Learning modules and courses on AI law, AI governance, and related regulation.
Date
2026-05-01
Snapshot
- The Digital Assurance Playbook took effect from 1 April and requires government assurance teams to test AI initiatives against the UK government’s AI Playbook and the Algorithmic Transparency Reporting Standard.
- The MHRA expanded its AI Airlock programme with three years of funding to scale sandbox testing for AI as a medical device.
- The FCA announced the second cohort for AI Live Testing, extending supervised live experimentation in financial services and committing to further good and poor practice output later this year.
- The PRA Business Plan 2026/27 made responsible AI adoption and monitoring of firms’ AI use an explicit supervisory priority for the year ahead.
- Ofqual published Artificial intelligence malpractice and assessment - advice note, clarifying how existing qualification rules apply to AI-related misuse.
1. Central government gives AI assurance a firmer operating frame
The most important cross-government development was the publication of the Digital Assurance Playbook, published by DSIT and effective from 1 April 2026. The Playbook replaces the previous digital and technology spend-controls guidance and sits inside the new RESET framework for digital assurance and approvals. For AI-related initiatives, the Playbook says assurance teams should check whether the principles in the UK government’s AI Playbook are being followed, including lawful and ethical use, secure use, and understanding the technology’s limitations. It also says that initiatives using algorithmic tools, including AI-related tools, should be checked against the Algorithmic Transparency Reporting Standard, expressly linking AI deployment to transparency and accountability expectations rather than leaving those issues to optional good practice. This is a meaningful governance step because it embeds AI oversight into the machinery of project assurance rather than treating it as a separate policy exercise.
2. MHRA strengthens the regulatory sandbox route for healthcare AI
Healthcare AI also saw a concrete governance advance. On 8 April, the MHRA announced a three-year funding expansion for its AI Airlock programme, describing it as the UK’s first regulatory sandbox for artificial intelligence as a medical device. DHSC has allocated £1.2 million a year for 2026 to 2029, allowing the programme to move beyond annual funding constraints. The MHRA says the expanded programme will support more ambitious, longer-term testing models and help create a more sustainable regulatory pathway for future AI medical technologies. It also states that insights from AI Airlock are feeding into the work of the National Commission into the Regulation of AI in Healthcare, tying sandbox learning directly to the design of a future regulatory framework. That makes this more than an innovation announcement. It is a structural investment in evidence-based regulation for adaptive and clinically deployed AI. Rather than waiting for fully formed legislation, the MHRA is using supervised real-world testing to identify regulatory gaps early and to shape the next generation of healthcare AI oversight.
3. The FCA pushes AI supervision further into live deployment
On 21 April, the FCA announced the second cohort of firms selected for AI Live Testing. Eight firms, including major incumbents and established fintech players, were chosen to test AI applications in live settings with FCA support and technical assurance from Advai. The FCA says the initiative is designed to help firms explore risk management and live monitoring questions in support of responsible AI deployment for consumers and markets. The use cases in the second cohort show how supervision is moving closer to actual market deployment. The FCA says firms are testing customer-facing and business-to-business applications, including targeted investment support, credit score insights, agentic payments, anti-money laundering detection and know-your-customer tools. Testing began in April, will run to the end of the year, and will be followed by an evaluation report in Q1 2027. The FCA also says it will publish a good and poor practice report for AI in financial services later in 2026. It means the regulator is trying to generate evidence, establish expectations and separate acceptable from weak deployment practice before deciding whether additional interventions are needed.
4. Prudential supervision makes AI adoption a standing risk issue
The prudential side of financial regulation also hardened. In its Business Plan 2026/27, published on 17 April, the PRA said it will support responsible AI adoption by continuing to monitor the evolving use of AI by regulated firms as part of its work on new and emerging risks. The same plan says the PRA will continue collaboration and dialogue with industry around safe AI adoption, reflecting the increasing use of AI within PRA-regulated firms. That language matters because it places AI inside the prudential mainstream. The PRA is no longer treating AI as an adjacent innovation topic; it is framing it as part of ongoing supervisory work on resilience, outsourcing, concentration and governance. The plan also notes that emerging technology tools will be used within the regulator’s own processes, adding a parallel emphasis on internal regulatory modernisation. Taken with the Bank’s early-April financial stability work, this April business-plan language shows a clearer division of labour in UK financial AI governance: the FCA is expanding live testing and practice development, while the PRA is embedding AI within prudential supervision and risk monitoring.
5. Ofqual clarifies how qualification rules apply to AI misuse
On 27 April, Ofqual published Artificial intelligence malpractice and assessment - advice note. The note says it is intended to help awarding organisations understand how existing Conditions of Recognition and related guidance apply to malpractice risks arising from learners’ use of AI tools. Ofqual is clear that the note does not create new regulatory requirements. It identifies the practical questions awarding organisations should now be addressing: where AI-related malpractice may threaten assessment integrity, what taking “all reasonable steps” might look like in this context, and whether existing arrangements remain effective as AI tools develop. Existing educational regulation is being actively interpreted for generative AI conditions, and that interpretive step itself changes compliance expectations. For schools, colleges and awarding bodies, the direction of travel is towards tighter procedural controls rather than tolerance of informal patchwork responses.
Outlook
The UK Government assurance now treats AI as a standard point of delivery scrutiny, healthcare regulators are investing in sandbox-based rule formation, financial regulators are splitting their work between live testing and prudential supervision, and education regulators are clarifying how old rules govern new AI misuse. The UK model remains decentralised, but it is becoming more operational, more sector-specific, and more difficult for deployers to dismiss as merely strategic guidance.
Sources: Department for Science, Innovation and Technology, Medicines and Healthcare products Regulatory Agency, Financial Conduct Authority, Bank of England, Ofqual