On AI, new UK gov't to work on 'appropriate' rules for 'most powerful' models and beef up product safety powers

There had been rumors the U.K.'s shiny new-in-post Labour government would commit to introducing a dedicated artificial intelligence bill on Wednesday as it unveiled its full legislation program amid the pomp of the state opening of parliament. In the event, the King's Speech contained a much more tentative commitment -- to "seek to establish the appropriate legislation to place requirements on those working to develop the most powerful artificial intelligence models."

Spokesmen for Number 10 Downing Street and the Department for Innovation, Science and Technology (DSIT) confirmed there is no plan for an AI bill yet. Nor were more details forthcoming when TechCrunch asked about the plan to work on formulating "appropriate" rules for the most powerful AI models.

Labour's election manifesto also pledged it would "ensure the safe development and use of AI models by introducing binding regulation on the handful of companies developing the most powerful AI models and by banning the creation of sexually explicit deepfakes."

The U.K. lags the European Union on this front. The bloc adopted a risk-based framework for regulating applications of AI late last year. The agreed text has since been affirmed and was published in the EU's Official Journal last week -- starting the clock ticking on various legal deadlines which will land on developers over the next few months and years, including some compliance requirements aimed at managing systemic risks of the most powerful general-purpose AI models.

Given the U.K. is still holding back on drafting legislation it may be keen to watch how the EU AI Act is implemented and takes effect. And what impact it has.

Labour's election manifesto also talked about ensuring "our industrial strategy supports the development of the Artificial Intelligence (AI) sector, removes planning barriers to new datacentres. And we will create a National Data Library to bring together existing research programmes and help deliver data-driven public services, whilst maintaining strong safeguards and ensuring all of the public benefit."

And the legislative plan unveiled today reiterates the government's desire to harness the power of data for economic growth -- which echoes the last (Conservative) administration's talk of using AI as a flywheel for wealth creation.

The King's Speech also mentions AI in a line that talks about "harness[ing] the power of artificial intelligence as we look to strengthen safety frameworks." This is presumably a reference to a plan to introduce a Product Safety and Metrology bill, where the government says it wants long-standing U.K. product rules to respond to new risks and tech advances -- such as AI.

The government says its aim with the product safety bill is to "support growth, provide regulatory stability and deliver more protection for consumers" -- including by "responding to new product risks and opportunities to enable the UK to keep pace with technological advances, such as Al."

Again, the EU is a few steps ahead here as the bloc's lawmakers have been working on rebooting product liability rules to account for risks of harm from software and AI since fall 2022.

Labour's manifesto also acknowledged that "regulators are currently ill-equipped to deal with the dramatic development of new technologies," and committed the party to creating "a new Regulatory Innovation Office" it said would bring together existing functions across government to help regulators better stay abreast of fast-paced tech developments.

Data reforms and cybersecurity

Elsewhere in the U.K.'s legislative plan there are a couple of other bills more squarely focused on tech policy.

First up, the government has committed to what it's calling a Digital Information and Smart Data bill.

This looks like a rehashing of some of the provisions in the post-Brexit data reform bill the prior government ending up dropping when former PM Rishi Sunak called a July 4 election, pulling the plug on parliamentary time to squeeze it through.

Such as a plan to allow scientists and "legitimate researchers" to be able to ask for "broad consent" for use of people's data to fire up research. And reforms to the U.K.'s data protection watchdog -- the Information Commissioner's Office -- which the government claims will modernize and strength the office.

A push around establishing "digital verification services" has also been revived -- and potentially expanded -- with the government saying it wants to “support the creation and adoption of secure and trusted digital identity products and services from certified providers to help with things like moving house, pre-employment checks, and buying age restricted goods and services.” Though any digital IDs are intended to be voluntary -- which, again, appears to be a similar approach to the EU's plans for its own digital ID scheme -- avoiding the controversy that would accompany any revived push for mandatory IDs.

The bill will also focus on encouraging what the government is calling "smart data schemes." This is aimed at fostering more secure sharing of customer data through authorized third-party providers (ATPs), such as can happen via the existing Open Banking regime. Introducing a legislative framework is intended to grow and expand the role of ATPs in delivering innovative services, per the government.

Giving an early assessment of Labour's direction of travel versus the last government's plans for post-Brexit data reforms, Edward Machin, a senior lawyer in Ropes & Gray's data, privacy & cybersecurity practice, told TechCrunch: "The indications are that Labour is cherry picking some of the concepts from the DPDIB [Data Protection and Digital Information Bill] that made most sense, particularly those around scientific research and secondary uses of data.

"Conversely, businesses that had been hoping for Labour to carry over the DPDIB’s approach to reducing compliance documentation look like they will be disappointed -- but as with all of these things the devil will be in the detail."

Additionally, the government's legislative program features a Cyber Security and Resilience bill which will focus on bolstering protections for public services in the wake of increasing cyberattacks on critical services and infrastructure such as hospitals, universities and local authorities.

"The Bill will strengthen our defences and ensure that more essential digital services than ever before are protected, for example by expanding the remit of the existing regulation, putting regulators on a stronger footing, and increasing reporting requirements to build a better picture in government of cyber threats," the government writes.

It also says the forthcoming cybersecurity legislation will mandate "increased incident reporting" to ensure it has better data on cyberattacks.

This report was updated with comment on the government's approach to data reform