The first Labour government since 2008 was elected in the UK in July 2024 on a platform which focused on growth. Tech and digital as part of a "pro-innovation approach" underpinned many of the growth ambitions. The Labour manifesto, the July King's Speech, the October budget, the Invest 2035 Industrial Strategy as well as existing and incoming legislation, provide clues for the direction of travel on UK tech and digital policy and regulation in the coming year, so here are our predictions for key trends and developments in 2025.
The UK will get AI legislation
New AI legislation was announced by the government in the King's Speech of 17 July 2024. The aim of the legislation is to "seek to establish the most appropriate legislation to place requirements on those working to develop the most powerful AI models”. Curiously, there was no elaboration on what the legislation might cover in the background briefing notes to the speech although it seems clear that any proposed legislation would be far less comprehensive than the EU's AI Act and there is widespread agreement that it will focus on safety of frontier systems.
Transparency and the right to opt out of having copyrighted materials used to train AI models are expected to be a focus of the discussions but there has also been talk of introducing an extended TDM (text and data mining) exemption similar to the one in the EU Copyright Directive – an initiative previously rejected by the then UK government in 2023 – to cover TDM for commercial purposes under certain circumstances (see here for more on this issue). Another area in which there are mixed messages is whether or not the AI Office will be put on a statutory footing.
Whatever the AI legislation contains, it will be a departure from the previous government's policy as stated in its White Paper on AI, published in August 2023, which concluded there was no need for AI-specific legislation (although there were rumours it was working on AI legislation just before the 2024 general election).
It initially seemed likely that any planned legislation would not cover the public sector, however, given the emphasis on using AI to improve the public sector, the remit may be extended.
On 15 October 2024, the UK government published a Green Paper, Invest 2035 – a Modern Industrial Strategy for consultation. As you might expect, AI is mentioned several times, mostly as an opportunity for strengthening the UK's position in sectors such as life sciences, digital and technologies, data-driven businesses and defence.
Peter Kyle, Secretary of State for DSIT, is poised to publish the government's AI Plan by the end of the year (and may already have done so by the time you read this article), potentially alongside a consultation on new legislation. Matt Clifford’s AI Opportunities Action Plan will also look at infrastructure, talent and data access to boost AI adoption across the economy and public sector, alongside a new Treasury-commissioned review on digital adoption from Angle McLean and Dave Smith.Whether or not legislation can be finalised by the end of 2025 remains to be seen and probably depends on its scope, but it's certain to be a priority for the year.
Tech will be central to improving public services
Many of Labour's tech-related policy initiatives are focused on using tech to optimise public services, in particular the NHS. The Data (Use and Access) Bill (DUA), like its predecessor, the Data and Digital Information Bill, lays some of the groundwork for that, including by providing powers for the Secretary of State (SoS) to introduce harmonised information standards for health and adult social care. We're likely to see draft legislation in the new year that will build on this by providing for a single digital healthcare record across all NHS organisations and giving patients access to their records on the NHS app.
We're also likely to see follow up on Labour's manifesto commitments to use AI to improve the public sector more widely, modernise HMRC to help prevent tax avoidance, use digital technologies to improve government, use AI to transform diagnostic services, and support the development of data-driven public services through the National Data Library.
Online safety will continue to be a focus
Labour has said it will explore further measures to keep everyone safe online, especially when using social media, but does not say what these might entail. It is, however, considering banning social media for under-16s and banning phones in schools. There has already been provision made in the DUA Bill to amend the Online Safety Act (OSA) to allow the Secretary of State (SoS) to make regulations to give researchers enhanced access to online safety-related information, and in relation to coroners' access to information on death of a child, and a new priority offence of sharing intimate images without consent has been added. This is in addition to the continuing implementation of the OSA itself as safety duties commence. For more predictions on online safety more widely, see here.
Regulators will flex their muscles
On 8 October 2024, acting on a manifesto commitment, the UK's Department for Science, Innovation and Technology, announced the launch of a new Regulatory Innovation Office (RIO) to speed up public access to new technologies. It is not entirely clear what the status of the RIO will be and its mission statement is somewhat vague. The Labour manifesto said it would bring together existing functions across government but it is also subsuming the functions of independent bodies including the Regulatory Horizons Council. Patrick Vallance, Minister for Research and Innovation, was reported as suggesting the RIO would trial “experimental regulation” to bring breakthroughs across a wide range of sectors to market more quickly.
Setting up yet another regulatory body seems arguably counter intuitive if the objective is cutting red tape. We already have a variety of regulators working in the digital space, both separately and together under the banner of the Digital Regulation Cooperation Forum (DRCF) - Ofcom, the ICO, the CMA and the FCA are members although the MHRA is not. The DRCF was set up to ensure a greater level of co-operation on digital regulation, focusing on online platforms, but the RIO's scope is more ambitious, even if it does overlap with existing regulatory functions. Areas of sector focus are engineering biology, space, AI and digital in healthcare, and connected and autonomous technology.
