From Tender to Autonomous Agent: What the Agentic AI Revolution Means for National Procurement

Public procurement is facing its most consequential technology shift in a generation. "From Code to Control: AI's Takeover of Software Development Lifecycle", a study commissioned by Reply and conducted by Forrester Consulting, surveyed 536 IT executives across Europe and the United States and found that 93% of organisations plan to adopt agentic AI within two to three years as a strategic alternative to traditional sourcing, and 81% believe autonomous orchestration will be a competitive necessity within five years. For Ireland, where public procurement exceeds €22 billion annually and the OGP is finalising its first National Procurement Strategy, this shift is arriving before governance frameworks to manage it are in place.

The study signals disruption arrives as supply-side pressure, not merely a tool to adopt. Vendors bidding for public contracts are restructuring delivery models around agentic AI, and the consequences for how contracting authorities specify and evaluate those contracts are immediate. Three fault lines demand attention: updating frameworks as offshore development gives way to agentic delivery; governing GDPR compliance as autonomous systems process public data; and closing the digital capability gap before it becomes a liability.

The offshore dimension has direct implications for public ICT contracting. Forrester finds 78% of IT leaders say offshoring complicates GDPR compliance and 76% report increased technical debt — risks embedded in many government platforms. McKinsey estimates procurement functions use less than 20% of available data, a deficit compounded when underlying systems are fragile. As agentic AI shifts delivery to AI-orchestrated teams, OGP criteria built around offshore models require revision.

The GDPR dimension is equally pressing. Guidance from the Spanish data protection authority in February 2026, following parallel analysis by the UK ICO, confirms public bodies remain fully accountable under GDPR for processing agentic systems perform autonomously — accountability that cannot be transferred to suppliers. With the EU AI Act's August 2026 compliance deadline approaching, AI governance clauses must become core evaluation criteria in tender specifications, not supplementary terms.

Three steps are needed. The OGP should embed agentic AI governance standards — covering GDPR architecture, human oversight, and audit requirements — into ICT and professional services framework specifications. Contracting authorities should treat AI literacy as a core competency. Ireland should engage with the Commission's 2026–2027 review of the Public Procurement Directives to shape, rather than react to, emerging AI standards.

The direction of travel is clear. McKinsey documents one tech company using AI agents to identify savings of 12% to 20% in contact centre operations and 20% to 29% in BPO and financial services spend — a concrete signal of what agentic procurement can deliver. Leaders who build governance capability and update frameworks now will capture that opportunity. Those who defer will manage risks they never specified, through frameworks never designed to accommodate them.

(The views expressed by the writer are his/her own and do not necessarily reflect the views or positions of BusinessRiver.)