UK AI regulatory developments tracked across FCA, PRA, SRA, FRC, ICO and Lloyds. Updated as guidance is published. Relevant to legal, insurance, financial services and accountancy firms.
REGULATORY INTELLIGENCE

UK AI Regulatory Tracker

What the FCA, PRA, SRA, FRC, ICO and Lloyd's are saying about AI. Updated as guidance is published.

Last updated: May 2026

FCA

AI and Consumer Duty

ACTION REQUIRED

Consumer Duty (PS22/9) applies fully to AI-assisted decisions in retail financial services. Firms must demonstrate fair outcomes, maintain explainability for every AI-assisted customer decision, and evidence that AI does not create foreseeable harm. The FCA is conducting targeted reviews of AI governance frameworks in 2026.

Consumer Duty PS22/9Explainability required
SRA

GenAI in Legal Practice

NEW GUIDANCE

The SRA Risk Outlook identifies three primary risks: client confidentiality breaches, competence failures from over-reliance on AI, and supervision gaps. Firms must have documented AI governance policies and supervise AI-assisted work at partner level. A Good Practice Note is expected Q3 2026.

SRA Code of ConductClient confidentiality
FRC

AI in Audit

PUBLISHED

World-first guidance on generative and agentic AI in audit published March 2026. Three risk categories: reliability risk, judgment displacement and documentation gaps. Applies to all FRC-registered firms with immediate effect. Every AI-assisted audit judgment must be documented.

ISA (UK) 200Audit documentation
PRA

AI Model Risk

UNDER REVIEW

SS1/23 on model risk management now explicitly covers ML models in credit, market and operational risk. Firms must assess AI concentration risk and maintain human oversight of material AI-assisted decisions. Due diligence required on third-party AI models.

SS1/23 Model RiskHuman oversight
EU AI ACT

High-Risk Systems — August 2026

DEADLINE AUG 2026

High-risk AI system requirements apply from August 2026. Credit scoring, insurance underwriting and employment decisions are classified high-risk under Annex III. UK firms serving EU clients must comply. Conformity assessment and EU AI database registration required.

Annex III high-riskAugust 2026
ICO

AI and Data Protection

PUBLISHED

Guidance for controllers covers lawful basis for AI training, automated decision-making under UK GDPR Article 22, and DPIAs for high-risk AI processing. Controllers deploying AI in credit, insurance and legal decisions must conduct DPIAs before deployment.

UK GDPR Article 22DPIA required

Need help navigating AI compliance?

Trovix builds regulatory governance into every AI integration as standard.

Talk To Us