The key challenge the RIO faces is how to achieve its aims in an effective and agile manner, which speeds up the regulatory pathway rather than presents another road bump to co-ordinated and proportionate regulation. Another issue is levels of funding for the new organisation. Regulators including those in the DRCF have long been concerned about funding given their enhanced responsibilities under recent and incoming regulation and may be unhappy if their own funding suffers as a result of significant resources being allocated to the RIO.
Whatever the role of the RIO, the CMA, Ofcom, the ICO and the FCA will get bigger and arguably better in 2025 as their powers are extended under new and incoming legislation including the Digital Markets Competition and Consumers Act (DMCCA), the OSA and the DUA Bill. The CMA's incoming powers to enforce consumer protection law directly are likely to result in some high-profile enforcement action and Ofcom is similarly likely to act quickly to establish its enforcement credentials under the OSA in 2025.
We will see more alignment with the EU not less
The tone of Labour's policy announcements and indeed draft legislation, suggests that it is serious about 're-setting' the UK's relationship with the EU at least in terms of regulatory alignment. Whereas the emphasis under the previous government was on the freedom to depart from EU rules, the Labour government, while not averse to diverging, seems to be keenly aware that doing so may add to the regulatory burden and cost businesses money. For example, many of the accountability provisions which would have introduced seemingly unnecessary distinctions between the UK and EU data protection regimes under the failed Data Protection and Digital Information Bill were dropped from the DUA Bill. The Bill has also seen some of the influence of the SoS watered down, possibly with an eye on EU adequacy. Similarly, the Product Regulation and Metrology Bill explicitly provides powers for the SoS to align with the EU in certain areas like environmental protection.
Data will be even bigger
The incredible thirst for data is only set to grow as AI and distributed ledger technologies evolve, but it's not all about new technologies. Following in the EU's footsteps, the current government looks set to continue and expand on the previous government's plans to facilitate B2B, B2C and B2G data sharing.
This is apparent in the DUA Bill which, in addition to public sector data sharing initiatives mentioned above, creates a framework for data sharing and gives the government the ability to pass secondary legislation to implement very broad principles relating to data sharing by businesses. The government intends to use the powers to implement smart data schemes along the line of Open Banking in other consumer and business sectors, with the aim of enabling innovation and competition.
As well as reform of the UK data protection and ePrivacy regimes, we are also likely to see cyber security legislation introduced in 2025. The King's Speech suggested legislation would be tabled to bring the UK's cyber security regime to protect critical infrastructure more in line with EU's under its NIS2 Directive.
All this data requires processing power. The government has set out its intention to remove planning barriers to data centres as part of its digital infrastructure plans (which also cover 5G and gigabit broadband roll-out). It has also designated data centres as critical national infrastructure. On 14 October 2024, the government announced over £25bn of investment in UK data centres since it had taken office, including from Amazon Web Services, CyrusOne, ServiceNow, CloudHQ, CoreWeave and Blackstone. As changes to the planning laws take effect, we are likely to see investment continue and more UK data centres built, alongside efforts to curb associated environmental impacts.
Consumers will get enhanced protections
The DMCCA is likely to be brought into application over the course of the next two years. While some of the most heralded reforms around subscription models will not be introduced next year, others, for example in relation to fake online reviews, should be introduced in 2025.
Also on the agenda is action on late payments. And on 17 October 2024, the government announced a consultation on measures to regulate BNPL providers, including by introducing information requirements and giving consumers enhanced rights and protections. The previous government had consulted on the issue after the Woolard Review (in October 2021 and February 2023) however legislation was not introduced before the general election. Read more here.
The government will also continue to focus on the secondary ticketing market in 2025. On 13 November 2024, the CMA launched a project to consider how dynamic pricing is being used in different sectors across the economy and whether this brings commercial and consumer benefits or creates challenges for consumers and competition. This is separate from its investigation into the use of dynamic pricing for the sale of Oasis concert tickets but the information gathered under the project may inform the upcoming call for evidence on price transparency in the live events sector. We may well see legislation in this space in 2025.
We also expect to see gambling reforms in 2025. In April 2023, the then government published a White Paper setting out its plans to reform the Gambling Act, however, legislation failed to materialise. The current government has said it intends to reduce gambling-related harm by reforming gambling regulation and strengthening protections but it has not provided detail as to plans and timing although it has firmed up plans to introduce a statutory gambling levy and online slot stake limits.
There is even more legislation to come
A real trend of recent draft and final legislation has been to set out a framework of ambitions and leave the detail to be filled in or brought in under secondary legislation. The OSA, the DMCCA, the Product and Metrology Bill and the DUA Bill, are prime examples of this approach. It's true that some of the issues covered in these laws are extremely complex, arguably too complex to be contained in a single statute, but this approach is problematic because it leaves businesses either not knowing whether or when they will be caught, or not knowing how they will need to comply if they are. The UK is not alone in this practice – see for example the EU AI Act – but it does make for a confusing landscape when trying to understand the law. What we can be sure of is that not only will new tech/regulatory legislation continue to come our way, but secondary legislation to fill out existing legislation will add to the load. Rest assured, we will be here to help.