Licentium

AI Regulation Hub

United Kingdom

The UK has no horizontal AI Act. It uses a regulator-led, sector-based framework built on five cross-sector principles (safety, transparency, fairness, accountability, contestability), enforced through existing data-protection, financial, healthcare, consumer, online-safety, competition and equality regulators.

Key provisions

Five cross-sector AI principles

In force

Safety, security and robustness; transparency and explainability; fairness; accountability and governance; contestability and redress. Implemented through existing regulators.

ICO data-protection AI guidance

In force

Covers how UK data-protection principles apply to AI, how to explain AI-assisted decisions, and biometric and AI data-protection risks. Under review following the Data (Use and Access) Act 2025.

Sector-specific regulation

In force

Healthcare AI via medical-device rules; financial AI via FCA expectations; consumer-facing AI via consumer, competition, online-safety and equality law.

National Commission on Healthcare AI

Draft

UK Commission advising the MHRA on a future healthcare-AI regulatory framework.

Council of Europe AI Convention implementation

Draft

UK has signed the Convention; once domestically implemented it may add a human-rights, democracy and rule-of-law layer to UK AI governance.

Detailed overview

The United Kingdom does not currently have a single horizontal AI Act equivalent to the EU AI Act. The UK follows a regulator-led and sector-based framework. This means AI is regulated through existing legal regimes and regulators, depending on the sector, data involved, use case and risk profile.

Five cross-sector principles

The UK Government's AI framework is based on five cross-sector principles: safety, security and robustness; transparency and explainability; fairness; accountability and governance; and contestability and redress. These principles are implemented through existing regulators rather than through one central AI regulator.

Compliance by sector

In practice, UK AI compliance starts with the sector and the legal effect of the system. AI that processes personal data is regulated under UK data-protection law and ICO guidance. AI used in healthcare may fall under medical-device or healthcare regulation. AI used in financial services may be subject to financial-regulatory expectations. AI used in consumer services may trigger consumer-protection, competition, online-safety or equality-law issues.

ICO and data protection

The UK Information Commissioner's Office provides guidance on AI and data protection, including how UK data-protection principles apply to AI, how to explain decisions assisted by AI, and how to assess biometric and AI data-protection risks. The ICO notes that its AI and data-protection guidance is under review following the Data (Use and Access) Act 2025, so organisations should monitor changes to ICO guidance when using AI with personal data.

Healthcare AI

Healthcare AI is a specific area of UK development. The UK has created a National Commission into the Regulation of AI in Healthcare to advise the Medicines and Healthcare products Regulatory Agency on a future healthcare AI regulatory framework.

Penalties

There is no single UK AI fine table. Penalties depend on the legal regime involved. Data-protection breaches are enforced under UK data-protection law. Financial AI may be enforced by financial regulators. Healthcare AI may be enforced under healthcare or medical-device rules. Consumer-facing AI may be assessed under consumer, competition, online-safety or equality laws.

Council of Europe AI Convention

The UK has also signed the Council of Europe AI Convention. Once implemented domestically, the Convention may add a human-rights, democracy and rule-of-law layer to UK AI governance.

Ready to launch legally?

Book a 30-minute consultation. We'll map your licensing path and tell you exactly what's required, in plain language.

Get Started