Guides

Is There a UK AI Act? How AI Is Regulated in the UK (2026)

Is there a UK AI Act? No — as of 2026 the UK has no single AI statute. Here's how AI is actually regulated: a principles-based, regulator-led approach, contrasted with the EU AI Act. Cited.

By dgm · 2026-01-23 · Updated 2026-06-10 · 2 min read

“Is there a UK AI Act?” is one of the most common questions UK businesses ask — and the answer surprises people. Here’s the clear position for 2026, cited to official sources. (dgm implements osFoundry as an independent partner. This is general information, not legal advice.)

The short answer: no

There is no UK AI Act. As of June 2026, the UK has no single, omnibus AI statute. It deliberately rejected the EU’s horizontal-law model in favour of a principles-based, regulator-led approach. And no standalone AI Bill appeared in the King’s Speech of 13 May 2026 — instead the government announced a “Regulating for Growth Bill” whose main AI mechanism is cross-economy regulatory sandboxing powers, not binding AI duties.

So if you’ve been told “you need to comply with the UK AI Act”, that’s a misunderstanding — there isn’t one.

How AI is actually regulated

“No AI Act” does not mean “no rules”. UK AI obligations flow from existing cross-cutting law applied to AI:

Data protection — UK GDPR + Data Protection Act 2018, as amended by the Data (Use and Access) Act 2025;
Equality law (Equality Act 2010);
Consumer protection and product safety; and
Sector rules — the FCA (financial services), MHRA (medical devices), Ofcom (online safety).

The five principles

The 2023 white paper “A pro-innovation approach to AI regulation” set out five cross-sector principles that existing regulators apply within their remits:

safety, security and robustness;
appropriate transparency and explainability;
fairness;
accountability and governance;
contestability and redress.

Note the model: existing regulators apply the principles — there’s no new single AI regulator enforcing a statute.

The big caveat: the EU AI Act

Here’s what catches UK businesses out. The EU AI Act applies extraterritorially. A UK firm that places AI systems on the EU market, or whose AI output is used in the EU, can be in scope regardless of having no EU establishment — much like GDPR. So “no UK AI Act” doesn’t mean “no AI statute applies to you” if you touch the EU market. (See our dedicated guide on the EU AI Act for UK businesses.)

What this means in practice

For most UK businesses, compliance means: get your data protection right (lawful basis, DPIAs, transparency, automated-decision safeguards), meet your sector regulator’s expectations, and — if you sell into the EU — classify against the EU AI Act. The recurring UK theme across regulators is “human in the loop” and accountability.

Where osFoundry and dgm fit

dgm implements AI with compliance designed in — data control (self-host in your own cloud or an EU region; osFoundry publishes US/EU/JP regions, not a UK one), audit logging, and human oversight. We are an independent integration partner with zero integrations so far, and not a law firm — for legal compliance decisions, take qualified advice. To scope a compliant AI project, book a consultation with dgm.

Frequently asked questions

Is there a UK AI Act in 2026?

No. As of June 2026 the UK has no single, omnibus 'AI Act'. It deliberately rejected the EU's horizontal-statute model in favour of a principles-based, regulator-led approach. No standalone AI Bill appeared in the May 2026 King's Speech; the government announced a 'Regulating for Growth Bill' centred on regulatory sandboxing instead.

How is AI regulated in the UK then?

Through existing cross-cutting law applied to AI — data protection (UK GDPR / Data Protection Act 2018, as amended by the Data (Use and Access) Act 2025), equality law, consumer protection, product safety, and sector-specific rules (FCA, MHRA, Ofcom). Five cross-sector principles from the 2023 white paper guide how regulators apply their remits.

What are the five AI principles?

From the 2023 pro-innovation white paper: (1) safety, security and robustness; (2) appropriate transparency and explainability; (3) fairness; (4) accountability and governance; (5) contestability and redress. Existing regulators apply these within their sectors rather than a new single AI regulator enforcing a statute.

Does the EU AI Act apply to UK businesses?

It can. The EU AI Act applies extraterritorially — UK firms that place AI systems on the EU market, or whose AI output is used in the EU, are caught. So a UK business with no EU establishment can still fall within scope. See our dedicated guide on the EU AI Act for UK businesses.

Does 'no AI Act' mean AI is unregulated in the UK?

No. It means there's no single AI statute — but AI is still regulated through data protection, equality, consumer and sector law. You must still meet UK GDPR, the ICO's expectations, and your sector regulator's rules. 'No AI Act' is not 'no rules'.

Is There a UK AI Act? How AI Is Regulated in the UK (2026)

The short answer: no

How AI is actually regulated

The five principles

The big caveat: the EU AI Act

What this means in practice

Where osFoundry and dgm fit

Frequently asked questions

Ready to replace your SaaS stack with osFoundry?

Simple, transparent pricing

Initial consultation

AI integration

Is There a UK AI Act? How AI Is Regulated in the UK (2026)

The short answer: no

How AI is actually regulated

The five principles

The big caveat: the EU AI Act

What this means in practice

Where osFoundry and dgm fit

Frequently asked questions

Related reading

Ready to replace your SaaS stack with osFoundry?

Simple, transparent pricing

Initial consultation

AI integration