The New Statesman's April report that AI-generated text has been baked into British acts of parliament—and that the June 2025 Spending Review relied on large language models to decide public funding for housing, schools and hospitals—is not an interesting tech story. It is a governance failure with direct consequences for every regulated firm in the UK. If the Treasury and parliamentary counsel are using closed-box AI systems from US and Chinese providers to draft legislation and allocate billions in public spending, without declared audit trails or algorithmic impact assessments, then the entire regulatory apparatus that governs you—the FCA, the SRA, the PRA, the FRC—is operating on foundations that cannot be inspected, challenged or explained. This is the opposite of the transparency and accountability demanded of firms under the Consumer Duty (PS22/9), the SRA's ethical conduct standards, and the PRA's operational resilience requirements (SS1/23). Your regulator has outsourced its decision-making to systems it does not understand. You will be held to a standard it does not meet.

This is part of a larger pattern. The market for AI in professional services has been dominated for the past two years by vendors selling general-purpose large language models—Claude, GPT-4, Gemini—wrapped in light compliance clothing. Firms have adopted these tools rapidly because they are cheap, easy and genuinely useful for drafting first passes of documents, extracting data from contracts, and accelerating fee-earning work. But this adoption has been almost entirely unaudited. Most mid-market law firms using Harvey or Copilot for client work have no systematic record of what the model actually generated, what instructions shaped it, or how to prove to the SRA that the output was reviewed by a qualified person before it left the firm. The same blindness now infects parliament itself. Once you outsource your judgment to a system you cannot open, you have surrendered control. Parliament has done exactly that. The question is: how long before the FCA, the PRA or the ICO audit a firm and ask for the same transparency parliament could not provide?

Trovix's answer to this is not to reject AI. It is to reject the architecture of unaudited black-box systems used as if they were lawyers or accountants. The systems that will survive regulatory scrutiny over the next 18 months are those built on three principles: (1) all outputs must be traceable to a documented prompt and a versioned model; (2) human review must be mandatory and logged; (3) the firm must hold the audit trail, not the vendor. This is why retrieval-augmented generation (RAG) and smaller, fine-tuned models on your own data matter more than raw scale. Trovix Sift extracts and structures data from documents with traceable decisions. Trovix Audit logs every AI-assisted decision for compliance review. Trovix Aria is built on your own knowledge base, not the open internet, so you can explain why it said what it said. Luminance and Legora have similar commitments to auditability. The vendors betting on ChatGPT-as-platform will not. If parliament cannot defend its AI choices, neither will you.

Do three things this month. First, audit your current AI usage: what systems are you using, who chose them, what outputs have they generated, where is the review trail? If you cannot answer these questions, you have a governance gap that will be expensive to close later and catastrophic if discovered in a regulator inspection. Second, review your AI policy against the benchmark of what parliament has failed to do—and reverse-engineer the controls that should have been in place. The FCA's algorithmic accountability expectations under the Consumer Duty, the SRA's duty of competence, and the emerging ISO 42001 standard all demand this. Third, plan for your next AI implementation around auditability from day one. If it is a tool you cannot explain to the regulator, it is a tool you should not use on client work. Parliament's mistake should be your textbook.

Source: New Statesman