The UK Government recently published its AI Governance and Regulation: Policy Statement (the “AI Statement”) setting out its proposed approach to regulating Artificial Intelligence (“AI”) in the UK. The AI Statement was published alongside the draft Data Protection and Digital Information Bill (see our blog post here for further details on the Bill) and is intended to live alongside the Government’s post-Brexit data protection reforms. The Statement builds on the UK Government’s ten year National AI Strategy (as detailed in our blog post here) and includes a call for views and evidence that closes on 26 September.

Unlike the EU’s cross-sector AI Act which is currently making its way through the legislative process (see our post on the proposed Regulation here), the AI Statement does not propose introducing a new standalone regulatory framework for AI. The UK Government notes that it does not think it is currently necessary to introduce legislation on AI; rather it envisages adopting a set of high-level AI principles to be developed and implemented by sectoral regulators. Regulators will be asked to consider guidance or voluntary measures in the first instance, and the UK Government will keep this non-statutory approach under review.

Scope – defining AI

The AI Statement does not put forward a universally applicable definition of AI, and instead suggests two broad characteristics that would put an AI system within the scope of regulation:

  • Adaptive systems that operate on the basis of instructions and “have not been expressly programmed with human intent”, highlighting in particular the difficulties in explaining the logic or intent by which an output has been produced; and
  • Autonomous systems that can operate in dynamic environments by automating complex tasks and making decisions without the ongoing control of a human, highlighting the challenges of assigning responsibility for actions taken by AI systems.

The UK Government hopes that this approach can be as flexible as the technology requires and regulators will be able to develop a more granular and bespoke definition of AI within each sector.

Cross-sectoral AI principles

The AI Statement identifies several key challenges the Government will seek to address as part of its approach to regulating AI: lack of clarity over how the UK’s existing laws apply to AI; inconsistency between the powers of regulators to address the use of AI within their remit; and current and future AI risks not being adequately addressed by existing legislation. The AI Statement confirms that the UK is heading towards a sector-based approach for AI regulation, and asserts that regulators are best placed to shape the approach for their area of expertise. The intention is that AI regulation should be context-specific, and that interventions are based on “real, identifiable, unacceptable levels of risk” so as not to stifle innovation.

Acknowledging that there’s less uniformity in a cross-sectoral approach, the AI Statement proposes that all regulation of AI systems be subject to six overarching principles to ensure coherence and streamlining. The six principles are based on the OECD’s Principles on AI (as previously discussed on this blog) and demonstrate the UK’s commitment to them:

  1. Ensure that AI is used safely
  2. Ensure that AI is technically secure and functions as designed
  3. Make sure that AI is appropriately transparent and explainable
  4. Embed considerations of fairness into AI
  5. Define legal persons’ responsibility for AI governance
  6. Clarify routes to redress or contestability

These principles will be interpreted and implemented by existing regulators. The AI Statement notes that in considering the roles, powers, remits and capabilities of regulators, the Government will work with a broad selection of regulators, such as the Information Commissioner’s Office (“ICO”), the Competition and Markets Authority (“CMA”), Ofcom, the Medicine and Healthcare Regulatory Authority (“MHRA”) and the Equality and Human Rights Commission (“EHRC”). Importantly, the Government will consider if there is a need to update the powers and remits of these regulators to be able to apply this new regime, noting at the same time that equal powers for regulators is unnecessary, and neither is a uniform approach.

Next steps

In addition to the AI Statement, the Government published its AI Action Plan, rounding up actions taken and planned to deliver the UK’s National AI Strategy. The plan confirms that a white paper on AI governance will be published towards the end of this year along with a public consultation. The call for views that forms part of the AI Statement will be open until 26 September.

* * * *

Covington regularly advises the world’s top technology companies on their most challenging regulatory, compliance, and public policy issues in the UK and other major markets. We are monitoring the UK’s developments very closely and will be updating this site regularly – please watch this space for further updates.

