本文目前仅提供英文版本。
AI Governance by Industry in the UK: FCA, ICO, CQC, and Sector-Specific Requirements
The UK's pro-innovation AI approach means sector regulators lead on AI governance. This industry-by-industry guide covers financial services (FCA), healthcare (CQC/MHRA), legal, education, and the cross-sector ICO framework.
Key Takeaways
The FCA's Consumer Duty (fully in force July 2023) is the primary AI governance framework for UK financial services — it requires AI to produce fair outcomes for consumers, not just technical compliance.
The MHRA regulates AI in medical devices under the UK Medical Devices Regulations — post-Brexit divergence from EU MDR means UK-specific regulatory pathways for clinical AI.
The ICO's AI and data protection guidance is the cross-sector baseline — all UK organisations using AI that processes personal data must comply, and the ICO's bias guidance creates obligations beyond discrimination law.
The CMA (Competition and Markets Authority) is increasingly active on AI in markets — algorithmic pricing, AI in platform competition, and AI in financial services are active CMA investigation areas.
The UK AI Safety Institute (AISI) focuses on frontier AI safety rather than everyday commercial AI governance — but its work informs the broader UK regulatory approach and is relevant for companies developing advanced AI systems.
"仅供参考。本文不构成法律、监管、财务或专业建议。如需具体指导,请咨询合格专家。"
The UK's sector-led AI governance landscape
Post-Brexit, the UK has deliberately differentiated its AI governance approach from the EU's AI Act. The UK approach is principles-based, sector-led, and deliberately avoids cross-sector AI legislation. This creates a governance landscape where understanding your sector regulator's expectations is the primary compliance task — with the ICO's data protection framework as the cross-sector baseline.
Financial services: FCA Consumer Duty and AI
The FCA's Consumer Duty is the most consequential AI governance development for UK financial services in recent years. Its outcome-based requirements — products and services must deliver fair outcomes for consumers — create a framework that reaches AI systems regardless of whether they are explicitly addressed. An AI pricing system that charges loyal customers more than new customers fails the price and value outcome. An AI customer service system that does not provide accessible support fails the consumer support outcome. An AI-generated communication that a customer cannot understand fails the consumer understanding outcome. The Consumer Duty is enforced through FCA supervision, and the FCA has signalled that AI-related Consumer Duty failures will receive enforcement attention.
Healthcare: MHRA and the UK SaMD pathway
The Medicines and Healthcare products Regulatory Agency regulates AI clinical decision support tools as medical devices under the UK Medical Devices Regulations 2002 (as amended). Post-Brexit divergence from EU MDR creates a UK-specific regulatory pathway for AI medical devices. The MHRA has been developing updated regulations and has published guidance on AI as a medical device. Healthcare organisations deploying clinical AI — including NHS trusts, private hospitals, and digital health companies — must assess whether their AI tools meet the SaMD definition and obtain appropriate regulatory clearance.