Articles

The Digital Assurance Playbook took effect from 1 April and requires government assurance teams to test AI initiatives against the UK government’s AI Playbook and the Algorithmic Transparency Reporting Standard. The MHRA expanded its AI Airlock programme with three years of funding to scale sandbox testing for AI as a medical device. The FCA announced the second cohort for AI Live Testing, extending supervised live experimentation in financial services and committing to further good and poor practice output later this year. The PRA Business Plan 2026/27 made responsible AI adoption and monitoring of firms’ AI use an explicit supervisory priority for the year ahead. Ofqual published Artificial intelligence malpractice and assessment - advice note, clarifying how existing qualification rules apply to AI-related misuse.

Information Commissioner’s Office (ICO) backed a joint statement by 61 data protection authorities warning about privacy risks from AI-generated realistic imagery/video of identifiable people without consent, with particular concern for harms to children. Financial Conduct Authority (FCA) published its new Regulatory Priorities: Insurance report, including a planned Q1 2026 “Artificial Intelligence review” to engage industry on AI uses, risks, opportunities, and barriers to safe adoption in insurance.

This report tracks concrete shifts in UK AI governance that change what organisations may need to do in practice. The strongest signals this fortnight were online safety enforcement moving into active investigations, and central government tightening the practical foundations for public sector AI use through data readiness and transparency tooling.

This edition focuses on how UK AI governance is shifting into day to day oversight. It highlights online safety escalation routes, data protection scrutiny of high profile generative AI, and cyber delivery signals that affect AI dependent public services and supply chains.

Scotland’s AI Strategy is framed as a collectively developed governance approach, built through public and stakeholder engagement, and delivered through ‘Collective Leadership’ rather than a fixed, top-down legal framework. It relies on a ‘co-production’ model and a living playbook style of implementation, so principles and practices evolve with participation as the ecosystem learns what works.

This period shows UK AI governance becoming more operational: Ofcom is now issuing repeat Online Safety Act penalties and activating the fees regime; government teams are rolling out practical ethics tooling for AI use in public services; and cyber resilience legislation is moving through Parliament with the ICO setting out what expanded oversight could mean for digital and managed service providers. EU sandbox implementation work and wider transatlantic friction around online regulation remain important for UK organisations with cross-border exposure.

This fortnight is defined by (1) new UK international AI and science partnership announcements, (2) a clear shift from guidance to enforcement under the Online Safety Act, and (3) EU implementation work (sandboxes) alongside the Digital Omnibus simplification track that UK EU-facing providers must monitor.