UK AI Safety Framework
The UK's AI Safety framework — anchored by the AI Safety Institute and the DSIT principles — takes a pro-innovation approach to AI regulation that differs meaningfully from the EU's prescriptive AI Act.
The UK has deliberately chosen not to pass a comprehensive AI regulation equivalent to the EU AI Act. Instead, the UK government's approach — set out in the March 2023 AI white paper and subsequent publications — applies existing regulatory frameworks to AI through sectoral regulators (FCA for AI in financial services, CQC for AI in healthcare, ICO for AI and data protection) guided by five cross-cutting principles: safety, security and robustness; appropriate transparency and explainability; fairness; accountability and governance; contestability and redress.
The AI Safety Institute (AISI), established in November 2023, focuses on evaluating advanced AI models for safety risks — particularly frontier models that may pose systemic or catastrophic risks. The AISI conducts pre-deployment evaluations of frontier models and publishes safety research. For most organizations deploying AI systems, the AISI is not a direct compliance touchpoint — its evaluations focus on frontier model developers (OpenAI, Anthropic, Google DeepMind). However, AISI publications on evaluation methodology are increasingly referenced by sectoral regulators.
For organizations deploying AI in UK regulated industries, the practical AI compliance requirements flow through the sectoral regulators. The FCA's guidance on AI in financial services, the ICO's guidance on AI and data protection law, and the MHRA's guidance on AI/ML-based medical devices are the operative compliance frameworks. The UK's approach means AI compliance is contextual — it depends on the industry, the use case, and the risk level — rather than defined by a single comprehensive law.
We navigate the UK's sectoral AI regulatory landscape for clients deploying AI in regulated industries — mapping the applicable sectoral requirements (FCA for fintech, ICO for data processing, MHRA for medical devices), designing AI systems to satisfy those requirements, and aligning governance practices with the UK's five AI principles. Our teams track the evolving AISI and DSIT guidance and update compliance architectures accordingly.
Compliance-Native Architecture Guide
Design principles and a structured checklist for building software that is compliant by default — not compliant by retrofit. Covers data architecture, access controls, audit trails, and vendor due diligence.