GOVERNMENT & MUNICIPAL AI
NYC's MyCity chatbot told landlords they could refuse Section 8 vouchers. Told businesses they could skip the cashless ban. Told employers they could take worker tips. Every answer was illegal. Every answer carried the imprimatur of the city. We build government AI where every response traces to a specific statute, or the system stays silent.
17-33%
Hallucination rate in leading legal AI tools
Stanford/JELS, Magesh et al., 2025
78 Bills
State chatbot safety bills across 27 states in 2026
AI2Work Legislative Tracker, 2026
€15M
EU AI Act penalty for high-risk non-compliance
EU AI Act Article 99, 2024
Whether you're evaluating AI for citizen services for the first time, recovering from a failed deployment, or trying to make an existing chatbot legally defensible, this page covers what actually works, what doesn't, and what it takes to build government AI that holds up under scrutiny.
The failure isn't hypothetical. It happened on a .gov domain, to real business owners, with real legal consequences.
In October 2023, NYC launched MyCity on Microsoft Azure AI, trained on 2,000+ city web pages. The Markup's investigation in March 2024 documented systematic illegal advice across fundamental areas of NYC law:
| Legal Domain | What MyCity Said | What the Law Actually Says | Penalty for Following the Advice |
|---|---|---|---|
| Labor / Wages | "Yes, you can take a cut of your worker's tips" | Illegal under FLSA and NY Labor Law § 196-d. Employers may not retain any portion of employee tips. | Wage theft lawsuits, DOL investigation, liquidated damages up to 100% of unpaid wages |
| Consumer Protection | "There are no regulations that require businesses to accept cash" | Illegal. NYC Admin Code § 20-840 prohibits cashless stores to protect unbanked citizens. | $1,000 first violation, $1,500 subsequent violations |
| Housing Rights | "Landlords do not need to accept Section 8 vouchers" | Illegal. NYC Human Rights Law prohibits source-of-income discrimination since 2008. | Fines up to $250,000, compensatory damages, mandatory policy changes |
| Tenancy Law | "It is legal to lock out a tenant" | Illegal. Unlawful eviction is a criminal offense after 30 days of occupancy. | Criminal charges, treble damages, immediate restoration of possession |
The city added disclaimers. The chatbot itself told users, "Yes, you can use this bot for professional business advice." Incoming Mayor Mamdani called the tool "functionally unusable" and moved to terminate the roughly $500,000 program.
The problem is architectural, not a tuning issue. Large language models are probabilistic engines that optimize for plausible-sounding output. When a landlord asks "Can I refuse a Section 8 tenant?", the model draws on the statistically dominant pattern in its training data: general contract law (freedom to choose tenants). The specific NYC Human Rights Law provision prohibiting source-of-income discrimination is a local exception that gets overridden by the model's broader training signal.
RLHF-trained models compound this. They're tuned to be "helpful," which in practice means agreeing with the user's implied intent. A landlord asking about refusing tenants gets a "yes" because the model interprets the question as "help me refuse this tenant" rather than "what does the law say." A government AI must often be unhelpful to the user's immediate desire in order to be accurate about the law.
Adding RAG doesn't solve it. Stanford's 2025 study tested commercial legal AI tools with retrieval augmentation: even the best (LexisNexis Lexis+ AI) hallucinates 17% of the time. Westlaw's AI-Assisted Research hits 33%. The retrieval step can pull the right statute, but the generation step can still misinterpret it, ignore it in favor of training priors, or synthesize a plausible-sounding answer from the wrong combination of retrieved passages.
Government chatbots that give legal advice operate in the "proprietary function" zone. When a city deploys an AI that provides specific, actionable business guidance, it's acting as a consultant, not exercising discretionary governmental authority. That distinction matters because proprietary functions don't carry sovereign immunity protection. A private consultant who gave the advice MyCity gave would face malpractice claims.
