The UK government is using opaque, US-built AI to draft legislation while imposing strict AI governance rules on the regulated firms those laws will bind. This hypocrisy exposes a governance gap that mid-market firms must exploit defensively, immediately.
AI Governance  Trovix AriaLegal · Financial Services · Insurance · Accountancy

The New Statesman's April revelation that AI-generated text has been incorporated into acts of parliament, and that AI analysed departmental spending bids worth billions, cuts to the heart of a problem mid-market legal, insurance, financial services and accountancy firms have been quietly grappling with: they are being regulated by rules written or analysed using black-box AI systems they have no visibility into. The government awarded £476 million in AI consultancy contracts since 2022 and 60 Lords hold declarable interests in AI companies. But here is what should concern you: the AI systems used to draft or analyse the legislation affecting your firm's compliance obligations are built on US and Chinese models, their training data is opaque, and their decisions are not subject to the transparency requirements the same firms must now meet under FCA Consumer Duty PS22/9, SRA Code, FRC ISA UK auditing standards, PRA SS1/23, and ICO UK GDPR. You are being held to a standard the lawmakers themselves are not meeting.

This is not a story about AI being bad. It is a story about institutional hypocrisy becoming policy. For three years, UK regulators have tightened governance around AI use in professional services — from the ICO's algorithmic impact assessments to the proposed UK AI Act framework. The FRC, FCA, and SRA have issued guidance making it clear that firms using generative AI in client-facing, decision-making or compliance work must document provenance, test for bias, and maintain explainability. Meanwhile, the government has used ChatGPT-class systems and proprietary consultancy AI to write laws those same firms must obey, without publishing impact assessments, audit trails, or evidence of testing. The asymmetry is not accidental. It reflects a pattern: large institutions and government actors are deploying AI at speed and scale while smaller regulated firms are forced to move slowly, document everything, and justify every choice. This creates a compliance burden that protects the powerful and constrains the competitive.

Trovix's view is this: the solution is not to ban AI from government or law-making — it is to demand the same transparency and governance standards upward that are being imposed downward. A mid-market firm using Trovix Aria or Harvey or Luminance to assist fee-earners knows it must log what the AI saw, why it made a recommendation, and where it could fail. Government should operate under identical rules. But since that is not happening, firms need to prepare for a second, harder problem: regulatory policy may now be internally inconsistent or poorly aligned to actual business operations, because it was drafted by systems optimised for cost-cutting and document processing, not by people who understand operational reality. That means you cannot simply comply with the letter of regulation anymore — you have to understand the gaps between the regulation's intent and its actual content, and document your own interpretation. Trovix Audit exists partly to help firms do exactly that: maintain a governance and compliance dashboard that shows not just what regulations say, but how your firm is interpreting and applying them — and where government guidance is itself unclear or potentially flawed.

What should you do right now? First, assume that new regulation or policy affecting your sector may have been drafted or analysed using non-transparent AI systems. Request impact assessments and methodology from government bodies when new guidance is issued. If none are provided, document that absence as part of your compliance file. Second, audit your own AI governance against the standard being violated by government — not downward. If the ICO says your algorithm must be explainable, your AI tooling (whether it is Trovix Aria, Copilot, or an in-house system) must meet that bar; if government fails to meet it, that is a market failure, not a licence for you to follow suit. Third, use AI for what it is actually good at in regulated environments: document analysis, pattern detection, and evidence gathering — not for decision-making without human review, and certainly not for policy interpretation. The firms that will thrive in the next two years are those that treat AI as a compliance tool, not a compliance shortcut.

Source: New Statesman

Related Trovix product:

Trovix Aria →Book a demo →