The New Statesman has confirmed what many in regulated sectors already suspected: US and Chinese AI models are shaping British law without meaningful UK oversight. Your compliance obligations are being written by systems your firm does not control.
AI Governance  Trovix AuditLegal · Financial Services · Insurance · Accountancy

In April, the New Statesman revealed that large language model text has been incorporated into UK acts of parliament, and that AI analysed departmental bids during the June 2025 Spending Review. These are not theoretical concerns. Laws that affect how you operate, how you report to the FCA, PRA, SRA, or ICO, are being drafted using foundational models built in the United States and China—models the UK government does not own, cannot fully audit, and cannot guarantee will behave consistently tomorrow. This matters immediately to every mid-market law firm, insurer, financial services business and accountancy practice because regulatory requirements flow from these acts. If the laws embedding your compliance obligations are themselves written by opaque foreign AI, your ability to truly understand your obligations becomes compromised. You are being asked to comply with rules generated by systems you cannot interrogate.

This story is not an outlier. It is the logical endpoint of industry practice over the last two years. When Harvey, Legora, and Luminance began selling large language model automation to law firms and financial services businesses, the promise was efficiency. When Microsoft Copilot was embedded into Office 365 used by thousands of UK accountants and compliance teams, the assumption was that a well-trained model would simply make work faster. No one seriously asked: what happens when these tools are used to make decisions that affect regulated outcomes? What happens when government uses them to write the rules themselves? The answer is now visible. We have deployed foreign AI into the core of UK institutional decision-making without establishing governance frameworks, transparency standards, or meaningful audit trails. The EU AI Act at least attempted to create risk-based classification. The UK has preferred to move fast and hope the systems work.

Trovix's position is direct: this pattern reveals a fundamental failure in how the industry has approached AI deployment. The problem is not that AI is being used. The problem is that deployment has prioritised speed and cost reduction over governance and auditability. When a law firm uses an LLM to draft parts of a contract, that firm remains responsible under the SRA Code for the output—but the firm cannot truly audit what the model did or why, because the model operates inside a black box owned by a foreign company. When government uses AI to analyse spending bids, Parliament cannot explain the reasoning, because the model's logic is proprietary. This is not a problem that Copilot, Harvey, or similar general-purpose tools can solve, because they were not designed for it. They were designed for productivity, not accountability. Trovix Audit was built specifically to address this gap: it creates a governance and compliance dashboard that allows firms to understand what AI is actually doing in your workflows, where it is making decisions, what training data it used, and what it cannot be trusted to do alone. It is designed for regulated firms. It does not hide the model. It exposes it.

If your firm uses any AI tool—whether to draft documents, analyse risk, generate regulatory responses, or process client data—you need to know three things immediately. First, what decisions is this AI actually making versus supporting? Second, can you audit the reasoning and explain it to a regulator? Third, if the AI fails or produces output that violates FCA Consumer Duty PS22/9, SRA requirements, or ICO UK GDPR obligations, whose liability is that? If you cannot answer these questions, you are operating at risk. The New Statesman story about Parliament using foreign AI to write laws is not really about Parliament—it is a warning about what happens when governance lags behind deployment. Start by mapping every AI tool in your firm. Document what it does. Audit what it produces. Understand where it touches regulated decisions. Then decide whether your current AI stack gives you the visibility and control you need. For most mid-market firms, the answer is no. That is not a reason to stop using AI. It is a reason to start using it responsibly.

Source: New Statesman

Related Trovix product:

Trovix Audit →Book a demo →