NY Senate Bill S7263, which reached the Senate floor on February 26, 2026, would create explicit civil liability when chatbots give substantive professional advice. It creates a private right of action for actual damages, plus attorney fees for willful violations. The bill passed committee 6-0. The EU AI Act classifies citizen-facing government AI as high-risk under Annex III, with penalties up to EUR 15 million or 3% of worldwide turnover effective August 2026. This isn't a future problem. It's a current regulatory reality converging on every government that deployed a chatbot without citation enforcement.
A reference for evaluating your options. The gaps in this table are where most deployments fail.
| Category | Key Players | What They Actually Deliver | Gap |
|---|---|---|---|
| Cloud Platforms | Microsoft Azure Government, AWS GovCloud, Google Public Sector | FedRAMP-authorized infrastructure, general-purpose LLMs (GPT-4, Bedrock, Gemini), basic RAG tooling | Platform, not a solution. Azure powered MyCity. The hallucination problem lives above the platform layer. |
| Legal AI Vendors | Thomson Reuters CoCounsel, LexisNexis Lexis+ AI | Citation-verified legal research for attorneys. CoCounsel has 1M+ users, agentic research with Westlaw-backed citations. | Built for lawyers, not citizens. Pricing for law firms ($200+/user/month). No municipal code specialization. No 311/CRM integration. |
| Municipal Code Publishers | Municode (LexisNexis), American Legal Publishing, CivicPlus | Structured municipal code databases. Municode.ai offers RAG-based chat over codes. CivicPlus launched 6 AI products in January 2026. | Municode.ai is early-stage with no government procurement track record. CivicPlus AI is chatbot-level, not citation-enforced. No constrained decoding or verification layers. |
| Big 4 / Large SIs | Deloitte, Accenture Federal, CGI | Program management, procurement navigation, ATO documentation. Deploy vendor platforms within gov cloud boundaries. Accenture booked $3.6B in AI work FY2025. | They implement platforms, not build custom intelligence. 60-70% of cost goes to PM and documentation. Engagements run $500K-$5M+. The MyCity architecture is the kind of thing they'd deploy. |
| GovTech Chatbot Vendors | Citibot, Polimorphic, CrafterQ | Citizen-facing chatbots for 311 services. Denver's Sunny supports 72 languages. Purpose-built for government UX. | Conversational layer over basic retrieval. No constrained decoding, no statutory citation enforcement, no multi-agent verification. Surface-level accuracy. |
| Veriprajna | Custom build | Citation-enforced municipal AI with hierarchical RAG, constrained decoding, verification agents, and audit trails. Deploys within your existing FedRAMP boundary. | Smaller firm. No existing government MSA relationships. Does not handle procurement navigation or program management (SIs do this better). Not a platform. |
Honest gap: organizational buy-in and change management are real barriers that no vendor, including us, solves with technology. If your staff doesn't trust the system, they'll route around it regardless of how accurate it is.
Four capabilities, each addressing a specific failure mode in current government AI deployments.
Every citizen query returns a structured response with the specific statute, code section, and source URL, or the system refuses to answer. This is constrained decoding at the token level: the model's vocabulary is dynamically masked during generation so it literally cannot produce a citation ID that doesn't exist in the retrieved context.
We reach for hierarchical indexing because municipal codes are trees, not flat documents. A zoning question about food trucks requires traversal across Title 17 (zoning), Title 8 (health), Title 20 (consumer affairs), and applicable DCA rules. Standard RAG chunking severs those cross-references. Our graph-enhanced index preserves the structure: parent nodes for intent, child nodes for operative text, linked definitions for the terms that connect them.
Municipal codes arrive in PDF dumps from the city clerk, HTML fragments from Municode or American Legal Publishing, proprietary CMS exports, and occasionally scanned images of amendments. We build automated pipelines that normalize all of these into a structured knowledge graph with time-aware versioning.
Each provision carries metadata: effective date, repeal date (if applicable), penalty amount, enforcing agency, and cross-reference links. When council passes an ordinance, the pipeline ingests the update and re-indexes. Repealed statutes move to a historical index. The system never cites dead law. Weekly reconciliation checks compare the graph against the publisher's live code to catch anything the automated pipeline missed.
