# Regulatory Map for AI Ventures

## UK AI Regulation

- **AI White Paper (March 2023) + UK AI Regulation Approach** — sector-specific, principles-based; no overarching AI law yet.
- **EU AI Act** — applies if UK ventures serve EU customers or process EU data; high-risk systems require conformity assessments.
- **Copyright and training data** — UK IPO and court decisions increasingly scrutinise use of copyrighted material in model training.

## Sector Regulators

| Sector | Regulator | Key AI Considerations |
|--------|-----------|----------------------|
| Legal services | SRA / Law Society | Accuracy, confidentiality, privilege, human verification |
| Insurance | FCA / PRA | Fair pricing, discrimination, explainability, conduct risk |
| Fintech / trade finance | FCA | Consumer duty, AML, sanctions, credit-risk fairness |
| Health | MHRA / CQC | Medical-device classification if AI drives diagnosis |
| Recruitment / HR | ICO | Automated decision-making and data protection impact assessments |

## Data Protection

- **UK GDPR / Data Protection Act 2018** apply to all AI ventures processing personal data.
- **Data Protection Impact Assessments (DPIAs)** are required for high-risk automated processing.
- **Transfer mechanisms** (SCCs, IDTA) are needed for EU/international data flows.

## Product Safety & Liability

- **Consumer Protection Act 1987 + Product Safety and Metrology Bill** — AI outputs that harm consumers may create product liability.
- **Professional indemnity insurance** is essential for regulated-sector AI tools.

## Compliance-First Build Checklist

1. Map relevant regulator(s) before writing code.
2. Build audit logs, human-in-the-loop checks and output disclaimers.
3. Complete a DPIA for any personal data processing.
4. Review terms of service, privacy notice and insurance with legal counsel.
5. Document model provenance and training data licensing.

---
*Source: SoVael legal review of UK AI regulation landscape, June 2026; summaries of SRA, FCA, ICO and MHRA guidance.*