The government has been writing laws using undisclosed AI systems built in the US and China. UK regulated firms cannot afford to follow the same path. Trovix believes AI governance must come before deployment—and transparency must be non-negotiable.
AI Governance  Trovix ReachLegal · Financial Services · Insurance · Accountancy

The New Statesman's reporting that AI-composed text has entered UK law without disclosure, and that US and Chinese foundational models now shape government spending decisions, should concern every regulated firm in the country. This is not a future risk. It is happening now. For mid-market law firms, insurers, financial services companies and accountancy practices, the implication is stark: if government policy is being written by AI systems outside UK control and without public accountability, how can you be confident that the regulatory framework you operate under is robust? More pressingly, if the government itself is not transparent about its AI use, what does that say about the standard you should meet? The SRA Code, FCA Consumer Duty PS22/9, and PRA SS1/23 all demand explainability and governance. But they were written for a world where humans could read the documents shaping policy. That world no longer exists.

This story sits within a wider pattern: the AI industry has moved faster than governance. Most large language models used in UK professional services—Harvey in legal, Microsoft Copilot across finance, Luminance in discovery—are built on foundational models from the US or trained on datasets of unclear provenance. When these tools reach critical decisions (case prioritisation, risk assessment, insurance underwriting, tax advice), they inherit the opacity and potential bias of their underlying models. The government's own use of US and Chinese AI for spending decisions reveals the problem: no one stopped to ask whether this was wise. No one checked whether the models were fit for purpose. No one disclosed it. This is not how professional services firms can operate. Yet many are following the same path, adopting tools because they work, without building the governance layer that regulators now expect.

Trovix's position is this: AI governance must come before AI deployment, not after. The moment you integrate an AI system into a decision that affects clients, you own the output—regardless of who built the model. That means understanding what the model does, why it makes the decisions it makes, and how to explain it to a regulator or a client. This is why we built Trovix Audit as a governance and compliance dashboard, not as a tool to rubber-stamp AI adoption. Tools like Harvey and Luminance are excellent at their narrow tasks, but they are not governance solutions. They do not help you meet the FRC ISA UK or ISO 42001 requirements. They do not create an audit trail that satisfies the ICO under UK GDPR. They do not address the question the government failed to ask: is this system fit for its purpose in a UK regulated context? Trovix asks that question first.

What should you do? Start with transparency. Document every AI system you use, every decision it makes, and every model it runs on. Use Trovix Watch to track regulatory change as the government—finally—begins to regulate government AI use. Second, audit your current AI stack now. If you have deployed Harvey for contract review, Copilot for client communications, or any other system, you need to know what it actually does and why. Third, when you evaluate new AI tools, demand governance first. A system that cannot explain itself is a liability, not an asset. The government's failure to disclose its use of AI in legislation is a wake-up call. Do not repeat that mistake.

Source: New Statesman

Related Trovix product:

Trovix Reach →Book a demo →