Before any citizen sees a response, we red-team the system against adversarial queries: "How do I evict a tenant?", "Can I fire pregnant employees?", "How do I avoid paying overtime?" We map every query path and identify where hallucination creates legal exposure.
We test against the specific regulatory landscape your jurisdiction faces: NY S7263 professional advice boundaries, EU AI Act high-risk obligations (August 2026 deadline), Section 508 accessibility requirements, NIST AI RMF alignment for procurement scoring, and your state's specific chatbot legislation. The output is a documented audit trail that satisfies both internal review boards and external compliance requirements.
When retrieval confidence drops below threshold, the system doesn't say "I don't know, call 311." It routes to the right department with context: the original query, partial retrieval results, and a suggested classification. The citizen gets a specific referral, and the receiving staff member sees what the system already found.
We build this triage layer with bidirectional integration into your existing CRM (Salesforce Government Cloud, ServiceNow, or your 311 platform). A topic-level kill switch lets administrators disable specific query domains without taking down the entire system. If an error surfaces in housing queries, you can shut down the housing node while business licensing continues to operate.
A real query that requires traversing zoning law, health department regulations, business licensing, and DCA rules. This is the kind of question that exposes whether a system is actually grounded in the code or just generating plausible text.
The system identifies that "open a food truck" is a multi-domain query. It decomposes into four retrieval targets: mobile food vending permits (DCA), food service establishment licenses (Health), zoning restrictions on mobile vendors (Zoning), and general business licensing requirements (Finance).
For each target, the system traverses the knowledge graph. For the zoning question specifically: it navigates from Title 17 (Zoning) to the mobile vendor provisions, retrieves NYC Admin Code § 17-315 (prohibiting food trucks on 5th Avenue between 42nd and 59th Streets), cross-references the DCA mobile vendor license requirements, and pulls the Health Department's Article 81 food service standards. Each retrieved provision carries its citation ID, effective date, and penalty clause.
The LLM generates a response, but under constraint. The allowable citation IDs are limited to the specific sections retrieved in step 2. If the model attempts to reference a statute not in the retrieval set, that token is masked to probability zero. The output must conform to a JSON schema requiring: claim, citation_id, source_url, and confidence_score for each factual assertion.
Before the response reaches the citizen, a separate verification agent performs three checks. Entailment: does the cited text actually support the claim? (The model might cite the right statute but misinterpret it.) Conflict: are there contradicting provisions in the retrieval set? Currency: is the cited statute still in effect? If any check fails, the system falls back to a safe refusal with a specific department referral.
The citizen receives a structured answer with hyperlinked citations: "Operating a food truck in NYC requires a Mobile Food Vendor License from DCA [§ 17-307], a Food Service Establishment Permit from the Health Department [Article 81.09], and compliance with location restrictions. Food trucks are prohibited on 5th Avenue between 42nd and 59th Streets [§ 17-315]. Confidence: High (4 matching provisions). For complete zoning eligibility at your specific location, contact DCA at [direct link]."
The entire interaction generates an audit record: query received, decomposition targets, statutes retrieved with relevance scores, generation constraints applied, verification results, and final response. This record is stored in your compliance system and satisfies both NIST AI RMF documentation requirements and the continuous monitoring obligations of FedRAMP and StateRAMP.
Four phases, each with a defined output. We start with one department in one jurisdiction and expand only after accuracy benchmarks are met.
We ingest the municipal code from your publisher (Municode, American Legal Publishing, or direct city sources) and convert it into a hierarchical knowledge graph. Every provision is a node with metadata: effective date, penalty, enforcing agency, cross-references, and the specific text.
Timeline: 4-6 weeks for a single jurisdiction's complete code.
Caveat: Code corpus quality varies dramatically. Well-maintained Municode databases convert in 4 weeks. Jurisdictions with PDF-only codes, inconsistent numbering, or decades of uncodified ordinances take longer. We conduct a corpus assessment in the first week so there are no timeline surprises.
Output: Searchable knowledge graph with complete statutory coverage for the pilot department, plus an automated update pipeline connected to your code publisher's feed.
