search, and Document Chat as separate, visible modes. It added one interaction step. It removed the question blocking adoption: where did this come from?
Post-research confirmed the call. Governance mechanisms tool boundaries, source visibility, secure-handling cues were not perceived as friction. Users explicitly named them as reasons they trusted the platform. Compliance requirements, designed as UX features, became the product's primary adoption drivers.
"Explicit mode states over automatic routing. One extra tap. Eliminated the source ambiguity that made outputs undefendable in formal workflows."
Decision 2 : Citations as trust infrastructure, not a UI feature
Default LLM behavior produces fluent, uncited prose. Fast to read, impossible to verify. For informal tasks, acceptable. For a government employee summarizing a procurement contract or drafting a policy brief, not acceptable.
I defined source attribution as a non-negotiable design requirement not a feature toggle and worked with engineering to surface document titles, repository origins, and web sources persistently beneath every response. The architectural lift was real. The product case was simple: if an employee can't trace the answer back to its source, they won't use the answer in formal work. If they won't use it in formal work, the product hasn't solved the problem.
Research validated this directly. Users treated GovGPT outputs as first drafts verifying, refining, cross-checking before submission. The citation layer made that verification faster and more confident. It supported the human-in-the-loop accountability behavior that government work requires.
"Persistent source attribution beneath every response. Scoped as compliance. Functioned as the trust signal that made outputs usable in formal workflows."
Decision 3 : Capability Education at the point of decision, not in documentation
Initial onboarding followed a standard enterprise pattern: guided setup flow, help documentation, training materials. Structured logic. Predictable failure mode.
81% of users tried GovGPT the same day as their training session strong initial curiosity. But sustained habit formation was weaker. Users who didn't find repeatable workflow value in the first week dropped off. The first week was the adoption window, and mode confusion was burning it.
The specific failure: employees didn't understand why Gov Knowledge sometimes couldn't answer questions that web search could. That gap between sovereign AI's deliberate constraints and the ChatGPT mental model already embedded in their behavior created distrust in the AI itself, not the interface.
I rebuilt the IA to surface contextual guidance at the moment of tool selection: brief, non-modal, task-framed. Not 'here's what this tool does' but 'you're analyzing a contract Chat with Docs gives you cited clause extraction.' The redesign contributed directly to weekly active users rising from 250 to 1,250.
"Guidance at the decision point, not in a help sidebar. Employees under time and accountability pressure don't seek documentation they respond to well-placed context."
The Solution
An AI operating layer built around trust, traceability, and government-scale workflow.
GenChat : Drafting, Summarization, Translation
Bilingual Arabic/English at the input level RTL and LTR handled natively, not as a language toggle. Eliminated a separate Arabic interface after usability testing showed employees switching languages mid-task. Most-used workflow surface across entities for research, summarization, and translation.
"Native bilingual input. No mode-switching. Cut the separate Arabic interface after observing mid-task language-switching in usability sessions."
Chat with Confidential Docs : Secure Document Analysis
Upload and interrogate documents inside the sovereign boundary. Cited clause extraction, comparative analysis across policy drafts, structured summaries traceable to specific documents and sections. Built for employees who sign their name to AI-assisted work.
"Every summary maps to a source document and section. Designed for accountability so the human signing off can verify before they do."
Agents : Purpose-Built AI for specific Workflows
Structured instruction flows with document attachment, scoped to team workflows or knowledge repositories. The path from general AI experimentation to consistent, auditable, institutionally scalable AI use.
Feeds : Automated Intelligence Digests
Structured summaries of emails, updates, and escalations for leadership managing cross-entity information at volume. High-signal output from high-volume input.
Deep Research : Cited Report Generation
Structured research outputs for policy formulation, benchmarking, and strategic planning. Every claim attributed. Built for work that gets presented, defended, and published not just read.
