The UK government is drafting legislation with AI from US and Chinese companies, with no transparency controls. Your firm is probably doing the same thing — and your regulator has noticed.
AI Governance  Trovix AuditLegal · Financial Services · Insurance · Accountancy

The New Statesman has confirmed what many suspected but few wanted to admit: acts of parliament are now being written with assistance from large language models — specifically, foundational models built by US and Chinese companies. The UK government used AI to analyse departmental bids in the June 2025 Spending Review. This is not a future concern. It is happening now. For mid-market law firms, insurers, financial services providers and accountancy practices, this matters directly: the legislation and regulation that governs your sector, your compliance obligations, and your client relationships may have been drafted by systems you did not build, cannot audit, and whose training data you have no visibility into. If the SRA Code, FCA Consumer Duty PS22/9, or PRA SS1/23 guidance was shaped by AI from overseas, you need to understand what that means for the robustness of your compliance framework.

This story sits at the intersection of three trends that UK regulated firms have failed to integrate properly. First: the industry-wide adoption of off-the-shelf generative AI without proper governance — teams using ChatGPT, Copilot, or Claude on sensitive work because the tools are free and fast. Second: the assumption that because AI can write documents quickly, it can write them well, especially at scale and in domain-specific contexts where accuracy matters. Third: the absence of transparency requirements around AI use in government and regulated sectors. The New Statesman's story exposes the consequence: sovereignty and control have been traded for speed. Firms have been doing exactly the same thing internally, just with less public scrutiny. Tools like Harvey, Legora, and Luminance have raised standards in legal AI by building domain-aware systems with transparency and auditability baked in. But many firms still rely on generic LLMs with no meaningful governance layer. When parliament itself cannot guarantee the origins, training, or audit trail of AI used in legislation, why should the FRC or the ICO trust your firm's use of the same technology?

Here is Trovix's view: using foreign foundational models for regulatory or legislative work is not inherently wrong, but doing it without transparency is a governance failure. The UK AI Act requires transparency in high-risk AI systems. The FRC's ISA UK standards demand audit evidence. The PRA's SS1/23 framework requires firms to understand third-party AI risk. Yet government departments — and most regulated firms — are using these tools without the controls that would satisfy any of those frameworks. The difference between a responsible AI practice and a reckless one is not whether you use AI; it is whether you know what the AI is doing, can prove it, and can reverse or challenge it if needed. This is why implementation matters more than the tool itself. A mid-market firm using an off-the-shelf LLM with a governance dashboard is safer than a large firm using a specialist legal AI tool with no audit trail. Trovix Audit was built specifically to address this gap: not to prevent AI use, but to make it visible and defensible. Trovix Watch monitors regulatory change precisely because you cannot afford to miss the implications when rules are drafted with AI assistance.

What you should do right now: First, audit which AI tools your firm is using on regulated work — especially in drafting, analysis, and compliance tasks. If you cannot answer where the model came from or what training data it used, you have a governance problem. Second, map your AI use against the FCA's latest expectations on operational resilience and third-party risk. Third, if you have not already, implement a compliance dashboard that tracks AI use and outputs across your firm. This is not about blocking AI. It is about proving to your regulators that you have control. Finally, treat regulatory change monitoring as a critical function, not a back-office task. When parliament itself is using AI to draft law, you cannot afford to learn about changes after they land. A systematic approach to detecting regulatory shifts — and understanding whether they were AI-drafted — is no longer optional.

Source: New Statesman

Related Trovix product:

Trovix Audit →Book a demo →