UK AI POLICY: A TEMPLATE FOR A NEW DIRECTION

The result is a striking gap between the UK's ambitious AI adoption agenda and the EU's comprehensive, legally binding AI Act—a gap that creates both competitive opportunity and compliance complexity for businesses operating across both markets.

This matters because the UK is Europe's largest AI economy. According to UK government data, 185 tech startups are now valued over $1 billion, and UK AI firms raised £4.7 billion in 2025 alone. Yet roughly 70% of UK workers hold jobs with significant AI task exposure, and early evidence suggests measurable employment displacement is already underway. For businesses using AI in marketing operations, understanding this regulatory landscape is essential for responsible deployment.

The UK Has No AI Legislation—And May Not Get One Soon

The centrepiece absence in UK AI policy is legislation. The July 2024 King's Speech promised a bill to impose requirements on developers of the "most powerful" AI models and make voluntary safety commitments legally binding. That bill never materialised.

In June 2025, the government pivoted from a short, focused bill to a more comprehensive measure in the next parliamentary session. By December 2025, Technology Secretary Liz Kendall told the Science, Innovation and Technology Committee she envisioned addressing AI harms through targeted, sector-specific action "rather than a big all-encompassing bill."

The Data (Use and Access) Act 2025: What Changed

The most significant enacted legislation with AI relevance is the Data (Use and Access) Act 2025, which received Royal Assent on 19 June 2025. It doesn't regulate AI directly but reshapes the legal terrain in two critical ways:

1. Relaxed automated decision-making rules: Organisations can now use any lawful basis for solely automated decisions with legal or similarly significant effects, provided they implement safeguards including transparency, meaningful human intervention, and the right to contest. Key provisions commenced on 5 February 2026.

2. Copyright deadline: The Act sets a statutory deadline of 18 March 2026 for the government to publish an economic impact assessment and report on the use of copyright works in AI development—the most consequential near-term policy milestone.

For businesses managing customer data through platforms like HubSpot, these changes have direct implications for how you configure automated workflows and marketing automation systems.

Labour's AI Strategy: Billions Invested, Regulation Deferred

The Labour government's AI strategy rests on the AI Opportunities Action Plan, authored by Matt Clifford and published in January 2025. All 50 recommendations were accepted. A "One Year On" progress report published on 29 January 2026 reported 38 of 50 actions met—a 76% completion rate tracked on a public dashboard.

The Investment Numbers

The 2025 Spending Review allocated £2 billion for AI through 2029/30, including:

• Approximately £1 billion for sovereign compute capacity
• £750 million for a next-generation supercomputer in Edinburgh
• Up to £500 million for a UK Sovereign AI Unit
• £240 million for the AI Security Institute

UK AI compute capacity surged from 2 ExaFLOPs in 2024 to 21 ExaFLOPs in 2025, targeting 420 ExaFLOPs by 2030. Five AI Growth Zones have been designated across Great Britain—Culham, Cambois, North Wales, South Wales, and Lanarkshire—generating £28.2 billion in private investment and over 15,000 jobs.

The Philosophical Shift

Despite manifesto commitments to binding regulation, Labour has pivoted decisively toward growth. The February 2025 Paris AI Action Summit saw the UK and US as the only countries refusing to sign the international AI declaration. The AI Safety Institute was rebranded to the "AI Security Institute" in February 2025, explicitly excluding bias and freedom of speech from its remit to focus on national security threats. The October 2025 "Blueprint for AI Regulation" introduced AI Growth Labs—regulatory sandboxes where rules are temporarily relaxed under supervision.

Copyright Reform: The Most Contentious Battleground

The UK copyright debate has become the most contentious domain of AI policy. The government's initially preferred approach—expanding text and data mining exceptions to cover commercial AI training, with an opt-out mechanism for rightsholders—has been effectively abandoned following overwhelming opposition.

A December 2024 consultation received over 11,500 responses. The results were unambiguous: 88% supported mandatory licensing (Option 1), whilst only 3% backed the government's preferred opt-out model (Option 3). Over 1,000 music artists created a "silent album" in protest. High-profile figures including Paul McCartney, Kate Bush, Elton John, and Hans Zimmer spoke out. The Writers' Guild called the proposal "industrial-scale theft."

The Getty Images Judgment: A Warning Sign

The landmark Getty Images v Stability AI judgment in November 2025—the first UK court ruling on AI copyright—exposed a critical gap. The High Court found that Stable Diffusion's model weights did not "store, reproduce, or contain" Getty's images, so the model was not an "infringing copy." Getty abandoned its primary infringement claim after accepting it could not prove training occurred in the UK.

The case underscored that current law is inadequate for addressing AI training conducted overseas. Getty has been granted permission to appeal. For businesses creating content—whether through traditional means or AI-assisted tools—understanding these evolving copyright boundaries is essential. Whitehat's approach to AI usage in marketing prioritises transparency and human oversight precisely because of this legal uncertainty.

