Digital Economy Dispatch #290 -- Does the UK Need an AI Bill?

In a recent conversation with a group of senior business leaders, one of them asked me whether the UK needs its own AI bill. When I told them that was the wrong question, my answer caused a stir. Let me explain.

The instinct behind the question is a fair one. AI is moving fast, the headlines swing between miracle and menace, and it feels as though someone in authority ought to be writing the rules. So people are often surprised to learn that Britain has no AI law at all, and that the government has spent two years promising one without delivering it.

Back in 2024, ministers pledged to bring in binding regulations on the handful of companies building the most powerful AI models. That law has not appeared. What did appear, in this year's King's Speech, was a Regulating for Growth Bill, and despite the AI billing, it points the other way. Its purpose is to reduce the burden of regulation, not to add to it. The government is so conscious of how that reads that the official briefing notes stop to insist the bill "is not about deregulation." When a government tells you what its law is not, it is worth asking what it is.

In plain terms, the bill tells regulators to put growth first and gives them powers to suspend their own rules for a while so that businesses can test new ideas under controlled conditions, a so-called sandbox. AI is mentioned, but as one example among several that also includes new medicines, self-driving ships, and defence equipment. The tougher promises from 2024, regulating the most powerful models and banning sexually explicit deepfakes, are nowhere in it. Where AI harms are being tackled, it tends to happen quietly, through small changes to laws we already have, rather than through anything you could point to and call Britain's AI Act.

This is the gap that has reopened an old argument: a government that promised to regulate AI has instead produced a bill designed to deregulate. Each side has a serious case, as I acknowledged to the leaders who put the question to me. But the argument between them rests on a shared assumption that I think is mistaken.

Two Camps, One Nation

One camp wants a bill and is willing to accept some delay to get it. Its case is about protection: guarding people from real harms, building public trust, and ensuring that access to AI is fair rather than concentrated in the hands of a few firms and a few regions. From this view, the steady drift of substantive rules into the margins of other legislation is no substitute for a coherent framework, and the Centre for Long-Term Resilience was right to call the continued absence of frontier-AI legislation a missed opportunity for a country that once hosted the world's first AI Safety Summit.

The other camp wants speed and sees delay as the danger rather than the safeguard. The government's own figures give this case its sharpest edge: nearly a third of UK AI start-up leaders are considering relocating overseas because of regulatory complexity and capital constraints, and AI contributed an estimated £11.8 billion to GDP last year. From this view, every month spent drafting a comprehensive rulebook is a month ceding ground to the United States, China, Singapore, and others. All of which are moving faster than we are. Better a light touch and a sandbox than a European-style Act that arrives late and increases the administrative burden.

Both camps are arguing in good faith. But both, I believe, are arguing about the wrong thing.

The Proxy Problem

The presence or absence of a statute has become a proxy. For one side it stands for whether AI is being handled responsibly. For the other it stands for whether Britain is open for business. Each is optimising the visible signal rather than the thing the signal is meant to represent, which is AI that is safe to use and actually gets used, on terms Britain controls.

I wrote recently about tokenmaxxing, the habit of treating AI token consumption as a measure of productivity, and how it runs straight into Goodhart's Law: once a measure becomes a target, it stops measuring anything. The AI Bill debate has the same problem. We have started keeping score on the legislation itself, as though passing or blocking it were the outcome, when it is at best a channel and at worst a distraction.

Look at what is actually happening, and the proxy gives way. The protection camp's genuine wins are arriving anyway, through amendments to laws we already have, which rather undermines the claim that only a single grand Act can keep people safe. And the growth camp's own diagnosis undercuts the case for a deregulatory sprint. The binding constraint on AI adoption that businesses keep naming is not red tape. It is the cost of energy, the shortage of skills, and the difficulty of moving a promising pilot into dependable operation. A comprehensive AI Act would have over served a safety question that is already being handled in pieces, while under serving an adoption problem that was never really about rules.

The Question That Matters

So, the question worth asking is not whether Britain legislates, but what any legislation would have to do to make AI work here. In my book, Making AI Work for Britain, I argue that the levers that decide the outcome are four: consolidate fragmented public demand so the state buys as one informed customer rather than a thousand uncoordinated ones; diversify supply so we are not captive to a handful of providers; design every deployment so we can exit it; and treat sovereignty as a default rather than an afterthought.

Judged against that test, the Regulating for Growth Bill is close to silent. It loosens supply-side friction and touches none of the structural questions. Worse, a sandbox that lowers the barrier to adopting whatever is cheapest and most readily available could deepen the silent lock-in I warn about, because nothing in it diversifies who Britain buys from or preserves the freedom to switch later. Speed without an exit is not agility. It is a faster route into dependence.

There is a sharper way to put this. The strongest protection against AI harm and the strongest engine of AI growth turn out to be the same thing: domestic capability and the freedom to walk away from a supplier. A country that can build, buy, and switch on its own terms does not have to choose between being safe and being fast, because it is not negotiating from weakness in either direction. A bill that delivered that capability would satisfy both camps at once. A bill that merely relaxes rules in a sandbox satisfies neither for long.

For those of us advising boards and public bodies, the implication is uncomfortable but clarifying. Do not organise your AI strategy around the fate of a bill that, whichever way it goes, will not change your exposure by much. Build the smart-buyer capability now. Know what you are deploying, on whose infrastructure it runs, what it would cost to leave, and whether you could. That work is entirely within your gift, and it is the work that a future Act, if it is any good, will eventually try to make you do.

Which brings me to the question I would put to anyone still keeping score on the AI Bill. Before either camp celebrates its passage or mourns its absence, ask this: what would a bill actually have to contain before it changed your organisation's exposure to AI by a single degree? If you cannot answer that, then the bill was never the thing that mattered, and the work that does matter is already waiting for you.