We deploy the verification agents and run adversarial testing. The red team bombards the system with the queries that caused MyCity's failures (tips, cashless, vouchers, lockouts), plus jurisdiction-specific edge cases from your legal team.
Timeline: 3-4 weeks, overlapping with Phase 1.
Benchmark: 100% rejection of known illegal-advice prompts. If the system gives wrong legal guidance on any adversarial query, we do not move to Phase 3.
Output: Red team report documenting all tested scenarios, results, and remediation actions. This becomes part of your ATO documentation.
Deploy to a single department (we recommend business licensing or 311 FAQ as the pilot) with the citation enforcement architecture active. The system runs in parallel with existing processes for the first 2 weeks so staff can validate outputs against their own knowledge.
Timeline: 2-3 weeks for integration and parallel-run period.
Output: Live system serving citizens on the pilot domain, with audit trails flowing to your compliance system and escalation routes connected to your CRM.
Every citizen interaction is logged and reviewed. We monitor for retrieval drift (when code updates change the correct answer but the graph hasn't caught up), new adversarial patterns, and query domains where the system triggers safe refusals too frequently (indicating coverage gaps).
Ongoing cost: $3,000-$5,000/month per jurisdiction for corpus maintenance, monitoring, and reconciliation.
Expansion: Adding a new department to an existing jurisdiction typically takes 2-3 weeks. Adding a new jurisdiction requires returning to Phase 1 for that jurisdiction's code corpus.
Evaluate your current position across the five dimensions that determine whether a government AI deployment creates value or liability. Each dimension is scored independently so you can see exactly where the gaps are.
How is your municipal code currently maintained and accessible?
What is your current cloud authorization status?
What chatbot-related legislation applies to your jurisdiction?
What systems handle citizen inquiries today?
What is your agency's history with AI or chatbot deployments?
We build on infrastructure that already holds authorization. The AI layer we construct runs within your existing FedRAMP-authorized boundary, whether that is Azure Government, AWS GovCloud, or Google Public Sector. The constrained decoding engine, knowledge graph, and verification agents are application-layer components that inherit the underlying platform's authorization. This matters because pursuing a standalone FedRAMP authorization for a custom AI system takes 12-18 months and costs $500K-$2M in assessment fees alone. By architecting within an already-authorized boundary, we avoid that timeline entirely. For StateRAMP requirements, which roughly 15 states now mandate for cloud services, the same principle applies. We document our application-layer controls as an addendum to your existing System Security Plan. The audit trail we generate for every query-response pair also satisfies the continuous monitoring requirements that FedRAMP and StateRAMP impose, because every interaction is already logged with citation IDs, retrieval confidence scores, and verification results.
Municipal chatbot deployments range from $20,000 for basic implementations (like Fairfield, California's Archie) to $375,000 for comprehensive programs (Roseville, California). NYC spent roughly $500,000 on MyCity before the incoming mayor moved to terminate it. A Veriprajna engagement for citation-enforced municipal AI typically falls in the $150,000-$400,000 range for the first jurisdiction, depending on code corpus complexity and integration requirements. Compare that to the liability exposure. NY Senate Bill S7263, which reached the Senate floor in February 2026, creates a private right of action with actual damages plus attorney fees for willful violations when chatbots give professional advice. The EU AI Act imposes penalties up to EUR 15 million or 3% of worldwide turnover for high-risk AI non-compliance. Beyond statutory penalties, the proprietary function exception to sovereign immunity means your municipality could face negligent misrepresentation claims from every citizen who followed bad chatbot advice. One class action from business owners who relied on hallucinated permit guidance would dwarf the entire deployment cost.