Marianna Drake

Marianna Drake is an associate in the technology regulatory group in the London office. Her practice focuses on European data protection law and new policies and legislation relating to innovative technologies such as artificial intelligence and online platforms. Her practice encompasses regulatory compliance…

Marianna Drake is an associate in the technology regulatory group in the London office. Her practice focuses on European data protection law and new policies and legislation relating to innovative technologies such as artificial intelligence and online platforms. Her practice encompasses regulatory compliance and advisory work. Marianna also advises clients on policy developments in online content and online safety.

Photo of Mark Young Mark Young

Mark Young, an experienced tech regulatory lawyer, advises major global companies on their most challenging data privacy compliance matters and investigations.

Mark also leads on EMEA cybersecurity matters at the firm. He advises on evolving cyber-related regulations, and helps clients respond to…

Mark Young, an experienced tech regulatory lawyer, advises major global companies on their most challenging data privacy compliance matters and investigations.

Mark also leads on EMEA cybersecurity matters at the firm. He advises on evolving cyber-related regulations, and helps clients respond to incidents, including personal data breaches, IP and trade secret theft, ransomware, insider threats, and state-sponsored attacks.

Mark has been recognized in Chambers UK for several years as “a trusted adviser – practical, results-oriented and an expert in the field;” “fast, thorough and responsive;” “extremely pragmatic in advice on risk;” and having “great insight into the regulators.”

Drawing on over 15 years of experience advising global companies on a variety of tech regulatory matters, Mark specializes in:

  • Advising on potential exposure under GDPR and international data privacy laws in relation to innovative products and services that involve cutting-edge technology (e.g., AI, biometric data, Internet-enabled devices, etc.).
  • Providing practical guidance on novel uses of personal data, responding to individuals exercising rights, and data transfers, including advising on Binding Corporate Rules (BCRs) and compliance challenges following Brexit and Schrems II.
    Helping clients respond to investigations by data protection regulators in the UK, EU and globally, and advising on potential follow-on litigation risks.
  • GDPR and international data privacy compliance for life sciences companies in relation to:
    clinical trials and pharmacovigilance;

    • digital health products and services; and
    • marketing programs.
    • International conflict of law issues relating to white collar investigations and data privacy compliance.
  • Cybersecurity issues, including:
    • best practices to protect business-critical information and comply with national and sector-specific regulation;
      preparing for and responding to cyber-based attacks and internal threats to networks and information, including training for board members;
    • supervising technical investigations; advising on PR, engagement with law enforcement and government agencies, notification obligations and other legal risks; and representing clients before regulators around the world; and
    • advising on emerging regulations, including during the legislative process.
  • Advising clients on risks and potential liabilities in relation to corporate transactions, especially involving companies that process significant volumes of personal data (e.g., in the adtech, digital identity/anti-fraud, and social network sectors.)
  • Providing strategic advice and advocacy on a range of EU technology law reform issues including data privacy, cybersecurity, ecommerce, eID and trust services, and software-related proposals.
  • Representing clients in connection with references to the Court of Justice of the EU.
Tomos Griffiths

Tomos Griffiths is a Trainee who attended Durham University

Photo of Lisa Peets Lisa Peets

Lisa Peets leads the intellectual property and technology and media groups in the firm’s London office. Ms. Peets divides her time between London and Brussels, and her practice embraces legislative advocacy, trade and IP enforcement. In this context, she has worked closely with…

Lisa Peets leads the intellectual property and technology and media groups in the firm’s London office. Ms. Peets divides her time between London and Brussels, and her practice embraces legislative advocacy, trade and IP enforcement. In this context, she has worked closely with leading multinationals in a number of sectors, including many of the world’s best-known software and hardware companies.

On behalf of her clients, Ms. Peets has been actively engaged in a wide range of law reform efforts in Europe, on multilateral, regional and national levels. This includes advocacy on EU and national initiatives relating to e-commerce, copyright, patents, data protection, technology standards, compulsory licensing, IPR enforcement and emerging technologies. Ms. Peets also counsels clients on trade related matters, including EU export controls and sanctions rules and WTO compliance.

In the IP enforcement space, Ms. Peets coordinates a team of lawyers and Internet investigators who direct civil and criminal enforcement actions in countries throughout Europe and who conduct global notice and takedown programs to combat Internet piracy.

Ms. Peets is a member of the European Commission’s Expert Group on reform of the IP Enforcement Directive.