Artificial Intelligence
Contents
- Legislation
- Case law
Key contact
Will Richmond-Coggan
Partner
Legislation
AI without an Act: Preparing UK businesses for 2026
Businesses in the UK are still operating without an AI Act on the statute book. This looks set to continue into 2026, with the landscape set instead by regulators issuing guidance and expanding their capabilities. In this context, businesses should actively manage AI risks through existing English laws, particularly data protection and contract law, strengthen governance across procurement and sales, and invest in AI literacy across their workforce.
Key technical developments in AI during 2025
2025 saw continued acceleration in advanced AI model development. Major providers released new frontier models such as OpenAI’s GPT 5 series and Google DeepMind’s Gemini 3 line, with significant improvements in reasoning, multimodality, and long context processing. These models can process combinations of text, images, audio and video within a single workflow, enabling richer and more capable automation.
These advancements mean that the opportunities presented by the use of AI continue to increase. AI is now embedded into a significant amount of daily work, supporting drafting, meeting summarisation, document analysis, customer interaction workflows, and more.
Data protection remains central
Data protection law remains the primary legal framework governing AI use in the UK. Key considerations include:
-
AI systems often rely on large scale processing of personal data, making lawful bases, data minimisation and purpose limitation essential
-
Automated decision making can trigger additional requirements, including meaningful human oversight and the ability to explain outcomes
-
The scale and speed of AI processing heighten risks of discrimination, bias or opaque outcomes
-
Outputs generated using personal data must comply with accuracy, fairness and security obligations under UK data protection law
Procurement and supply chain considerations
Customers face an array of new risks as suppliers embed AI features into their products and services, including:
- Accuracy or hallucination risks that may flow into customer facing or business critical outputs
- Compliance risks where suppliers’ model choices or configurations conflict with a customer’s data protection or contractual duties
- Potential disclosure of sensitive inputs to third party model providers through a supplier’s default platform settings
- Insufficient human oversight, resulting in errors that are difficult for customers to detect
All of these concerns are exaggerated for those businesses who are themselves incorporating AI features into their own customer-facing products and services.
AI literacy as a strategic advantage and a key method of risk mitigation
In light of the above, AI literacy is now essential for both competitiveness and risk control:
-
AI literate teams can use tools effectively, challenge outputs, identify efficiencies and innovate responsibly, making full use of advances in multimodal and autonomous capabilities
-
Teams must be able to recognise when outputs are unreliable or biased, understand the limits of automation and apply meaningful human oversight
-
Literacy across procurement, sales, operations and leadership improves understanding of supplier driven AI risks, responsible use expectations and legal implications
Implications for businesses
Businesses should:
- Assume accountability under existing English laws and build governance that evidences fairness, transparency and robust human oversight in AI enabled processes
- Strengthen procurement documents and supplier controls
- Carefully consider how AI is and should be incorporated into their own product and service delivery
- Invest in AI literacy across sales, procurement and operational teams so staff can identify regulatory obligations and apply appropriate oversight
Actions for businesses to consider
Update data protection frameworks for AI
- Conduct DPIAs for AI use cases
- Define lawful bases for that use
- Consider the need for meaningful human review for significant decisions
Review contracting process and documents:
- If purchasing AI led products and services:
- discuss and agree acceptable uses of AI within service delivery
- consider obligations requiring suppliers to use only specified AI models or approved alternatives
- address data handling responsibilities and oversight expectations
- consider warranties that require AI enabled systems to comply with UK GDPR and IP laws, along with any new AI legislation which may be enacted
- consider obligations for AI systems to be reviewed or updated in light of security concerns
- If using AI yourself:
- consider clauses requiring customers to use AI features in compliance with guidance you provide
- consider whether any disclaimers are required in relation to accuracy and bias in the system
- consider if and how liability should be limited for AI driven outputs
Launch targeted AI literacy programmes
- Consider how to safely encourage the review and adoption of AI led ways of working
- Consider issuing or updating AI policies and guidance
- Ensure teams understand the limitations of AI, including oversight duties and escalation routes
- Provide scenario based training on responsible AI use
- Embed risk checkpoints into client facing product and service delivery
- Train sales teams to explain AI functionality transparently and avoid over promising outcomes
Key contact
Will Richmond-Coggan
Partner
Other authors
Contact us today
Whatever your legal needs, our wide ranging expertise is here to support you and your business, so let’s start your legal journey today and get you in touch with the right lawyer to get you started.
Get in touch
For general enquiries, please complete this form and we will direct your message to the most appropriate person.