Driven by the desire to modernise the UK’s data protection and access regimes in the digital age, the Data (Use and Access) Act 2025 responds to demands for greater data mobility, innovation, and interoperability across public and private sectors while balancing privacy and safeguards. It introduces provisions to regulate access to customer and business data, refines lawful bases including “recognised legitimate interests,” imposes more proportionate obligations on subject access requests and automated decision-making, and strengthens regulator powers—particularly under PECR and data-transfer rules. The Act marks a pivotal evolution in UK data law by layering statutory data-access and use rules atop the existing UK GDPR architecture, enabling more dynamic data sharing, reducing burdens, and positioning the UK’s governance model as diverging in meaningful ways from EU norms.
The long preamble also expressly refers to “the development of artificial intelligence systems.” In this respect, Part 7 introduces the cross-heading “Copyright works and artificial intelligence systems,” requiring the Secretary of State to (i) prepare an economic impact assessment and (ii) “prepare and publish a report on the use of copyright works in the development of AI systems” to be laid before Parliament within nine months, followed by a six-month progress statement. These provisions establish a statutory mechanism for monitoring AI training practices and their interaction with copyright.