Introduction
This fortnight’s UK AI landscape is shaped by three strands: central government pushing AI as an engine of economic growth and scientific discovery. Regulators sharpening expectations around online safety and data protection enforcement; and the EU adjusting the implementation of its AI rulebook in ways that will affect UK organisations with EU-facing systems. Together, these developments tighten the link between AI investment, infrastructure and concrete governance duties.
Snapshot
- UK Government has announced a major package of AI-centred reforms and investment, positioning AI explicitly at the core of its growth and “national renewal” mission, with new AI Growth Zones and significant private investment commitments.
- A dedicated AI for Science Strategy has been published, directing up to £137 million within a broader £2 billion programme and opening new compute access routes through the AI Research Resource (AIRR) for AI-centred science.
- DSIT is consulting on an AI Growth Lab, envisaged as a cross-economy AI sandbox that will run under a blueprint for AI regulation and remains open for evidence until 2 January 2026.
- Ofcom has finalised detailed guidance on “a safer life online for women and girls” under the Online Safety Act, with strong implications for platforms’ use of algorithms, content moderation and tools to tackle AI-enabled harms such as deepfakes.
- ICO has opened a consultation on data protection enforcement procedural guidance and is signalling further guidance under the new Data (Use and Access) Act 2025, shaping the enforcement environment for AI-driven data uses.
- At EU level, the AI Act’s staged application is now being supplemented by a Digital Omnibus package that would delay some high-risk obligations and simplify implementation, which will matter for UK organisations with EU-facing systems.
UK Government and Parliament
AI as driver of “national renewal”
The UK Government has announced a package of AI-related reforms and investment framed as putting AI at the heart of economic growth and “national renewal”.
Key elements include:
- AI Growth Zones – geographically targeted zones supported by at least £5 million of government funding each, intended to attract private investment, accelerate business adoption of AI and support skills.
- Private investment commitments – government communications report tens of billions in private AI investment recently committed, reinforcing the narrative of the UK as a leading AI market.
AI for Science Strategy and AIRR compute
The AI for Science Strategy, published by DSIT with UKRI, operationalises part of the investment by focusing on AI-centred scientific discovery.
Core points:
- Up to £137 million of the wider £2 billion AI investment will support AI for science, including compute, data and skills.
- Starting Autumn 2025, DSIT and UKRI will offer AIRR compute access competitions for research in priority AI-for-science areas.
DSIT AI Growth Lab – blueprint for AI regulation in practice
DSIT has opened a call for evidence on the AI Growth Lab, described as a cross-economy sandbox that will test AI innovations under targeted regulatory modifications.
Key elements:
- The Growth Lab is part of DSIT’s “blueprint for AI regulation”, designed to bring together regulators and innovators in sandbox settings.
- The call for evidence is open until 2 January 2026 at 23:59, seeking input on design, regulatory scope and priorities.
Regulators and supervisors
Ofcom – Online Safety Act and AI-related harms
Ofcom has now finalised and published guidance on “a safer life online for women and girls” under the Online Safety Act.
Substance:
- The guidance sets out nine areas where platforms should improve women’s and girls’ safety, including responsibilities to prevent technology-facilitated abuse.
- It emphasises product design and safety-by-default, including nudges, prompts, limits on replies and posting, and tools to mute or block coordinated abuse.
- Ofcom explicitly references harms involving non-consensual intimate images and explicit deepfakes, which are highly relevant to AI-generated content governance.
For AI governance, this guidance effectively sets expectations that platforms should:
- Use proactive tools such as hash-matching and detection of abusive patterns.
- Assess how recommendation algorithms and other AI systems can drive “pile-on” dynamics or amplify misogynistic content, then adjust design and ranking accordingly.
ICO – enforcement guidance consultation and Data (Use and Access) Act context
The ICO is consulting on data protection enforcement procedural guidance, which will explain how it conducts investigations and uses its powers under UK data protection law.
- The consultation runs from 31 October 2025 to 23 January 2026 and will replace part of the 2018 Regulatory Action Policy once finalised.
- The ICO’s homepage now also foregrounds the Data (Use and Access) Act 2025, signalling forthcoming guidance and updated materials on how the new Act interacts with UK data protection requirements.
Devolved and regional developments (Scotland, Wales, English regions)
For this fortnight, the most salient items with regional impact emerge via UK-wide policies rather than distinct Scottish or Welsh AI strategies:
- AI Growth Zones are expected to be geographically distributed, with at least one highlighted zone in South Wales tied to data centres and AI infrastructure.
- The AI for Science Strategy and AIRR compute opportunities are UK-wide but will have implications for universities and research facilities across Scotland and the devolved nations.
EU and international context relevant to the UK
EU AI Act application timetable
The EU AI Act continues to move through its staged application timeline:
The AI Act (Regulation (EU) 2024/1689) entered into force on August 2024 and will be fully applicable from August 2026, with staged application for different obligations.
Prohibited AI practices and AI literacy obligations apply from February 2025; governance rules and obligations for general-purpose AI (GPAI) models from August 2025.
High-risk AI systems embedded into regulated products benefit from an extended transition period until August 2027.
For UK organisations that supply into or operate in the EU, this is now a concrete compliance timeline that overlaps with the UK’s own blueprint for AI regulation.
Digital Omnibus and Digital Omnibus on AI – targeted adjustments
The Digital Omnibus Regulation Proposal makes technical amendments across the EU’s digital legislation to simplify and harmonise rules on data, cybersecurity and privacy.
The Digital Omnibus on AI Regulation Proposal introduces targeted simplification measures to ensure “timely, smooth, and proportionate implementation” of parts of the AI Act, including adjustments to the timeline for certain high-risk rules and easements for businesses. Digital Strategy+2Digital Strategy+2
Press and policy analysis (EDRI) indicate that, if adopted, the package would push back some high-risk AI obligations (to late 2027) and reduce documentation burdens, particularly for SMEs, while critics warn of a potential rollback of digital protections.
Open consultations and key dates
- AI Growth Lab – DSIT call for evidence
- Scope: design of a cross-economy sandbox and blueprint-aligned environment for AI innovation.
- Deadline: 2 January 2026 (23:59).
- ICO consultation – data protection enforcement procedural guidance
- Scope: explains the ICO’s investigative and enforcement processes under UK data protection law, replacing parts of the Regulatory Action Policy.
- Deadline: 23 January 2026.
Conclusion
Overall, this fortnight consolidates the UK’s trajectory of placing AI at the centre of economic and science policy, while regulators move from high-level principles to concrete expectations on online safety and enforcement practice. The Ofcom guidance on women and girls and the ICO’s enforcement consultation both signal a more granular scrutiny of how AI systems shape harms and handle data. In parallel, the EU is not retreating from AI regulation but recalibrating it through the AI Act’s staged timeline and the Digital Omnibus simplification package.
Sources: DSIT, UK Government, UKRI, Ofcom, ICO, European Commission, Cohen Arnold, EDRI