Deepfake threats are becoming a public-sector digital trust challenge, with governments facing new risks to identity, official communications and citizen confidence. Gartner predicts that 40% of government organisations will establish dedicated TrustOps functions by 2028, signalling a shift from reactive fact-checking toward proactive trust architecture.
In a May 2026 newsroom release, Gartner reported that 40% of government organisations are expected to establish TrustOps functions by 2028 to counter deepfake identity impersonation and disinformation-as-a-service. The prediction highlights a fast-moving operational challenge for public-sector CIOs, security teams, communications leaders and policy owners, as U.S. federal agencies advise organisations to prepare for AI-enabled cyberattacks, exploitation attempts, and fraudulent communications designed to impersonate leaders.
For organisations responsible for digital public services, the core challenge is trust at scale. Nemko Digital’s work in AI trust reflects this wider shift: digital transformation now requires governance structures that can demonstrate accountability, resilience and confidence across AI, data and cybersecurity - especially where sensitive information and public confidence can be harmed by false information, fake media, and AI deepfakes (which are manipulated videos and computer generated imagery), as well as other AI-generated content.
TrustOps refers to coordinated operational capabilities designed to protect digital trust before incidents spread. Gartner’s guidance calls for government organisations to move beyond reactive takedowns and fact-checking, particularly because generative AI-driven disinformation can become viral before traditional response processes are activated.
This creates a need for cross-functional governance. Gartner recommends trust councils involving IT, legal, communications and HR, as well as hardened business processes for high-risk workflows such as financial disbursements and approvals by financial officers. These measures are especially relevant where executive voice cloning, urgency-based social engineering or synthetic identity claims could create single points of failure, leading to public unrest or disruption of essential services. In practice, personnel training, crisis planning, and rapid information sharing with U.S. federal agency partners (including security communities such as NSA and CSI) can help agencies operationalise new advice and reduce response time across teams.
The development also strengthens the case for independent assurance. The Nemko AI Trust Mark is built around governance review, risk management, transparency and accountability, providing a model for how organisations can demonstrate that AI-related systems and processes have been assessed against recognised trust principles and practical recommendations.
Gartner also points to cryptographic provenance as a longer-term response. The Coalition for Content Provenance and Authenticity provides an open technical standard that helps establish the origin and edit history of digital content. For governments, provenance mechanisms can support verified public communications and reduce the burden placed on citizens to determine whether official media is authentic, while limiting the mass production of convincing synthetic narratives enabled by growing computational power and rapid technological advances.
Verification procedures are likely to become part of the same operating model. Standard processes for testing suspicious digital interactions, reviewing synthetic content indicators, validating questionable voice or video, and escalating high-risk cases can help public-sector bodies respond more consistently to deepfake tradecraft and other AI-driven attacks. Organisations assessing their current readiness may benefit from structured maturity reviews such as Nemko Digital’s AI Maturity Model, which supports evidence-based roadmaps for governance improvement across policy, process and technical control form.
The rise of TrustOps reflects a broader move toward proactive AI risk management. The NIST AI Risk Management Framework states that AI risk management should address risks to individuals, organisations and society while incorporating trustworthiness considerations across design, development, use and evaluation.
For public-sector and regulated organisations, this means deepfake resilience cannot sit only within communications teams or cybersecurity operations. It requires governance, documented controls, technical safeguards, workforce awareness and executive ownership. Nemko Digital’s AI Management Systems guidance is relevant to this direction, helping organisations establish structured processes for AI governance, risk management and certification readiness, including clearer accountability for high-risk digital content and identity workflows.
As deepfake threats accelerate, Gartner’s forecast suggests that digital trust will become an operating discipline for governments. TrustOps may therefore become a defining capability for institutions seeking to protect public confidence, secure identity systems and maintain the value of digital transformation in the face of the growing synthetic media threat.