The UK's sector-led AI governance landscape
Post-Brexit, the UK has deliberately differentiated its AI governance approach from the EU's AI Act. The UK approach is principles-based, sector-led, and deliberately avoids cross-sector AI legislation. This creates a governance landscape where understanding your sector regulator's expectations is the primary compliance task — with the ICO's data protection framework as the cross-sector baseline.
Financial services: FCA Consumer Duty and AI
The FCA's Consumer Duty is the most consequential AI governance development for UK financial services in recent years. Its outcome-based requirements — products and services must deliver fair outcomes for consumers — create a framework that reaches AI systems regardless of whether they are explicitly addressed. An AI pricing system that charges loyal customers more than new customers fails the price and value outcome. An AI customer service system that does not provide accessible support fails the consumer support outcome. An AI-generated communication that a customer cannot understand fails the consumer understanding outcome. The Consumer Duty is enforced through FCA supervision, and the FCA has signalled that AI-related Consumer Duty failures will receive enforcement attention.
Healthcare: MHRA and the UK SaMD pathway
The Medicines and Healthcare products Regulatory Agency regulates AI clinical decision support tools as medical devices under the UK Medical Devices Regulations 2002 (as amended). Post-Brexit divergence from EU MDR creates a UK-specific regulatory pathway for AI medical devices. The MHRA has been developing updated regulations and has published guidance on AI as a medical device. Healthcare organisations deploying clinical AI — including NHS trusts, private hospitals, and digital health companies — must assess whether their AI tools meet the SaMD definition and obtain appropriate regulatory clearance.
