
UK’s AI regulation
In the UK, the government has adopted an agile, pro-innovation, sector-based approach to AI regulation. Avoiding disruption to responsible AI innovation is the government’s rationale for not rushing to legislate. A non-statutory approach could offer better adaptability.
In March 2023, the government published the AI White Paper. This set out a cross-sectoral, principles-based and regulator-led approach, with light-touch government involvement. This means the government has looked to empower existing UK regulators (including the Information Commissioner’s Office (ICO), Competition and Markets Authority (CMA), Financial Conduct Authority (FCA), Medicines and Healthcare products Regulatory Agency (MHRA) and Office of Communications (Ofcom)) to develop flexible and proportionate guidance to address the use of AI in their sectors, with a focus on the principles of:
- safety, security, robustness;
- transparency and explainability;
- fairness;
- accountability and governance; and
- contestability and redress.
To this end, the regulators were asked to report on how they are developing the proposals of the White Paper and their strategic approach to AI, the responses to which can now be found here. These updates could inform the government’s adaptive approach to AI, and may lead to a statutory duty being placed on regulators to have regard to the above principles.
Work has been underway to create a central government AI function to coordinate policy across sectors and promote information sharing between regulators. Investment (in the millions) has also been made to upskill regulators and support innovation in the AI market (though Labour has since scaled back certain funding that had been promised for AI projects).
The government recognises the importance of gap analysis to identify areas which require coverage or possible future regulation. This may be needed in relation to “highly capable general-purpose AI systems” to manage safety risks if this is deployed across multiple sectors (these are foundation models trained on huge datasets which can perform a wide variety of tasks, some to “superhuman” levels).
The UK has also sought to position itself as an international leader in providing a safe and trustworthy framework for AI development, having:
- supported Professor Yoshua Bengio on the International AI Safety Report in January 2025 alongside 32 other countries and intergovernmental organisations. The report outlines global risks and mitigation strategies for general purpose AI;
- introduced the AI Playbook for the Government in February 2025. The playbook offers guidance on using AI safely, effectively and securely for civil servants and people working in government organisations; and
- launched the AI Opportunities Action Plan in January 2025. This aims to integrate AI across public services and the economy and includes creation of AI Growth zones to fast-track infrastructure development.
It’s possible that the UK might still legislate for AI, particularly given the change in government. After the Artificial Intelligence (Regulation) Bill (Private Member’s Bill brought in House of Lords) failed to progress into law before the dissolution of Parliament ahead of the UK’s general election in 2024, the UK reintroduced it on 4 March 2025. The Bill is currently awaiting second reading in the House of Lords. In July 2024, the King’s speech also announced the Government’s plan to introduce AI-specific legislation. This built on Labour’s manifesto pledge to ensure the safe development and use of AI models, including the introduction of binding regulation on certain companies that develop the most powerful of these models.
Key legal risks / issues
1. Transparency and explainability: understanding how/why AI outputs are generated so the result is verifiable. This mitigates risks around errors and bias (see risk 3).
2. AI safety and accountability: the protection of data and rights and managing misinformation – making developers accountable and identifying the gaps which lack current regulatory oversight and may be prone to security breaches or attract similar negative exposure.
3. Errors and bias: how to manage and control hallucinations and discrimination in AI outputs. This requires an understanding of how the AI system is trained which takes us back to risk 1 on transparency and explainability.
Actions for consideration
1. Develop a company policy on the approach to AI within the business. Designate a governance owner.
2. Implement risk assessments for AI deployed, keep an inventory of systems and develop mitigation plans for high-risk areas. Take a look at our AI Risk Navigator Tool to help with this.
3. Review your existing contracts and talk to suppliers about use of AI. Think about AI when procuring new contracts and have the transparency from the outset on how your business is engaging with it.
4. Assess whether your organisation is caught by the extra-territorial reach of the EU AI Act, or (if not) intending to comply with that law e.g. to gain digital trust from customers/staff or to match your wider corporate group.
Related contacts


Lorna Doggett
Legal Director E: lornadoggett@eversheds-sutherland.com T: +44 20 7919 4698 View profile
© Eversheds Sutherland. All rights reserved. Eversheds Sutherland is a global provider of legal and other services operating through various separate and distinct legal entities. Eversheds Sutherland is the name and brand under which the members of Eversheds Sutherland Limited (Eversheds Sutherland (International) LLP and Eversheds Sutherland (US) LLP) and their respective controlled, managed and affiliated firms and the members of Eversheds Sutherland (Europe) Limited (each an "Eversheds Sutherland Entity" and together the "Eversheds Sutherland Entities") provide legal or other services to clients around the world. Eversheds Sutherland Entities are constituted and regulated in accordance with relevant local regulatory and legal requirements and operate in accordance with their locally registered names. The use of the name Eversheds Sutherland, is for description purposes only and does not imply that the Eversheds Sutherland Entities are in a partnership or are part of a global LLP. The responsibility for the provision of services to the client is defined in the terms of engagement between the instructed firm and the client.
Share this page