Update: AI Regulation in the U.K. — New Government Approach

Share

In October 2022, the U.K. Medicines and Health products Regulatory Agency (MHRA) published its Guidance, Software and AI as a Medical Device Change Programme – Roadmap, setting out how it will regulate software and AI medical devices in the U.K. by balancing patient protection and providing certainty to industry.

Background to the Reforms

The MHRA initially announced the Software as a Medical Device (SaMD) and Artificial Intelligence as a Medical Device (AIaMD) Change Programme in September 2021, designed to ensure that regulatory requirements for software and AI are clear and patients are kept safe. This builds on the broader reform of the medical device regulatory framework detailed in the Government response to consultation on the future regulation of medical devices in the United Kingdom, which recently saw its timetable for implementation extended by 12 months to July 2024.

Continue reading “Update: AI Regulation in the U.K. — New Government Approach”

AI Regulation in the U.K. — New Government Approach

Share

On July 18, 2022, the U.K. Government published a paper on its proposals for AI regulation “Establishing a pro-innovation approach to regulating AI” (the AI Paper). This was published alongside the Government’s AI Action Plan, the first update provided since the Government published its National AI Strategy in September 2021.

The AI Paper provides for an alternative approach to AI regulation in the U.K. when compared with the recently proposed draft legislation for AI regulation in the EU (the EU AI Act). The U.K. Government favours a more decentralised and less regimented approach: guidance, rather than legislation; sector-based, rather than cross-sector application; regulated at sector level, rather than centrally; and with a looser definition of what constitutes AI for the purposes of regulatory application. This is intended to make the U.K. an attractive environment for AI innovation, with more flexible and pragmatic regulation, although AI businesses operating in multiple sectors will potentially need to review and comply with more than one set of principles and address conflicts between them.

Continue reading “AI Regulation in the U.K. — New Government Approach”

UK’s Data Protection Reform Proposals Show Distinct Divergence from EU Rules

Share

The UK government has recently published proposals to amend UK data protection legislation with moves towards divergence from EU rules and regulation following the UK’s decision to leave the EU (“Brexit”). The Data Protection and Digital Information Bill (“DPDI Bill”) proposes to make significant changes to existing UK data protection legislation, including the UK General Data protection Regulation (“UK GDPR”) and the Data Protection Act 2018 (“DPA”). The proposals include some measures that will result in a significant divergence, particularly for companies operating on a pan-European basis. While some compliance obligations will be relaxed, most of the changes can best be described as “similar but different” in approach. It remains to be seen what the final text will look like when the bill is passed into law, with some of the more radical proposals already having been dropped from consideration. A crucial point of consideration for UK legislators when the DPDI Bill is making its way through the various stages of the legislative process in the Houses of Parliament will be whether this legislation remains sufficiently similar to the EU’s General Data Protection Regulation (“EU GDPR”) that the UK is able to retain its adequacy status for the purposes of exports of personal data from the EU to the UK by companies operating internationally.

Continue reading “UK’s Data Protection Reform Proposals Show Distinct Divergence from EU Rules”

International Data Transfers: Clarity on Timing of U.K. Transfer Mechanisms

Share

The U.K. Information Commissioner’s Office recently confirmed the options and clarified the timing of new data transfer agreements for transfers of personal data out of the U.K. The situation has been somewhat confusing, even to those relatively familiar with international data transfers. Organizations can now review their data transfer arrangements with greater certainty, and this will be a key priority for 2022.

Continue reading “International Data Transfers: Clarity on Timing of U.K. Transfer Mechanisms”

Significant Changes Proposed to UK GDPR

Share

The U.K. government recently launched a consultation proposing significant changes to the U.K. General Data Protection Regulation (UK GDPR). The U.K. aims to craft a bespoke “pro-growth and pro-innovation regime whilst maintaining…world-leading data protection standards.” The Consultation sets out in detail the significant reforms which the U.K. government seeks to implement – at the potential risk of losing its adequacy status for data transfers from the EU.

Continue reading “Significant Changes Proposed to UK GDPR”

New Tools for International Data Transfers: European Commission Adopts New Standard Contractual Clauses

Share

The European Commission recently adopted a new set of Standard Contractual Clauses (SCCs) for organizations to use in compliance with the EU General Data Protection Regulation requirements for transfers of personal data from the European Economic Area. The previous SCCs were outdated and did not cover many common data processing scenarios. Organizations will have an 18-month transition period to adopt the new SCCs, but many parties will need this time to re-examine their dataflows and review their internal compliance procedures to meet the exacting new standards.

Continue reading “New Tools for International Data Transfers: European Commission Adopts New Standard Contractual Clauses”

©2024 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy