Tag: ukri ai research funding

  • Pro-Innovation AI Regulation: Three Years On

    A pro-innovation approach to AI regulation delivered exactly what its title promised for UK research institutions: no new AI regulator, no statutory duty, and continued reliance on existing bodies. Three years on, universities gained substantial research funding and an AI sandbox model, but the dedicated AI Act many assumed would eventually follow has still not arrived — even as the EU quietly loosens its own.

    A pro-innovation approach to AI regulation is the UK government’s March 2023 white paper setting out a non-statutory, principles-based framework in which existing sector regulators — rather than a new central AI authority — apply five cross-sectoral principles to AI use within their own remits.

    What the white paper actually promised research institutions

    Published by the Department for Science, Innovation and Technology on 29 March 2023, the white paper explicitly rejected an EU-style AI Act. Instead, it committed to five non-statutory principles — safety, security and robustness; appropriate transparency and explainability; fairness; accountability and governance; and contestability and redress — for regulators to interpret within existing remits.

    For research institutions, three commitments mattered most: a central government function to monitor cross-cutting AI risk, AI “sandboxes” allowing controlled real-world testing, and an explicit acknowledgement that foundation models developed or fine-tuned inside universities would fall under the same principles as commercial deployments. The paper also floated a fallback: if voluntary compliance proved insufficient, government reserved the option to introduce a statutory duty requiring regulators to have regard to the principles.

    What has materialised, three years on

    Judged against its own text, the framework has been substantially delivered — but the research-funding side of the ledger moved faster and further than the regulatory side.

    2023 white paper commitment Status by mid-2026 Detail
    Five non-statutory principles applied by existing regulators Delivered ICO, CMA, FCA and Ofcom apply the principles via the Digital Regulation Cooperation Forum; no new central AI regulator was created
    Central risk-monitoring function Delivered, narrowed The AI Safety Institute launched in November 2023 was renamed the AI Security Institute in February 2025, with bias and fairness work explicitly dropped from its remit
    AI sandboxes for controlled testing Delivered via new vehicle Cross-economy AI sandboxing powers now sit in the Regulating for Growth Bill, announced in the May 2026 King’s Speech, rather than in standalone AI legislation
    Statutory duty on regulators (fallback option) Not introduced No statutory duty to regard the principles has been legislated; the non-statutory model remains in force
    Research funding to build AI capability Delivered and exceeded UKRI committed £80 million to nine AI research hubs (February 2024) and £117 million to 12 AI Centres for Doctoral Training training around 900 PhD students, plus up to £60 million for two further labs at Oxford and UCL
    Dedicated AI Act Not delivered As of July 2026, no AI Bill has been laid before Parliament by government

    The research-funding commitments arguably over-delivered relative to the white paper’s own modest framing, which discussed capability-building only in general terms. The regulatory commitments, by contrast, tracked the white paper almost exactly: light-touch, sector-led, and still without primary legislation.

    Does the UK have an AI Act yet?

    No. The House of Commons Library’s research briefing, last updated 10 June 2026, states plainly that “the UK does not have any AI-specific regulation or legislation covering AI as a technology” — AI is instead regulated only through the lens of whatever sector or use case it appears in.

    The clearest signal of intent came in the May 2026 King’s Speech, where government introduced the Regulating for Growth Bill rather than a standalone AI Act. The Bill creates cross-economy sandboxing powers — explicitly covering AI-enabled products and services — and strengthens regulators’ existing “growth duty.” This is the 2023 white paper’s sandbox-and-existing-regulators architecture, carried into the one piece of legislation government did choose to bring forward, rather than superseded by it.

    The contrast with the EU sharpened rather than narrowed in 2026. Under the Digital Omnibus on AI, agreed by the Council and Parliament on 7 May 2026 and formally endorsed on 16 and 29 June 2026, the EU deferred applicability of high-risk obligations for standalone Annex III AI systems from 2 August 2026 to 2 December 2027 — a sixteen-month delay — and for product-embedded Annex I systems to 2 August 2028. The bloc that legislated first is now easing its own timetable in the same direction the UK chose from the start: slower, more sector-specific, less prescriptive. For research institutions running UK-EU collaborative projects, this means the compliance gap between the two regimes has narrowed in practice even as it remains wide in principle — EU partners still face a statutory Act; UK partners still do not.

    Answer-first Q&A

    Is there any regulation on AI in the UK?

    Yes, but not AI-specific regulation. AI use is governed by existing sectoral law — UK GDPR and the Data Protection Act for data processing, equality law for discrimination, and regulator guidance from the ICO, CMA, FCA and Ofcom applying the white paper’s five principles within their own remits.

    What are the guidelines for AI in the UK?

    The core guidelines are the white paper’s five cross-sectoral principles: safety, transparency, fairness, accountability and contestability. Regulators translate these into sector guidance; the ICO’s AI guidance and UKRI’s generative-AI guidance for grant applications and peer review are two research-relevant examples.

    Does the UK have any laws on AI?

    The UK has no AI-specific statute. AI-related legal obligations instead arise from existing frameworks — data protection, product safety, equality and sector regulation — applied to AI as a use case, a position the Commons Library confirmed again in its June 2026 briefing.

    What is the AI legislation in 2026?

    The main 2026 development is the Regulating for Growth Bill, announced in the King’s Speech, which creates cross-economy AI sandboxing powers and strengthens regulators’ growth duty. It is not a dedicated AI Act and does not replace the 2023 white paper’s non-statutory model.

    What this means for research administrators

    For institutions managing research integrity, ethics review and international collaboration, the practical position has not changed since 2023: there is still no single AI compliance regime to point to. Research offices assessing AI use in grant applications, peer review or data processing must continue mapping obligations across data protection, funder policy and sector guidance individually, rather than against one statute.

    • UKRI’s generative-AI guidance for grant applications and peer review remains the most directly applicable research-specific rule set.
    • The AI Security Institute’s narrowed remit means bias and fairness concerns in research AI tools sit with the ICO and funders, not a national safety body.
    • Cross-border projects with EU partners should track the Digital Omnibus’s revised 2027–2028 timetable separately from any UK sandbox rollout under the Regulating for Growth Bill.
    • No statutory duty exists yet requiring UK regulators to apply the five principles consistently, so guidance can still vary by sector and by regulator.

    The verdict, three years on

    The 2023 white paper’s central bet — that voluntary, principles-based, regulator-led governance would prove durable rather than a stopgap before statute — has held. Government has repeatedly reaffirmed rather than abandoned that bet, most recently by routing AI sandboxing through the Regulating for Growth Bill instead of standalone legislation. Research institutions received the funding side of the promise in full and then some; they received the regulatory side almost exactly as written, for better or worse. Whether that remains defensible depends on what the EU’s now-softening Act ends up looking like once its delayed obligations finally bite in December 2027 — at which point the UK’s three-year wait for clarity may look either prescient or merely prolonged.

    Research administrators tracking these obligations alongside authorship, funder mandates and evolving research-integrity standards can find related context in CASRAI’s research administration resources.