Yes, and integration architecture is where most government chatbot projects quietly fail. The citation engine exposes a REST API that accepts natural language queries and returns structured JSON with the answer, citation IDs, source URLs, confidence scores, and verification status. That API plugs into Salesforce Government Cloud via a custom Lightning Web Component, or into ServiceNow via a scoped application. For 311 platforms specifically, we build bidirectional integration: inbound queries from the 311 system hit the citation engine, and when the engine triggers a safe refusal (confidence below threshold), it creates a case in your CRM with the original query, partial retrieval results, and a suggested department routing. The citizen gets a specific referral, not a generic "call 311" message. For existing chatbot interfaces like CivicPlus or custom web widgets, we provide an embed script that replaces the probabilistic response layer while preserving your existing UI. The typical integration timeline is 2-3 weeks for API connection and 4-6 weeks for full CRM workflow integration including testing.
Deloitte and Accenture Federal are platform implementers. They deploy Azure AI or AWS Bedrock within a government cloud boundary, configure RAG over your documents, and add a prompt engineering layer. That is the exact architecture that produced MyCity. Their value is procurement navigation, ATO documentation, and program management, and those are real capabilities worth paying for on large programs. What they do not build is the constrained decoding layer that prevents hallucination at the token level, the hierarchical knowledge graph that preserves cross-references between related statutes, or the multi-agent verification pipeline that catches retrieval errors before they reach citizens. These are architectural choices, not configuration options in Azure AI Studio. A Big 4 engagement for government AI typically runs $500,000 to $5 million, with 60-70% of that cost going to program management, documentation, and procurement support rather than technical architecture. We build the technical layer that their implementations lack. In some engagements, we work alongside an SI who handles procurement and program management while we build the citation enforcement architecture. That combination gives you procurement expertise and technical depth without paying Big 4 rates for custom AI engineering.
Every citizen-facing government system must meet Section 508 of the Rehabilitation Act and WCAG 2.1 AA standards. For AI specifically, this means screen-reader compatible response formatting, keyboard-navigable interfaces, sufficient color contrast in citation displays, and alternative text for any visual elements in the response. We build the response layer with semantic HTML that screen readers parse correctly, including properly tagged citation links and structured answer formatting. Multilingual support is a separate engineering challenge from translation. You cannot simply translate AI outputs because legal terminology has jurisdiction-specific meanings that generic translation models get wrong. We handle this by maintaining parallel knowledge graphs for each supported language, where the statutory text is the official translated version published by the jurisdiction rather than a machine translation. For jurisdictions that do not publish official translations, we flag the response as English-sourced and route multilingual queries to human staff. Denver's Sunny chatbot claims 72-language support, but that is surface-level UI translation, not legally accurate multilingual statutory interpretation. We prioritize accuracy over language count.
This is the hardest operational problem in government AI, and the reason most chatbot deployments degrade within months of launch. Municipal codes are amended through ordinances passed by city council, regulatory updates from departments, and state preemption changes that override local law. A single city council session can produce 20-30 code amendments. We build automated ingestion pipelines that monitor three source types: official code publisher feeds from Municode or American Legal Publishing (which provide structured XML/HTML updates), city clerk legislative tracking systems that publish ordinance PDFs, and state legislature feeds for preemption changes. Each update triggers a re-indexing workflow. The knowledge graph uses time-aware versioning where every provision carries an effective date range. When a statute is repealed or amended, the old version moves to a historical index, and the new version becomes the active retrieval target. The system never cites repealed law. We also run a weekly reconciliation check that compares the knowledge graph against the publisher's current online code to catch any updates the automated pipeline missed. For the pilot jurisdiction, this operational layer adds approximately $3,000-$5,000 per month in ongoing maintenance, which covers ingestion monitoring, reconciliation, and emergency re-indexing when major legislative packages pass.
The detailed technical architecture behind this solution page.
From Civil Liability to Civil Servant: Statutory Citation Enforcement for Deterministic Government AIComprehensive analysis of legal risks in current government AI deployments, the technical root causes of legal hallucinations, and the full Veriprajna architecture for citation-enforced municipal AI systems.
Municipal chatbot failures cost $500K+ to terminate and leave liability exposure that dwarfs the deployment budget.
Whether you need a liability audit of your existing chatbot, a citation-enforced system for a new deployment, or a technical architecture review before your next RFP, we can scope the engagement in a single conversation.