AI Regulation in United Kingdom
United Kingdom has 31 tracked AI regulatory updates across 3 frameworks. This page provides an overview of the current regulatory landscape, upcoming deadlines, and recent enforcement activity.
Upcoming Deadlines
Trust must issue fresh FOIA response by 4:00 p.m.
AI v The Information Commissioner – FOIA vexatious request appeal allowedFCA Board recommendations expected in summer 2026
FCA Mills Review on how AI will reshape retail financial servicesRecent Regulatory Updates
UKAS grants first accreditation for ISO/IEC 42001 certification
UKAS accredited BSI for ISO/IEC 42001 certification, creating a live accredited certification market that materially changes how organizations can seek independent assurance for AI management systems.
FCA, Bank of England and Treasury joint statement on frontier AI models and cyber resilience
The FCA, Bank of England, and HM Treasury said firms must be able to identify, monitor, and manage external AI-related applications, libraries, and services integrated into their networks, raising the bar for cyber and third-party resilience.
FCA Mills Review on how AI will reshape retail financial services
The FCA launched a review of advanced AI’s impact on retail financial services, with feedback due 24 February 2026 and recommendations expected for the FCA Board in summer 2026.
ICO investigation into Grok
The ICO has opened an investigation into Grok, signaling active enforcement scrutiny of AI processing under UK data protection law rather than a purely policy-level review.
ICO guidance on AI and data protection
The ICO’s AI guidance remains the key UK data-protection reference for AI systems, and the page is under review because of the Data (Use and Access) Act coming into force on 19 June 2025.
AI v The Information Commissioner – FOIA vexatious request appeal allowed
On 2026-05-22 the UK First-tier Tribunal allowed the appeal and ordered the Leeds Teaching Hospitals NHS Trust to issue a fresh FOIA response by 4:00 p.m. on 2026-06-19, rejecting the vexatious-request characterization under section 14(1).
ICO maintains enforcement posture on AI chatbots and biometrics
The ICO has continued investigating AI systems such as Grok and reiterating its willingness to use full enforcement powers, so AI chatbot and biometric deployments remain under active data-protection scrutiny.
FCA, Bank of England and Treasury issue frontier AI cyber resilience statement
UK authorities issued a joint statement on frontier AI model cyber resilience, so regulated firms and FMIs should now align AI governance with existing operational resilience and cyber controls.
ICO AI and data protection guidance under review
The ICO says its AI and data protection guidance is under review in light of the Data (Use and Access) Act 2025, so organisations should expect refreshed UK GDPR expectations on AI governance and risk assessment.
Family Court endorses secure AI use for judgment summaries
The Family Court published a judgment noting that secure Judicial Copilot summaries were useful for parents with learning difficulties, underscoring that courts will scrutinize AI use but may accept it when carefully controlled and beneficial.
ICO Guidance on AI and Data Protection
The ICO’s AI and data protection guidance remains live and is under review following the Data (Use and Access) Act coming into force on June 19, 2025, so organisations must reassess UK GDPR controls for AI now rather than treating the guidance as static.
FCA AI live testing and innovation support
The FCA’s planned AI live testing service, with rollout targeted for September 2025, means financial firms should prepare to evidence model behavior, controls, and testing assumptions before engaging the regulator.
ICO AI guidance supports audit and enforcement activity
The ICO states its AI guidance will be used to inform audit functions and enforcement activity, so the guidance is not merely advisory and should be treated as a current supervisory baseline.
ICO AI guidance under review due to Data (Use and Access) Act
The ICO says its AI risk toolkit and individual-rights guidance are under review because the Data (Use and Access) Act came into law on 19 June 2025, so UK AI compliance teams should expect near-term guidance changes.
ICO investigation into Grok
The ICO has opened an investigation into Grok’s processing, showing that UK regulators are actively testing AI systems against data protection law now.
Applicable Frameworks
Key Topics
Weekly digest — coming soon
Leave your email to get the first issue when it ships. Free, no account required.
We use your email only for the digest. Privacy policy