Design System : Ecosystem-scale Trust Infrastructure
GovGPT was not a standalone product. It was the first surface in a broader GovAI ecosystem that will eventually span multiple government platforms, agencies, and service layers. Every design decision was made with reuse in mind not just for GovGPT, but for every AI-powered government product that follows.
I built the AI transparency pattern library as that foundation: source attribution component, tool state indicators, AI-generated content labeling, and bilingual component behavior with full Arabic RTL typography system, WCAG-compliant contrast and spacing, and governance-aware interaction standards built into the component logic from the start. The bilingual system was the hardest part. Arabic RTL isn't a mirror of English LTR information hierarchy, reading flow, and interaction sequencing behave differently. Building components that worked natively in both directions required parallel prototyping and validation in both languages throughout.
The library is now positioned for adoption across the DGE platform portfolio. When the next government AI product is designed, the trust patterns don't have to be reinvented. They're already there.
That is the work underneath the case study's framing: we weren't only designing an AI product. We were helping define how AI product design should operate inside government.
Impact
20,000+ active users across Abu Dhabi government entities in pilot
Weekly active users: 250 → 1,250 post-redesign (5×)
81% of users tried GovGPT the same day as their training session
28% reduction in use of unauthorized external AI tools post-launch
79% of users reported faster task completion for document summarization and translation
(post-training feedback, 21 respondents across ADEK, DMT, SSA)
GovGPT entered a mature multi-tool AI ecosystem and won the category public AI tools couldn't compete in: institutional trust. Not by being the most capable AI assistant. By being the only one employees could use on confidential work without risk, workaround, or doubt.
GovGPT became the preferred environment for sensitive work across research, drafting, summarization, and translation even among employees who continued using public AI tools for broader exploration. Governance mechanisms designed as UX features source attribution, tool boundaries, data-residency visibility were cited by users as primary reasons they trusted the platform.
"This is the first AI tool I'd feel comfortable using for actual government work." - Government employee, Abu Dhabi pilot cohort
Launched publicly at GITEX Global 2024 as Abu Dhabi's flagship sovereign AI initiative, under the theme Towards an AI-Native Government, with 30+ government and academic entities participating.
Reflection
What I underestimated
The depth of the ChatGPT mental model already embedded in employee behavior. Research showed 57% of users switched to other tools multiple times within two weeks of onboarding not from distrust, but because consumer AI had set a speed and fluency benchmark that felt like default. I'd have run a comparative mental model study earlier and used it to shape capability framing from sprint one, not as a course correction mid-project.
What I didn't expect
Governance constraints became the strongest adoption argument. The features users cited most data residency visibility, explicit tool boundaries, source attribution were originally scoped as compliance requirements. Designing them as UX features rather than legal notices changed how employees related to the product. Security, framed correctly, became a reason to stay.
What I'd do differently
Build the trust layer in parallel with capability development from sprint one. Transparency patterns citations, tool states, source visibility were formalized after core features were in progress. Some screens required rework. In AI products where governance is a first-class requirement, trust architecture is infrastructure. It can't be retrofitted.
Additionally, governance alignment sessions were scheduled reactively rather than built into the sprint cadence. Regular cross-functional checkpoints from week one would have reduced the rework cost when requirements shifted. At this scale of institutional complexity, alignment is a design deliverable, not a precondition for design.
What the reskin confirmed
A last-minute decision to bring in Capgemini Frog for a UI reskin while keeping the UX journeys intact was the clearest signal that the design architecture was solid. An external studio inherited the trust patterns, tool states, and contextual guidance and reskinned the visual layer without requiring structural rework. That separation UX as architecture, UI as expression is a principle I'd make explicit from the start of every AI product engagement, not something confirmed through an external reskin.
What's next
Agent sharing across entities, Outlook and Teams integration, role-specific prompt structures, and multi-document reasoning the capabilities research flagged as the next adoption levers. The foundation is built. The AI-native government operating model is the next design problem.