UK government trial finds AI coding assistants save 28 days a year but 85% still needs edits

UK government trial finds AI coding assistants save developers an hour a day - but most code still needs edits

More than 1,000 technologists across 50 government departments trialed AI coding assistants from Microsoft, GitHub Copilot, and Google Gemini Code Assist between November 2024 and February this year.

The review shows average time savings of around one hour per developer per day - roughly 28 working days a year. For teams under delivery pressure, that's meaningful capacity without extra headcount.

What the trial found

Engineers report the biggest gains from using AI to draft first versions of code and to review existing code. Only 15% of AI-generated code was used without edits, indicating careful human oversight.

72% of users said the tools offered good value. 65% completed tasks more quickly, 56% solved problems more efficiently, and 58% would prefer not to return to working without them.

Technology minister Kanishka Narayan said the results show a strong appetite to use AI to deliver faster - and safely. The government aims to extend adoption across departments.

Supplier response and policy ambition

Google Cloud's EMEA team said it was "thrilled to see the positive impact" of Gemini Code Assist in what it called the largest UK public sector trial of its tool. The government has signaled broader AI rollout across public services, with Downing Street estimating savings of more than £45 billion.

The reality check

There's momentum, but not a free pass. With 85% of AI-generated code still needing manual edits, the velocity boost can stall later in testing, security scanning, deployment, and verification.

Industry voices flagged quality and security risks. Studies have found developers often spend time fixing faulty AI output, reducing net gains. Security leaders warned that overconfident use of code assistants can introduce vulnerabilities unless secure-by-design practices are enforced.

What your department can do now

• Set clear use cases: Define where AI assistants add value (first drafts, refactoring, test generation, code review) and where they are restricted (sensitive systems, classified work).
• Bake in human review: Require code review for all AI-assisted changes. Label AI-assisted commits and track rework and defect rates.
• Protect data: Disable training on your prompts and code, restrict sensitive data in prompts, and use enterprise tenants with audit logs.
• Security by default: Mandate SAST/DAST, dependency scanning, SBOMs, license checks, and supply chain provenance checks for all AI-assisted code.
• Quality gates: Keep CI checks strict-tests, coverage thresholds, and performance baselines. Treat AI output like code from a new hire: verify everything.
• Measure ROI: Track cycle time, PR throughput, defect escape rate, incident counts, and time-to-restore. Compare against license costs to justify scale-up.
• Skills uplift: Train engineers on prompt strategies, code review heuristics for AI output, and secure coding patterns.
• Procurement guardrails: Standardize approved tools, versions, and plugins. Ensure vendor terms cover IP, data residency, logging, and incident response.
• Plan for exceptions: For high-risk services, consider isolated environments, model choice reviews, and manual sign-off before deployment.

Practical takeaways for delivery teams

• Use AI for scaffolding, repetitive boilerplate, and tests. Keep core logic and public-facing APIs under tighter review.
• Shift left on security: prompt for secure patterns and require automated checks to catch unsafe suggestions early.
• Pair programming with AI works best: one engineer drives, the other evaluates suggestions and architectural fit.
• Close the loop: collect examples of bad suggestions, update prompts and coding standards, and share patterns weekly.

Risks to manage

• Quality drift: Over-reliance on suggestions can spread subtle bugs. Counter with stricter tests and targeted code ownership.
• Security gaps: Model suggestions may include outdated libraries or risky patterns. Enforce dependency and secret scanning.
• Compliance and IP: Ensure license compatibility and record sources where feasible. Use policy to prevent copy-paste from unknown code.

Where to go deeper

For security leaders, the National Cyber Security Centre offers practical guidance on AI and software assurance. It maps well to public sector needs and can anchor your policy.

NCSC guidance on secure AI development

If your team needs structured upskilling on AI-assisted coding, including policy, prompts, and secure workflows, explore this practitioner-focused path:

AI Certification for Coding

Bottom line

AI coding assistants are already creating meaningful time savings across government. The gains are real when paired with strong engineering practice, clear policy, and disciplined security.

Treat these tools as accelerators, not autopilot. Keep humans accountable, measure what matters, and scale where the data supports it.