There is currently no specific legislation in the UK that governs AI, or its use in healthcare. Instead, a number of general-purpose laws apply. These laws, such as the rules on data protection and medical devices, have to be adapted to specific AI technologies and uses. They sometimes overlap, which can cause confusion for businesses trying to identify the relevant requirements that have to be met, or to reconcile potentially conflicting provisions.

As a step towards a clearer, more coherent approach, on 18 July, the UK government published a policy paper on regulating AI in the UK. The government proposes to establish a pro-innovation framework of principles for regulating AI, while leaving regulatory authorities discretion over how the principles apply in their respective sectors. The government intends the framework to be “proportionate, light-touch and forward-looking” to ensure that it can keep pace with developments in these technologies, and so that it can “support responsible innovation in AI – unleashing the full potential of new technologies, while keeping people safe and secure”. This balance is aimed at ensuring that the UK is at the forefront of such developments.

The government’s proposal is broadly in line with the MHRA’s current approach to the regulation of AI. In the MHRA’s response to the consultation on the medical devices regime in the UK post-Brexit, it announced similarly broad-brush plans for regulating AI-enabled medical devices. In particular, no definition of AI as a medical device (AIaMD) will be included in the new UK legislation, and the regime is unlikely to set out specific legal requirements beyond those being considered for software as a medical device. Instead, the MHRA intends to publish guidance that clinical performance evaluation methods should be used for assessing safety and meeting essential requirements of AIaMD, and has also published the Software and AI as a medical device change programme to provide a regulatory framework with s a high degree of protection for patients and public.


Rather than provide a fixed definition of AI and software, the UK government proposes to identify the core characteristics and capabilities of AI to inform the regulatory framework. These core characteristics could include:

  • the “adaptiveness” of the technology, and the fact AI systems are “trained” on data, and execute according to patterns and connections that are not easily discernible to humans; and
  • the “autonomy” of the technology, and the fact decisions can be made without intent or control of a human.

Regulators then would be charged with forming and updating AI definitions that fit their specific domains or sectors. In the healthcare sector, this could include, for example, the extent to which diagnostic decisions are made by software, without the involvement of healthcare professionals.

A pro-innovation approach

The government plans to focus on the specific context in which AI is being used, and to take a proportionate, risk-based response. The contextual focus is intended to foster “a targeted and nuanced response to” AI-related risk at the application level, by allowing flexibility to treat different uses of AI differently, rather than dictating “one-size-fits-all” rules. Unlike the proposals for the EU AI Act, regulators, such as the MHRA, would be encouraged to develop rules implementing certain cross-sector principles appropriately for their sector. The government will also engage with regulators to ensure that they proactively embed considerations of innovation, competition and proportionality through their implementation and any subsequent enforcement of the framework. Nevertheless, it seems likely that use of AI in a healthcare setting, and particularly where clinical decisions are being made by or with the help of AI, will lead to greater oversight and regulation.

Cross-sector principles

The government proposes to publish a set of cross-sectoral principles that regulators will develop into sector-specific measures. These principles would not be set out in legislation, but in guidance so that the framework can “remain agile enough to respond to the rapid pace of change in the way that AI impacts upon society”. The government currently believes there should be six principles:

  • Ensure that AI is used safely
  • Ensure that AI is technically secure and functions as designed
  • Make sure that AI is appropriately transparent and explainable
  • Embed considerations of fairness into AI
  • Define legal persons’ responsibility for AI governance
  • Clarify routes to redress or contestability

Next steps

The government’s plans for AI governance remain at an early stage of development. With a change of Prime Minister and key government officials in the autumn, the proposal will be revisited by the new Ministers, and may change significantly before any framework is put in place.

The government nonetheless seeks views on its current proposals, which it intends to develop into a more formal White Paper towards the end of the year. In particular, the policy paper sets out a number of questions for stakeholders to consider, including “What are the most important challenges with our existing approach to regulating AI?” and “Do you agree with the context-driven approach delivered through the UK’s established regulators?”.

The call for views and evidence will be open for 10 weeks, closing on 26 September 2022, and comments can be sent to Businesses should consider this important opportunity to shape the AI regulations with which they will have to comply.