UK vs EU: The Dual Compliance Reality

The philosophical gap between UK and EU approaches is now a structural feature of the regulatory landscape. The EU AI Act—the world's first comprehensive binding AI law—entered into force in August 2024 with phased implementation:

• 2 February 2025: Prohibitions on unacceptable-risk AI and AI literacy requirements
• 2 August 2025: Rules for general-purpose AI models
• 2 August 2026: Majority of high-risk system obligations (though the Commission's "Digital Omnibus" proposal may delay some deadlines)

For UK businesses, the practical consequence is a dual compliance burden. Any AI system whose outputs are used in the EU falls under the EU AI Act's extraterritorial reach, regardless of where the provider is based. UK firms must simultaneously satisfy UK principles-based guidance and EU legal requirements, typically defaulting to the stricter EU standard—the so-called "Brussels Effect."

One significant relief came in December 2025, when the European Commission renewed UK data adequacy until 2031. However, no AI-specific mutual recognition arrangement exists. Businesses using integrated platforms like HubSpot CRM should ensure their data governance configurations reflect both UK GDPR and potential EU requirements.

Corporate AI Governance: What's Required Now

The absence of binding AI legislation does not mean the absence of obligation. UK businesses face a web of existing requirements that apply to AI, and the direction of travel points firmly toward more structured governance.

The ICO Is Already Enforcing

The Information Commissioner's Office is the most active regulatory force. Its December 2024 generative AI consultation outcomes established that legitimate interests can support web-scraping for AI training, but organisations must assess alternatives like data licensing, define purposes specifically (not just "training AI models"), and conduct broad harm assessments.

A statutory code of practice on AI and automated decision-making—mandated by the Data (Use and Access) Act—is expected during 2026 and will represent the closest thing to binding AI-specific regulation. The ICO's January 2026 report on agentic AI confirmed that agentic systems remain fully subject to UK GDPR, with particular attention to decisions producing legal or similarly significant effects.

Best-Practice Governance Requirements

Best-practice corporate AI governance in the UK now requires, at minimum:

ISO/IEC 42001:2023 has emerged as the primary certifiable AI management system standard. BSI became the first certification body accredited by UKAS to certify against it, with organisations like Darktrace achieving certification in July 2025. For organisations operating in both UK and EU markets, ISO 42001 offers a practical framework for implementing EU AI Act compliance in a "repeatable and auditable" way. If you're considering how to structure AI governance alongside your marketing technology stack, our guide to AI ethics consultants outlines the key questions to address.

The Workforce Impact: Policy Lags Behind Reality

The labour market data paints an increasingly urgent picture. An estimated 70% of UK workers hold occupations containing tasks AI could perform or enhance—higher than the US at approximately 60%, reflecting the UK's service-heavy economy.

A King's College London study published in October 2025, analysing millions of job postings and LinkedIn profiles, found that firms with highly AI-exposed workforces reduced total employment by 4.5% on average, with junior positions falling 5.8%. High-salary occupations saw a 34.2% decline in job postings.

The government's response centres on the AI Skills Boost programme, which delivered over 1 million free AI courses since its June 2025 launch and now targets 10 million workers by 2030. DSIT established an AI and Future of Work Unit in January 2026, a cross-government body tasked with monitoring AI's labour market impacts—but its mandate is to "boost economic growth" alongside supporting workers. The growth-first philosophy remains dominant.

Key Dates: What Businesses Should Prepare For

The UK's AI regulatory landscape will shift meaningfully over the next 18 months, even if comprehensive legislation remains elusive. Track these milestones closely:

What This Means for Your Business

The UK's AI policy in 2025–2026 is defined by a paradox: extraordinary investment ambition paired with regulatory hesitation. The government has delivered impressively on infrastructure—compute capacity grew tenfold in a single year, billions in private investment flowed in, and public-sector AI adoption accelerated. But the promised binding framework remains absent, leaving the UK reliant on a patchwork of existing regulations, voluntary commitments, and sector-specific guidance.

For businesses, the practical takeaway is clear: prepare for EU AI Act compliance as the binding baseline whilst building governance frameworks that satisfy UK requirements. The UK's lighter-touch approach offers flexibility but not exemption—the ICO, FCA, and MHRA are actively applying existing powers to AI.

The copyright reset is the most consequential policy shift underway. The government's admission that starting with a preferred opt-out model was "a mistake," combined with the March 2026 statutory deadline, means this area will see the most substantive policy development in the near term.

The workforce dimension adds urgency: with 70% of UK jobs exposed to AI disruption and early evidence of employment displacement, the race between AI adoption and worker readiness will shape the political appetite for regulation in the years ahead. Businesses that invest now in responsible AI governance—transparent policies, human oversight, proper data foundations—will be better positioned regardless of which direction policy takes.

Frequently Asked Questions

References & Further Reading

1. UK Government. AI Opportunities Action Plan. Published 13 January 2025.
2. UK Government. AI Opportunities Action Plan: One Year On. Published 29 January 2026.
3. UK AI Opportunities Action Plan Dashboard. delivery.ai.gov.uk. Progress tracker.
4. European Commission. EU AI Act Regulatory Framework. Implementation timeline and guidance.
5. EU Artificial Intelligence Act. Implementation Timeline. Key dates and obligations tracker.
6. Clifford Chance. Unpacking the UK's AI Action Plan. Legal analysis, January 2025.
7. Hogan Lovells. AI Opportunities Action Plan: A Critical Review. Legal perspective, January 2025.
8. Reed Smith. The UK Government's AI Growth Agenda in 2025. April 2025.

Related Articles