Artificial Intelligence policy in the UK is continuing to develop through targeted legislative and regulatory measures rather than a single new cross-economy law. King Charles III opened Parliament on 13 May 2026 with the announcement of 37 bills his ministers would like to pass in this parliamentary session. The new Regulating for Growth Bill will put regulatory sandboxes onto a statutory footing, allowing businesses to test innovative Artificial Intelligence products and other emerging technologies through the temporary relaxation of existing rules. The Police Reform Bill also includes a new legal framework for facial recognition and similar technologies, setting out when their use is justified and creating a single independent regulatory body to provide oversight and advice.
The Crime and Policing Act 2026 adds several Artificial Intelligence-related measures to the UK framework for online harms and criminal offences. The secretary of state must present a report by 31 December 2026 on progress toward regulations addressing illegal Artificial Intelligence-generated content and the use of Artificial Intelligence services in priority offences under the Online Safety Act 2023, unless draft regulations have already been laid before Parliament. The act makes offences involving purported intimate images, including Artificial Intelligence-generated deepfakes, priority offences under the Online Safety Act, requiring platforms to remove such material and take steps to prevent it from appearing. It also creates offences covering CSA image-generators, purported intimate image generators, and updates the paedophile manuals offence to include pseudo-photographs and prohibited images, extending liability to corporate bodies as well as individuals in key areas.
The Information Commissioner’s Office has published five practical steps for resisting Artificial Intelligence-powered cyber threats, including horizon scanning, layered cyber basics, stronger access control and supply chain governance, security monitoring with human oversight, and protection of personal data under the UK GDPR. Key threats identified include Artificial Intelligence-enhanced phishing, deepfake social engineering, automated vulnerability scanning, Artificial Intelligence-powered malware, credential stuffing, data poisoning and indirect prompt injection attacks. On copyright, the government response to a House of Lords committee report signals more process than policy change. Planned work includes a consultation on digital replicas this summer, an Artificial Intelligence labelling taskforce with an interim report expected in the autumn, a review of tools that let creators control their works online, a working group for smaller creative organisations, and a Creative Content Exchange. The government states that it no longer has a preferred option for copyright reform.
In the EU, legislators reached a provisional agreement on the Digital Omnibus on Artificial Intelligence on 7 May 2026. The amendments include a fixed timeline for delayed application of high-risk rules, a new prohibition on systems that generate non-consensual sexual or intimate content or child sexual abuse material, restoration of certain registration duties for high-risk systems, and a shorter grace period for labelling Artificial Intelligence-generated content. The grace period is reduced from six months to three months, with the new deadline set for 2 December 2026. The Parliament and the Council intend to complete adoption before 2 August 2026, when the EU Artificial Intelligence Act’s high-risk rules are currently due to take effect.
The European Commission is also consulting on practical guidance for compliance. Draft guidelines on classification of high-risk Artificial Intelligence systems aim to help providers, deployers and market surveillance authorities determine whether a system is high risk, with the consultation closing on 23 June 2026. A separate consultation on transparency obligations under Article 50 of the EU Artificial Intelligence Act closes on 3 June 2026. Those obligations are officially set to take effect on 2 August 2026, although that timing may change depending on the Digital Omnibus on Artificial Intelligence. The Commission is developing the guidance alongside a code on marking and labelling Artificial Intelligence-generated content, with the final code expected in June 2026.
