Gartner says 40% of governments will create TrustOps

Gartner forecasts that 40% of government organisations will establish dedicated TrustOps functions by 2028 to counter deepfake threats. The projection reflects growing concern over identity impersonation and organised disinformation targeting public institutions.

These threats include fake public statements that mimic political leaders, as well as attacks on internal systems. Internal attacks can target biometric authentication tools such as voice and facial recognition, or manipulate staff through social engineering that creates a false sense of authority and urgency.

The warning signals a broader shift in how public bodies are being advised to respond to synthetic media. Rather than relying mainly on fact-checking after false content appears, government technology leaders are being urged to build systems and processes that establish authenticity before manipulated content spreads widely.

Daniel Nieto, Sr. Director Analyst at Gartner, said the issue extends beyond technical security.

"Deepfakes can undermine or even weaponise notions of digital identity, attacking the credibility of the State itself. If citizens cannot distinguish a legitimate prime minister's announcement or a secure tax agency portal from a replica, the foundational architecture of truth collapses," Nieto said.

Gartner argued that public sector organisations should not treat deepfakes solely as an IT issue. It described the challenge as a cross-functional risk requiring involvement from executive leaders as well as communications, legal, human resources and technology teams.

Broader response

Many traditional organisational structures lack a single owner for this type of threat, creating a need for a more formal trust function to coordinate responses to both external disinformation and internal identity-related risks.

One recommendation is to create a trust council to oversee these issues across departments. Such a group would consult key stakeholders and manage questions related to digital identity, public-facing misinformation, and attempts to deceive employees or systems.

Another focus area is administrative workflow security. Government bodies should identify high-risk processes such as financial disbursements and audit them with controls that reduce single points of failure. Suggested measures include multiple approvers and application-level authentication to limit the risk of executive impersonation using cloned voices.

The firm also called for formal verification procedures for suspicious digital interactions. That would mean standard operating procedures to guide staff through technical checks to determine whether content may have been created synthetically by AI.

Nieto said the rise of deepfake content could erode some of the benefits governments have sought through digital transformation.

"The deepfake phenomenon threatens to induce digital regression; reversing the ROI of digital transformation by forcing a retreat to high-friction, paper and in-person interactions," he said.

The analysis highlights a practical problem for public institutions: once false content spreads quickly online, removing it may not be enough to prevent damage. Governments cannot rely on reactive takedowns because a viral deepfake may already have shaped public perceptions before it is challenged or removed.

Instead, Gartner advises placing greater emphasis on what it described as saturating the information space with verified truth first. In parallel, governments should avoid placing too much responsibility on citizens to decide what is genuine and what is fake.

Verification tools

That approach shifts the burden of trust from the individual user to institutional systems. Cryptographic provenance, Gartner said, should play a larger role in proving whether official content is authentic.

For the longer term, the firm pointed to C2PA, a protocol designed to attach cryptographic metadata to digital media. In practice, this would allow official organisations to embed tamper-resistant provenance information into published content and use it as part of broader public trust efforts.

Nieto outlined that recommendation in more detail.

"Long-term, government organisations can consider implementing solutions such as the C2PA protocol. They should mandate outbound content grounding by adopting the C2PA protocol, embedding tamper-proof cryptographic metadata into all official digital media. They can also market the use of content provenance to constituents and stakeholders to assert trust," he said.

The forecast underscores how synthetic media is becoming as much a governance issue as a cyber security one. For government chief information officers, the message is that defending digital trust will require institutional structures, tighter process controls and verification standards that can withstand fast-moving impersonation and disinformation attacks.